@propelauth/nextjs 0.0.112-beta.1 → 0.0.114

Sign up to get free protection for your applications and to get access to all the features.
Files changed (21) hide show
  1. package/dist/client/index.d.ts +17 -49
  2. package/dist/client/index.js +79 -139
  3. package/dist/client/index.js.map +1 -1
  4. package/dist/client/index.mjs +79 -139
  5. package/dist/client/index.mjs.map +1 -1
  6. package/dist/server/app-router/index.d.ts +2 -34
  7. package/dist/server/app-router/index.js +35 -201
  8. package/dist/server/app-router/index.js.map +1 -1
  9. package/dist/server/app-router/index.mjs +35 -201
  10. package/dist/server/app-router/index.mjs.map +1 -1
  11. package/dist/server/index.d.ts +2 -33
  12. package/dist/server/index.js +15 -36
  13. package/dist/server/index.js.map +1 -1
  14. package/dist/server/index.mjs +15 -36
  15. package/dist/server/index.mjs.map +1 -1
  16. package/dist/server/pages/index.d.ts +2 -33
  17. package/dist/server/pages/index.js +25 -53
  18. package/dist/server/pages/index.js.map +1 -1
  19. package/dist/server/pages/index.mjs +25 -53
  20. package/dist/server/pages/index.mjs.map +1 -1
  21. package/package.json +1 -1
package/dist/server/app-router/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/server/exceptions.ts","../../../src/server/app-router.ts","../../../src/user.ts","../../../src/server/shared.ts","../../../src/shared.ts"],"sourcesContent":["export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import { redirect } from 'next/navigation.js'\nimport { cookies, headers } from 'next/headers.js'\nimport { NextRequest, NextResponse } from 'next/server.js'\nimport {\n ACCESS_TOKEN_COOKIE_NAME,\n CALLBACK_PATH,\n COOKIE_OPTIONS,\n CUSTOM_HEADER_FOR_ACCESS_TOKEN,\n getAuthUrlOrigin,\n getIntegrationApiKey,\n getRedirectUri,\n LOGIN_PATH,\n LOGOUT_PATH,\n REFRESH_TOKEN_COOKIE_NAME,\n refreshTokenWithAccessAndRefreshToken,\n RETURN_TO_PATH_COOKIE_NAME,\n STATE_COOKIE_NAME,\n USERINFO_PATH,\n validateAccessToken,\n validateAccessTokenOrUndefined,\n} from './shared'\nimport { UserFromToken } from './index'\nimport { ACTIVE_ORG_ID_COOKIE_NAME } from '../shared'\n\nexport async function getUserOrRedirect(): Promise<UserFromToken> {\n const user = await getUser()\n if (user) {\n return user\n } else {\n redirect(LOGIN_PATH)\n throw new Error('Redirecting to login')\n }\n}\n\nexport async function getUser(): Promise<UserFromToken | undefined> {\n const accessToken = getAccessToken()\n if (accessToken) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return user\n }\n }\n return undefined\n}\n\nexport function getAccessToken(): string | undefined {\n return headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || cookies().get(ACCESS_TOKEN_COOKIE_NAME)?.value\n}\n\n// Purpose of this middleware is just to keep the access token cookie alive\n// In an ideal world, this could be done in `getUser`, however, you can't\n// set a cookie in a server component.\n// There also doesn't seem to be any way right now to set a cookie in a\n// middleware and pass it forward (you can only set them on the response).\n// You CAN, however, pass in custom headers,\n// so we'll use CUSTOM_HEADER_FOR_ACCESS_TOKEN as a workaround\nexport async function authMiddleware(req: NextRequest): Promise<Response> {\n if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {\n throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`)\n } else if (\n req.nextUrl.pathname === CALLBACK_PATH ||\n req.nextUrl.pathname === LOGOUT_PATH ||\n req.nextUrl.pathname === USERINFO_PATH\n ) {\n // Don't do anything for the callback, logout, or userinfo paths, as they will modify the cookies themselves\n return NextResponse.next()\n }\n\n const