@propelauth/nextjs 0.0.112-beta.1 → 0.0.114

Sign up to get free protection for your applications and to get access to all the features.
Files changed (21) hide show
  1. package/dist/client/index.d.ts +17 -49
  2. package/dist/client/index.js +79 -139
  3. package/dist/client/index.js.map +1 -1
  4. package/dist/client/index.mjs +79 -139
  5. package/dist/client/index.mjs.map +1 -1
  6. package/dist/server/app-router/index.d.ts +2 -34
  7. package/dist/server/app-router/index.js +35 -201
  8. package/dist/server/app-router/index.js.map +1 -1
  9. package/dist/server/app-router/index.mjs +35 -201
  10. package/dist/server/app-router/index.mjs.map +1 -1
  11. package/dist/server/index.d.ts +2 -33
  12. package/dist/server/index.js +15 -36
  13. package/dist/server/index.js.map +1 -1
  14. package/dist/server/index.mjs +15 -36
  15. package/dist/server/index.mjs.map +1 -1
  16. package/dist/server/pages/index.d.ts +2 -33
  17. package/dist/server/pages/index.js +25 -53
  18. package/dist/server/pages/index.js.map +1 -1
  19. package/dist/server/pages/index.mjs +25 -53
  20. package/dist/server/pages/index.mjs.map +1 -1
  21. package/package.json +1 -1
package/dist/server/app-router/index.mjs CHANGED
@@ -42,9 +42,8 @@ import { NextResponse } from "next/server.js";
42
42
 
43
43
  // src/user.ts
44
44
  var UserFromToken = class {
45
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId) {
45
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
46
46
  this.userId = userId;
47
- this.activeOrgId = activeOrgId;
48
47
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
49
48
  this.email = email;
50
49
  this.firstName = firstName;
@@ -54,15 +53,6 @@ var UserFromToken = class {
54
53
  this.impersonatorUserId = impersonatorUserId;
55
54
  this.properties = properties;
56
55
  }
57
- getActiveOrg() {
58
- if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
59
- return void 0;
60
- }
61
- return this.orgIdToOrgMemberInfo[this.activeOrgId];
62
- }
63
- getActiveOrgId() {
64
- return this.activeOrgId;
65
- }
66
56
  getOrg(orgId) {
67
57
  if (!this.orgIdToOrgMemberInfo) {
68
58
  return void 0;
@@ -95,7 +85,9 @@ var UserFromToken = class {
95
85
  const obj = JSON.parse(json);
96
86
  const orgIdToOrgMemberInfo = {};
97
87
  for (const orgId in obj.orgIdToOrgMemberInfo) {
98
- orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]));
88
+ orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
89
+ JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
90
+ );
99
91
  }
100
92
  return new UserFromToken(
101
93
  obj.userId,
@@ -109,29 +101,6 @@ var UserFromToken = class {
109
101
  obj.properties
110
102
  );
111
103
  }
112
- static fromJwtPayload(payload) {
113
- let activeOrgId;
114
- let orgIdToOrgMemberInfo;
115
- if (payload.org_member_info) {
116
- activeOrgId = payload.org_member_info.org_id;
117
- orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
118
- } else {
119
- activeOrgId = void 0;
120
- orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
121
- }
122
- return new UserFromToken(
123
- payload.user_id,
124
- payload.email,
125
- orgIdToOrgMemberInfo,
126
- payload.first_name,
127
- payload.last_name,
128
- payload.username,
129
- payload.legacy_user_id,
130
- payload.impersonatorUserId,
131
- payload.properties,
132
- activeOrgId
133
- );
134
- }
135
104
  };
136
105
  var OrgMemberInfo = class {
137
106
  constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -180,7 +149,17 @@ var OrgMemberInfo = class {
180
149
  }
181
150
  };
182
151
  function toUser(snake_case) {
183
- return UserFromToken.fromJwtPayload(snake_case);
152
+ return new UserFromToken(
153
+ snake_case.user_id,
154
+ snake_case.email,
155
+ toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
156
+ snake_case.first_name,
157
+ snake_case.last_name,
158
+ snake_case.username,
159
+ snake_case.legacy_user_id,
160
+ snake_case.impersonatorUserId,
161
+ snake_case.properties
162
+ );
184
163
  }
185
164
  function toOrgIdToOrgMemberInfo(snake_case) {
186
165
  if (snake_case === void 0) {
@@ -252,17 +231,12 @@ function getVerifierKey() {
252
231
  }
253
232
  return verifierKey.replace(/\\n/g, "\n");
254
233
  }
255
- function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
234
+ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
256
235
  return __async(this, null, function* () {
257
236
  const body = {