accessToken = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)?.value\n const refreshToken = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)?.value\n const activeOrgId = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)?.value\n\n // If we are authenticated, we can continue\n if (accessToken) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return NextResponse.next()\n }\n }\n\n // Otherwise, we need to refresh the access token\n if (refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId)\n if (response.error === 'unexpected') {\n throw new Error('Unexpected error while refreshing access token')\n } else if (response.error === 'unauthorized') {\n const response = NextResponse.next()\n response.cookies.delete(ACCESS_TOKEN_COOKIE_NAME)\n response.cookies.delete(REFRESH_TOKEN_COOKIE_NAME)\n return response\n } else {\n const headers = new Headers(req.headers)\n // Pass along the new access token in a header since cookies don't work\n headers.append(CUSTOM_HEADER_FOR_ACCESS_TOKEN, response.accessToken)\n const nextResponse = NextResponse.next({\n request: {\n headers,\n },\n })\n nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS)\n nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS)\n return nextResponse\n }\n }\n\n return NextResponse.next()\n}\n\nexport type RouteHandlerArgs = {\n postLoginRedirectPathFn?: (req: NextRequest) => string\n getDefaultActiveOrgId?: (req: NextRequest, user: UserFromToken) => string | undefined\n}\n\nexport function getRouteHandlers(args?: RouteHandlerArgs) {\n function loginGetHandler(req: NextRequest) {\n return signupOrLoginHandler(req, false)\n }\n\n function signupGetHandler(req: NextRequest) {\n return signupOrLoginHandler(req, true)\n }\n\n function signupOrLoginHandler(req: NextRequest, isSignup: boolean) {\n const returnToPath = req.nextUrl.searchParams.get('return_to_path')\n const state = randomState()\n const redirectUri = getRedirectUri()\n\n const authorizeUrlSearchParams = new URLSearchParams({\n redirect_uri: redirectUri,\n state,\n signup: isSignup ? 'true' : 'false',\n })\n const authorize_url = getAuthUrlOrigin() + '/propelauth/ssr/authorize?' + authorizeUrlSearchParams.toString()\n\n const headers = new Headers()\n headers.append('Location', authorize_url)\n headers.append('Set-Cookie', `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite=Lax`)\n if (returnToPath) {\n if (returnToPath.startsWith('/')) {\n headers.append(\n 'Set-Cookie',\n `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=600`\n )\n } else {\n console.warn('return_to_path must start with /')\n }\n }\n\n return new Response(null, {\n status: 302,\n headers,\n })\n }\n\n async function callbackGetHandler(req: NextRequest) {\n const oauthState = req.cookies.get(STATE_COOKIE_NAME)?.value\n if (!oauthState || oauthState.length !== 64) {\n return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } })\n }\n\n const queryParams = req.nextUrl.searchParams\n const state = queryParams.get('state')\n const code = queryParams.get('code')\n if (state !== oauthState) {\n return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } })\n }\n\n const authUrlOrigin = getAuthUrlOrigin()\n const redirectUri = getRedirectUri()\n const integrationApiKey = getIntegrationApiKey()\n const oauth_token_body = {\n redirect_uri: redirectUri,\n code,\n }\n const url = `${authUrlOrigin}/propelauth/ssr/token`\n const response = await fetch(url, {\n method: 'POST',\n body: JSON.stringify(oauth_token_body),\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + integrationApiKey,\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n\n const accessToken = data.access_token\n\n // If we have a return_to_path cookie, we'll