258
237
  refresh_token: refreshToken
259
238
  };
260
- const queryParams = new URLSearchParams();
261
- if (activeOrgId) {
262
- queryParams.set("with_active_org_support", "true");
263
- queryParams.set("active_org_id", activeOrgId);
264
- }
265
- const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
239
+ const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
266
240
  const response = yield fetch(url, {
267
241
  method: "POST",
268
242
  body: JSON.stringify(body),
@@ -274,7 +248,10 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
274
248
  if (response.ok) {
275
249
  const data = yield response.json();
276
250
  const newRefreshToken = data.refresh_token;
277
- const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
251
+ const {
252
+ access_token: accessToken,
253
+ expires_at_seconds: expiresAtSeconds
254
+ } = data.access_token;
278
255
  return {
279
256
  refreshToken: newRefreshToken,
280
257
  accessToken,
@@ -335,9 +312,6 @@ function validateAccessToken(accessToken) {
335
312
  });
336
313
  }
337
314
 
338
- // src/shared.ts
339
- var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
340
-
341
315
  // src/server/app-router.ts
342
316
  function getUserOrRedirect() {
343
317
  return __async(this, null, function* () {
@@ -352,7 +326,8 @@ function getUserOrRedirect() {
352
326
  }
353
327
  function getUser() {
354
328
  return __async(this, null, function* () {
355
- const accessToken = getAccessToken();
329
+ var _a;
330
+ const accessToken = headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = cookies().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
356
331
  if (accessToken) {
357
332
  const user = yield validateAccessTokenOrUndefined(accessToken);
358
333
  if (user) {
@@ -363,12 +338,14 @@ function getUser() {
363
338
  });
364
339
  }
365
340
  function getAccessToken() {
366
- var _a;
367
- return headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = cookies().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
341
+ return __async(this, null, function* () {
342
+ var _a;
343
+ return headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = cookies().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
344
+ });
368
345
  }
369
346
  function authMiddleware(req) {
370
347
  return __async(this, null, function* () {
371
- var _a, _b, _c;
348
+ var _a, _b;
372
349
  if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
373
350
  throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
374
351
  } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
@@ -376,7 +353,6 @@ function authMiddleware(req) {
376
353
  }
377
354
  const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
378
355
  const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
379
- const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
380
356
  if (accessToken) {
381
357
  const user = yield validateAccessTokenOrUndefined(accessToken);
382
358
  if (user) {
@@ -384,7 +360,7 @@ function authMiddleware(req) {
384
360
  }
385
361
  }
386
362
  if (refreshToken) {
387
- const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
363
+ const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
388
364
  if (response.error === "unexpected") {
389
365
  throw new Error("Unexpected error while refreshing access token");
390
366
  } else if (response.error === "unauthorized") {
@@ -445,7 +421,7 @@ function getRouteHandlers(args) {
445
421
  }
446
422
  function callbackGetHandler(req) {
447
423
  return __async(this, null, function* () {
448
- var _a, _b, _c;
424
+ var _a, _b;
449
425
  const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
450
426
  if (!oauthState || oauthState.length !== 64) {
451
427
  return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -481,49 +457,6 @@ function getRouteHandlers(args) {
481
457
  console.error("postLoginRedirectPathFn returned undefined");
482
458
  return new Response("Unexpected error", { status: 500 });
483
459
  }
484
- const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
485
- const user = yield validateAccessToken(accessToken);
486
- const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
487
- let activeOrgId = void 0;
488
- if (isUserInCurrentActiveOrg) {
489
- activeOrgId = currentActiveOrgId;
490
- } else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
491
- activeOrgId = args.getDefaultActiveOrgId(req, user);