use that\n // Otherwise, we'll use the postLoginRedirectPathFn\n const returnToPathFromCookie = req.cookies.get(RETURN_TO_PATH_COOKIE_NAME)?.value\n const returnToPath =\n returnToPathFromCookie ?? (args?.postLoginRedirectPathFn ? args.postLoginRedirectPathFn(req) : '/')\n if (!returnToPath) {\n console.error('postLoginRedirectPathFn returned undefined')\n return new Response('Unexpected error', { status: 500 })\n }\n\n // For Active Org, if there is one set, we need to issue a new access token\n // We start by checking if there's an existing cookie AND the user is in that org\n // Otherwise, we'll use the default active org function to get the active org\n // If none of that, we'll just use the access token as is\n const currentActiveOrgId = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)?.value\n\n const user = await validateAccessToken(accessToken)\n const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId)\n\n let activeOrgId = undefined\n if (isUserInCurrentActiveOrg) {\n activeOrgId = currentActiveOrgId\n } else if (args?.getDefaultActiveOrgId) {\n activeOrgId = args.getDefaultActiveOrgId(req, user)\n }\n\n // If there's an active org, we need to re-issue a new access token for the active org\n if (activeOrgId) {\n const response = await refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId)\n if (response.error === 'unexpected') {\n throw new Error('Unexpected error while setting active org')\n } else if (response.error === 'unauthorized') {\n console.error(\n 'Unauthorized error while setting active org. Your user may not have access to this org'\n )\n return new Response('Unauthorized', { status: 401 })\n } else {\n const headers = new Headers()\n headers.append('Location', returnToPath)\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append(\n 'Set-Cookie',\n `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append(\n 'Set-Cookie',\n `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response(null, {\n status: 302,\n headers,\n })\n }\n }\n\n const headers = new Headers()\n headers.append('Location', returnToPath)\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append(\n 'Set-Cookie',\n `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response(null, {\n status: 302,\n headers,\n })\n } else if (response.status === 401) {\n console.error(\n \"Couldn't finish the login process for this user. This is most likely caused by an incorrect PROPELAUTH_API_KEY.\"\n )\n return new Response('Unexpected error', { status: 500 })\n } else {\n return new Response('Unexpected error', { status: 500 })\n }\n }\n\n async function userinfoGetHandler(req: NextRequest) {\n const oldRefreshToken = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)?.value\n const activeOrgId = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)?.value\n\n // For the userinfo endpoint, we want to get the most up-to-date info, so we'll refresh the access token\n if (oldRefreshToken) {\n const refreshResponse = await refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId)\n if (refreshResponse.error === 'unexpected') {\n throw new Error('Unexpected error while refreshing access token')\n } else if (refreshResponse.error === 'unauthorized') {\n const headers = new Headers()\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response('Unauthorized', { status: 401, headers })\n }\n\n const refreshToken = refreshResponse.refreshToken\n const accessToken = refreshResponse.accessToken\n\n const authUrlOrigin = getAuthUrlOrigin()\n const path = `${authUrlOrigin}/propelauth/oauth/userinfo`\n const response = await fetch(path, {\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + accessToken,\n },\n })\n if (response.ok) {\n