492
- }
493
- if (activeOrgId) {
494
- const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
495
- if (response2.error === "unexpected") {
496
- throw new Error("Unexpected error while setting active org");
497
- } else if (response2.error === "unauthorized") {
498
- console.error(
499
- "Unauthorized error while setting active org. Your user may not have access to this org"
500
- );
501
- return new Response("Unauthorized", { status: 401 });
502
- } else {
503
- const headers3 = new Headers();
504
- headers3.append("Location", returnToPath);
505
- headers3.append(
506
- "Set-Cookie",
507
- `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
508
- );
509
- headers3.append(
510
- "Set-Cookie",
511
- `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
512
- );
513
- headers3.append(
514
- "Set-Cookie",
515
- `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
516
- );
517
- headers3.append(
518
- "Set-Cookie",
519
- `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
520
- );
521
- return new Response(null, {
522
- status: 302,
523
- headers: headers3
524
- });
525
- }
526
- }
527
460
  const headers2 = new Headers();
528
461
  headers2.append("Location", returnToPath);
529
462
  headers2.append(
@@ -534,10 +467,6 @@ function getRouteHandlers(args) {
534
467
  "Set-Cookie",
535
468
  `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
536
469
  );
537
- headers2.append(
538
- "Set-Cookie",
539
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
540
- );
541
470
  headers2.append(
542
471
  "Set-Cookie",
543
472
  `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
@@ -558,11 +487,10 @@ function getRouteHandlers(args) {
558
487
  }
559
488
  function userinfoGetHandler(req) {
560
489
  return __async(this, null, function* () {
561
- var _a, _b;
490
+ var _a;
562
491
  const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
563
- const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
564
492
  if (oldRefreshToken) {
565
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
493
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
566
494
  if (refreshResponse.error === "unexpected") {
567
495
  throw new Error("Unexpected error while refreshing access token");
568
496
  } else if (refreshResponse.error === "unauthorized") {
@@ -575,10 +503,6 @@ function getRouteHandlers(args) {
575
503
  "Set-Cookie",
576
504
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
577
505
  );
578
- headers3.append(
579
- "Set-Cookie",
580
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
581
- );
582
506
  return new Response("Unauthorized", { status: 401, headers: headers3 });
583
507
  }
584
508
  const refreshToken = refreshResponse.refreshToken;
@@ -597,8 +521,7 @@ function getRouteHandlers(args) {
597
521
  const jsonResponse = {
598
522
  userinfo: data,
599
523
  accessToken,
600
- impersonatorUserId: userFromToken.impersonatorUserId,
601
- activeOrgId
524
+ impersonatorUserId: userFromToken.impersonatorUserId
602
525
  };
603
526
  const headers3 = new Headers();
604
527
  headers3.append(
@@ -624,10 +547,6 @@ function getRouteHandlers(args) {
624
547
  "Set-Cookie",
625
548
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
626
549
  );
627
- headers3.append(
628
- "Set-Cookie",
629
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
630
- );
631
550
  return new Response(null, {
632
551
  status: 401,
633
552
  headers: headers3
@@ -639,13 +558,12 @@ function getRouteHandlers(args) {
639
558
  const headers2 = new Headers();
640
559
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
641
560
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
642
- headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
643
561
  return new Response(null, { status: 401 });
644
562
  });
645
563
  }
646
564
  function logoutGetHandler(req) {
647
565
  return __async(this, null, function* () {
648
- var _a, _b;
566
+ var _a;
649
567
  const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
650
568
  if (!path) {
651
569
  console.error("postLoginPathFn returned undefined");
@@ -663,17 +581,12 @@ function getRouteHandlers(args) {
663
581
  "Set-Cookie",
664
582
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
665
583
  );
666
- headers2.append(
667
- "Set-Cookie",
668
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
669
- );
670
584
  return new Response(null, {
671
585