const userFromToken = await validateAccessToken(accessToken)\n const data = await response.json()\n const jsonResponse = {\n userinfo: data,\n accessToken,\n impersonatorUserId: userFromToken.impersonatorUserId,\n activeOrgId,\n }\n\n const headers = new Headers()\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append('Content-Type', 'application/json')\n return new Response(JSON.stringify(jsonResponse), {\n status: 200,\n headers,\n })\n } else if (response.status === 401) {\n const headers = new Headers()\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response(null, {\n status: 401,\n headers,\n })\n } else {\n return new Response(null, { status: 500 })\n }\n }\n\n const headers = new Headers()\n headers.append('Set-Cookie', `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n headers.append('Set-Cookie', `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n headers.append('Set-Cookie', `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n return new Response(null, { status: 401 })\n }\n\n async function logoutGetHandler(req: NextRequest) {\n // Real logout requests will go to the logout POST handler\n // This endpoint is a landing page for when people logout from the hosted UIs\n // Instead of doing a logout we'll check the refresh token.\n // If it's invalid, we'll clear the cookies and redirect using the postLoginRedirectPathFn\n const path = args?.postLoginRedirectPathFn ? args.postLoginRedirectPathFn(req) : '/'\n if (!path) {\n console.error('postLoginPathFn returned undefined')\n return new Response('Unexpected error', { status: 500 })\n }\n\n const refreshToken = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)?.value\n if (!refreshToken) {\n const headers = new Headers()\n headers.append('Location', path)\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response(null, {\n status: 302,\n headers,\n })\n }\n\n const activeOrgId = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)?.value\n const refreshResponse = await refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId)\n if (refreshResponse.error === 'unexpected') {\n console.error('Unexpected error while refreshing access token')\n return new Response('Unexpected error', { status: 500 })\n } else if (refreshResponse.error === 'unauthorized') {\n const headers = new Headers()\n headers.append('Location', path)\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response(null, {\n status: 302,\n headers,\n })\n } else {\n const headers = new Headers()\n headers.append('Location', path)\n return new Response(null, {\n status: 302,\n headers,\n })\n }\n }\n\n async function logoutPostHandler(req: NextRequest) {\n const refreshToken = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)?.value\n if (!refreshToken) {\n const headers = new Headers()\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response(null, { status: 200, headers })\n }\n\n const authUrlOrigin = getAuthUrlOrigin()\n const integrationApiKey = getIntegrationApiKey()\n const logoutBody = { refresh_token: refreshToken }\n const url = `${authUrlOrigin}/api/backend/v1/logout`\n const response = await fetch(url, {\n method: 'POST',\n body: JSON.stringify(logoutBody),\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + integrationApiKey,\n },\n })\n\n if (!response.ok) {\n console.warn(\n 'Unable to logout, clearing cookies and continuing anyway',\n response.status,\n response.statusText\n )\n }\n const headers = new Headers()\n headers.append('Set-Cookie', `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n headers.append('Set-Cookie', `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n headers.append('Set-Cookie', `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n