  status: 302,
672
586
  headers: headers2
673
587
  });
674
588
  }
675
- const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
676
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
589
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
677
590
  if (refreshResponse.error === "unexpected") {
678
591
  console.error("Unexpected error while refreshing access token");
679
592
  return new Response("Unexpected error", { status: 500 });
@@ -688,10 +601,6 @@ function getRouteHandlers(args) {
688
601
  "Set-Cookie",
689
602
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
690
603
  );
691
- headers2.append(
692
- "Set-Cookie",
693
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
694
- );
695
604
  return new Response(null, {
696
605
  status: 302,
697
606
  headers: headers2
@@ -720,10 +629,6 @@ function getRouteHandlers(args) {
720
629
  "Set-Cookie",
721
630
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
722
631
  );
723
- headers3.append(
724
- "Set-Cookie",
725
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
726
- );
727
632
  return new Response(null, { status: 200, headers: headers3 });
728
633
  }
729
634
  const authUrlOrigin = getAuthUrlOrigin();
@@ -748,78 +653,9 @@ function getRouteHandlers(args) {
748
653
  const headers2 = new Headers();
749
654
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
750
655
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
751
- headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
752
656
  return new Response(null, { status: 200, headers: headers2 });
753
657
  });
754
658
  }
755
- function setActiveOrgHandler(req) {
756
- return __async(this, null, function* () {
757
- var _a;
758
- const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
759
- const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
760
- if (!oldRefreshToken) {
761
- const headers2 = new Headers();
762
- headers2.append(
763
- "Set-Cookie",
764
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
765
- );
766
- return new Response(null, { status: 401, headers: headers2 });
767
- }
768
- if (!activeOrgId) {
769
- return new Response(null, { status: 400 });
770
- }
771
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
772
- if (refreshResponse.error === "unexpected") {
773
- throw new Error("Unexpected error while setting active org id");
774
- } else if (refreshResponse.error === "unauthorized") {
775
- return new Response("Unauthorized", { status: 401 });
776
- }
777
- const refreshToken = refreshResponse.refreshToken;
778
- const accessToken = refreshResponse.accessToken;
779
- const authUrlOrigin = getAuthUrlOrigin();
780
- const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
781
- const response = yield fetch(path, {
782
- headers: {
783
- "Content-Type": "application/json",
784
- Authorization: "Bearer " + accessToken
785
- }
786
- });
787
- if (response.ok) {
788
- const userFromToken = yield validateAccessToken(accessToken);
789
- const data = yield response.json();
790
- const jsonResponse = {
791
- userinfo: data,
792
- accessToken,
793
- impersonatorUserId: userFromToken.impersonatorUserId,
794
- activeOrgId
795
- };
796
- const headers2 = new Headers();
797
- headers2.append(
798
- "Set-Cookie",
799
- `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
800
- );
801
- headers2.append(
802
- "Set-Cookie",
803
- `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
804
- );
805
- headers2.append(
806
- "Set-Cookie",
807
- `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
808
- );
809
- headers2.append("Content-Type", "application/json");
810
- return new Response(JSON.stringify(jsonResponse), {
811
- status: 200,
812
- headers: headers2
813
- });
814
- } else if (response.status === 401) {
815
- return new Response(null, {
816
- status: 401
817
- });
818
- } else {
819
- return new Response(null, { status: 500 });
820
- }
821
- });
822
- }
823
659
  function getRouteHandler(req, { params }) {
824
660
  if (params.slug === "login") {
825
661
  return loginGetHandler(req);
@@ -838,8 +674,6 @@ function getRouteHandlers(args) {
838
674
  function postRouteHandler(req, { params }) {
839
675
  if (params.slug === "logout") {
840
676
  return logoutPostHandler(req);
841
- } else if (params.slug === "set-active-org") {
842
- return setActiveOrgHandler(req);
843
677
  } else {
844
678
  return new Response("", { status: 404 });
845
679
  }