return new Response(null, { status: 200, headers })\n }\n\n async function setActiveOrgHandler(req: NextRequest) {\n const oldRefreshToken = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)?.value\n const activeOrgId = req.nextUrl.searchParams.get('active_org_id')\n\n if (!oldRefreshToken) {\n const headers = new Headers()\n headers.append(\n 'Set-Cookie',\n `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response(null, { status: 401, headers })\n }\n\n if (!activeOrgId) {\n return new Response(null, { status: 400 })\n }\n\n const refreshResponse = await refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId)\n if (refreshResponse.error === 'unexpected') {\n throw new Error('Unexpected error while setting active org id')\n } else if (refreshResponse.error === 'unauthorized') {\n return new Response('Unauthorized', { status: 401 })\n }\n\n const refreshToken = refreshResponse.refreshToken\n const accessToken = refreshResponse.accessToken\n\n const authUrlOrigin = getAuthUrlOrigin()\n const path = `${authUrlOrigin}/propelauth/oauth/userinfo`\n const response = await fetch(path, {\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + accessToken,\n },\n })\n\n if (response.ok) {\n const userFromToken = await validateAccessToken(accessToken)\n const data = await response.json()\n const jsonResponse = {\n userinfo: data,\n accessToken,\n impersonatorUserId: userFromToken.impersonatorUserId,\n activeOrgId,\n }\n\n const headers = new Headers()\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append(\n 'Set-Cookie',\n `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append('Content-Type', 'application/json')\n return new Response(JSON.stringify(jsonResponse), {\n status: 200,\n headers,\n })\n } else if (response.status === 401) {\n return new Response(null, {\n status: 401,\n })\n } else {\n return new Response(null, { status: 500 })\n }\n }\n\n function getRouteHandler(req: NextRequest, { params }: { params: { slug: string } }) {\n if (params.slug === 'login') {\n return loginGetHandler(req)\n } else if (params.slug === 'signup') {\n return signupGetHandler(req)\n } else if (params.slug === 'callback') {\n return callbackGetHandler(req)\n } else if (params.slug === 'userinfo') {\n return userinfoGetHandler(req)\n } else if (params.slug === 'logout') {\n return logoutGetHandler(req)\n } else {\n return new Response('', { status: 404 })\n }\n }\n\n function postRouteHandler(req: NextRequest, { params }: { params: { slug: string } }) {\n if (params.slug === 'logout') {\n return logoutPostHandler(req)\n } else if (params.slug === 'set-active-org') {\n return setActiveOrgHandler(req)\n } else {\n return new Response('', { status: 404 })\n }\n }\n\n return {\n getRouteHandler,\n postRouteHandler,\n }\n}\n\nfunction randomState(): string {\n const randomBytes = crypto.getRandomValues(new Uint8Array(32))\n return Array.from(randomBytes)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('')\n}\n","export class UserFromToken {\n public userId: string\n\n public activeOrgId?: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n activeOrgId?: string\n ) {\n this.userId = userId\n\n this.activeOrgId = activeOrgId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n }\n\n public getActiveOrg(): OrgMemberInfo | undefined {\n if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[this.activeOrgId]\n }\n\n public getActiveOrgId(): string | undefined {\n return this.activeOrgId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, '-')\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]))\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties\n )\n }\n\n public static fromJwtPayload(payload: InternalUser): UserFromToken {\n let activeOrgId: string | undefined\n let orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo | undefined\n\n if (payload.org_member_info) {\n activeOrgId = payload.org_member_info.org_id\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info })\n } else {\n activeOrgId = undefined\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info)\n }\n\n return new UserFromToken(\n payload.user_id,\n payload.email,\n orgIdToOrgMemberInfo,\n payload.first_name,\n payload.last_name,\n payload.username,\n payload.legacy_user_id,\n payload.impersonatorUserId,\n payload.properties,\n activeOrgId\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n return this.userAssignedRole === role\n }\n\n public isAtLeastRole(role: string): boolean {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n return this.userInheritedRolesPlusCurrentRole\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n}\nexport type InternalUser = {\n user_id: string\n\n org_member_info?: InternalOrgMemberInfo\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return UserFromToken.fromJwtPayload(snake_case)\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions\n )\n }\n }\n\n return camelCase\n}\n","import { ResponseCookie } from 'next/dist/compiled/@edge-runtime/cookies'\nimport { InternalUser, toUser, UserFromToken } from '../user'\nimport { ConfigurationException, UnauthorizedException } from './exceptions'\nimport * as jose from 'jose'\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: 'none'\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: 'unauthorized'\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: 'unexpected'\n}\n\nexport type RefreshTokenResponse =\n | RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = '/api/auth/login'\nexport const CALLBACK_PATH = '/api/auth/callback'\nexport const USERINFO_PATH = '/api/auth/userinfo'\nexport const LOGOUT_PATH = '/api/auth/logout'\nexport const ACCESS_TOKEN_COOKIE_NAME = '__pa_at'\nexport const REFRESH_TOKEN_COOKIE_NAME = '__pa_rt'\nexport const STATE_COOKIE_NAME = '__pa_state'\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = 'x-propelauth-access-token'\nexport const RETURN_TO_PATH_COOKIE_NAME = '__pa_return_to_path'\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: 'lax',\n secure: true,\n path: '/',\n}\n\nexport function getAuthUrlOrigin() {\n return getAuthUrl().origin\n}\n\nexport function getAuthUrl() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error('NEXT_PUBLIC_AUTH_URL is not set')\n }\n return new URL(authUrl)\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.PROPELAUTH_REDIRECT_URI\n if (!redirectUri) {\n throw new Error('PROPELAUTH_REDIRECT_URI is not set')\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error('PROPELAUTH_API_KEY is not set')\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.PROPELAUTH_VERIFIER_KEY\n if (!verifierKey) {\n throw new Error('PROPELAUTH_VERIFIER_KEY is not set')\n }\n return verifierKey.replace(/\\\\n/g, '\\n')\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(\n refreshToken: string,\n activeOrgId?: string\n): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n\n const queryParams = new URLSearchParams()\n if (activeOrgId) {\n queryParams.set('with_active_org_support', 'true')\n queryParams.set('active_org_id', activeOrgId)\n }\n\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`\n const response = await fetch(url, {\n method: 'POST',\n body: JSON.stringify(body),\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: 'none',\n }\n } else if (response.status === 400 || response.status === 401) {\n return { error: 'unauthorized' }\n } else {\n return { error: 'unexpected' }\n }\n}\n\nexport async function validateAccessTokenOrUndefined(\n accessToken: string | undefined\n): Promise<UserFromToken | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.info('Error validating access token', err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<UserFromToken> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), 'RS256')\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException('Invalid verifier key')\n }\n\n if (!accessToken) {\n throw new UnauthorizedException('No access token provided')\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith('bearer ')) {\n accessTokenWithoutBearer = accessToken.substring('bearer '.length)\n }\n\n try {\n const { payload } = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: ['RS256'],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException('Unable to decode jwt')\n }\n }\n}\n","export const ACTIVE_ORG_ID_COOKIE_NAME = '__pa_org_id'\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACpBA,SAAS,gBAAgB;AACzB,SAAS,SAAS,eAAe;AACjC,SAAsB,oBAAoB;;;ACFnC,IAAM,gBAAN,MAAoB;AAAA,EAkBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACA,aACF;AACE,SAAK,SAAS;AAEd,SAAK,cAAc;AACnB,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAAA,EACtB;AAAA,EAEO,eAA0C;AAC7C,QAAI,CAAC,KAAK,eAAe,CAAC,KAAK,sBAAsB;AACjD,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK,WAAW;AAAA,EACrD;AAAA,EAEO,iBAAqC;AACxC,WAAO,KAAK;AAAA,EAChB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc,SAAS,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC,CAAC;AAAA,IACxG;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA,EAEA,OAAc,eAAe,SAAsC;AAC/D,QAAI;AACJ,QAAI;AAEJ,QAAI,QAAQ,iBAAiB;AACzB,oBAAc,QAAQ,gBAAgB;AACtC,6BAAuB,uBAAuB,EAAE,CAAC,WAAW,GAAG,QAAQ,gBAAgB,CAAC;AAAA,IAC5F,OAAO;AACH,oBAAc;AACd,6BAAuB,uBAAuB,QAAQ,yBAAyB;AAAA,IACnF;AAEA,WAAO,IAAI;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACJ;AAAA,EACJ;AACJ;AAMO,IAAM,gBAAN,MAAoB;AAAA,EAUvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AAEtB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AAAA,EAC3B;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,WAAO,KAAK,qBAAqB;AAAA,EACrC;AAAA,EAEO,cAAc,MAAuB;AACxC,WAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,EAC/D;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAA0C;AAC1C,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AA8BO,SAAS,OAAO,YAAyC;AAC5D,SAAO,cAAc,eAAe,UAAU;AAClD;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;AChRA,YAAY,UAAU;AAqBf,IAAM,aAAa;AACnB,IAAM,gBAAgB;AACtB,IAAM,gBAAgB;AACtB,IAAM,cAAc;AACpB,IAAM,2BAA2B;AACjC,IAAM,4BAA4B;AAClC,IAAM,oBAAoB;AAC1B,IAAM,iCAAiC;AACvC,IAAM,6BAA6B;AAEnC,IAAM,iBAA0C;AAAA,EACnD,UAAU;AAAA,EACV,UAAU;AAAA,EACV,QAAQ;AAAA,EACR,MAAM;AACV;AAEO,SAAS,mBAAmB;AAC/B,SAAO,WAAW,EAAE;AACxB;AAEO,SAAS,aAAa;AACzB,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO;AAC1B;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO;AACX;AAEO,SAAS,uBAAuB;AACnC,QAAM,oBAAoB,QAAQ,IAAI;AACtC,MAAI,CAAC,mBAAmB;AACpB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AACA,SAAO;AACX;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AAEA,SAAsB,sCAClB,cACA,aAC6B;AAAA;AAC7B,UAAM,OAAO;AAAA,MACT,eAAe;AAAA,IACnB;AAEA,UAAM,cAAc,IAAI,gBAAgB;AACxC,QAAI,aAAa;AACb,kBAAY,IAAI,2BAA2B,MAAM;AACjD,kBAAY,IAAI,iBAAiB,WAAW;AAAA,IAChD;AAEA,UAAM,MAAM,GAAG,iBAAiB,kCAAkC,YAAY,SAAS;AACvF,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAC9B,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,gBAAgB;AAAA,QAChB,eAAe,YAAY,qBAAqB;AAAA,MACpD;AAAA,IACJ,CAAC;AAED,QAAI,SAAS,IAAI;AACb,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,kBAAkB,KAAK;AAC7B,YAAM,EAAE,cAAc,aAAa,oBAAoB,iBAAiB,IAAI,KAAK;AAEjF,aAAO;AAAA,QACH,cAAc;AAAA,QACd;AAAA,QACA,OAAO;AAAA,MACX;AAAA,IACJ,WAAW,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AAC3D,aAAO,EAAE,OAAO,eAAe;AAAA,IACnC,OAAO;AACH,aAAO,EAAE,OAAO,aAAa;AAAA,IACjC;AAAA,EACJ;AAAA;AAEA,SAAsB,+BAClB,aACkC;AAAA;AAClC,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,KAAK,iCAAiC,GAAG;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAyD;AAAA;AAC/F,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAE,QAAQ,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QAC1E,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;;;ACvKO,IAAM,4BAA4B;;;AHwBzC,SAAsB,oBAA4C;AAAA;AAC9D,UAAM,OAAO,MAAM,QAAQ;AAC3B,QAAI,MAAM;AACN,aAAO;AAAA,IACX,OAAO;AACH,eAAS,UAAU;AACnB,YAAM,IAAI,MAAM,sBAAsB;AAAA,IAC1C;AAAA,EACJ;AAAA;AAEA,SAAsB,UAA8C;AAAA;AAChE,UAAM,cAAc,eAAe;AACnC,QAAI,aAAa;AACb,YAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,UAAI,MAAM;AACN,eAAO;AAAA,MACX;AAAA,IACJ;AACA,WAAO;AAAA,EACX;AAAA;AAEO,SAAS,iBAAqC;AA7CrD;AA8CI,SAAO,QAAQ,EAAE,IAAI,8BAA8B,OAAK,aAAQ,EAAE,IAAI,wBAAwB,MAAtC,mBAAyC;AACrG;AASA,SAAsB,eAAe,KAAqC;AAAA;AAxD1E;AAyDI,QAAI,IAAI,QAAQ,IAAI,8BAA8B,GAAG;AACjD,YAAM,IAAI,MAAM,GAAG,sEAAsE;AAAA,IAC7F,WACI,IAAI,QAAQ,aAAa,iBACzB,IAAI,QAAQ,aAAa,eACzB,IAAI,QAAQ,aAAa,eAC3B;AAEE,aAAO,aAAa,KAAK;AAAA,IAC7B;AAEA,UAAM,eAAc,SAAI,QAAQ,IAAI,wBAAwB,MAAxC,mBAA2C;AAC/D,UAAM,gBAAe,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AACjE,UAAM,eAAc,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AAGhE,QAAI,aAAa;AACb,YAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,UAAI,MAAM;AACN,eAAO,aAAa,KAAK;AAAA,MAC7B;AAAA,IACJ;AAGA,QAAI,cAAc;AACd,YAAM,WAAW,MAAM,sCAAsC,cAAc,WAAW;AACtF,UAAI,SAAS,UAAU,cAAc;AACjC,cAAM,IAAI,MAAM,gDAAgD;AAAA,MACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,cAAMA,YAAW,aAAa,KAAK;AACnC,QAAAA,UAAS,QAAQ,OAAO,wBAAwB;AAChD,QAAAA,UAAS,QAAQ,OAAO,yBAAyB;AACjD,eAAOA;AAAA,MACX,OAAO;AACH,cAAMC,WAAU,IAAI,QAAQ,IAAI,OAAO;AAEvC,QAAAA,SAAQ,OAAO,gCAAgC,SAAS,WAAW;AACnE,cAAM,eAAe,aAAa,KAAK;AAAA,UACnC,SAAS;AAAA,YACL,SAAAA;AAAA,UACJ;AAAA,QACJ,CAAC;AACD,qBAAa,QAAQ,IAAI,0BAA0B,SAAS,aAAa,cAAc;AACvF,qBAAa,QAAQ,IAAI,2BAA2B,SAAS,cAAc,cAAc;AACzF,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO,aAAa,KAAK;AAAA,EAC7B;AAAA;AAOO,SAAS,iBAAiB,MAAyB;AACtD,WAAS,gBAAgB,KAAkB;AACvC,WAAO,qBAAqB,KAAK,KAAK;AAAA,EAC1C;AAEA,WAAS,iBAAiB,KAAkB;AACxC,WAAO,qBAAqB,KAAK,IAAI;AAAA,EACzC;AAEA,WAAS,qBAAqB,KAAkB,UAAmB;AAC/D,UAAM,eAAe,IAAI,QAAQ,aAAa,IAAI,gBAAgB;AAClE,UAAM,QAAQ,YAAY;AAC1B,UAAM,cAAc,eAAe;AAEnC,UAAM,2BAA2B,IAAI,gBAAgB;AAAA,MACjD,cAAc;AAAA,MACd;AAAA,MACA,QAAQ,WAAW,SAAS;AAAA,IAChC,CAAC;AACD,UAAM,gBAAgB,iBAAiB,IAAI,+BAA+B,yBAAyB,SAAS;AAE5G,UAAMA,WAAU,IAAI,QAAQ;AAC5B,IAAAA,SAAQ,OAAO,YAAY,aAAa;AACxC,IAAAA,SAAQ,OAAO,cAAc,GAAG,qBAAqB,+CAA+C;AACpG,QAAI,cAAc;AACd,UAAI,aAAa,WAAW,GAAG,GAAG;AAC9B,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG,8BAA8B;AAAA,QACrC;AAAA,MACJ,OAAO;AACH,gBAAQ,KAAK,kCAAkC;AAAA,MACnD;AAAA,IACJ;AAEA,WAAO,IAAI,SAAS,MAAM;AAAA,MACtB,QAAQ;AAAA,MACR,SAAAA;AAAA,IACJ,CAAC;AAAA,EACL;AAEA,WAAe,mBAAmB,KAAkB;AAAA;AA1JxD;AA2JQ,YAAM,cAAa,SAAI,QAAQ,IAAI,iBAAiB,MAAjC,mBAAoC;AACvD,UAAI,CAAC,cAAc,WAAW,WAAW,IAAI;AACzC,eAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAS,EAAE,UAAU,WAAW,EAAE,CAAC;AAAA,MAChF;AAEA,YAAM,cAAc,IAAI,QAAQ;AAChC,YAAM,QAAQ,YAAY,IAAI,OAAO;AACrC,YAAM,OAAO,YAAY,IAAI,MAAM;AACnC,UAAI,UAAU,YAAY;AACtB,eAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAS,EAAE,UAAU,WAAW,EAAE,CAAC;AAAA,MAChF;AAEA,YAAM,gBAAgB,iBAAiB;AACvC,YAAM,cAAc,eAAe;AACnC,YAAM,oBAAoB,qBAAqB;AAC/C,YAAM,mBAAmB;AAAA,QACrB,cAAc;AAAA,QACd;AAAA,MACJ;AACA,YAAM,MAAM,GAAG;AACf,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAC9B,QAAQ;AAAA,QACR,MAAM,KAAK,UAAU,gBAAgB;AAAA,QACrC,SAAS;AAAA,UACL,gBAAgB;AAAA,UAChB,eAAe,YAAY;AAAA,QAC/B;AAAA,MACJ,CAAC;AAED,UAAI,SAAS,IAAI;AACb,cAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,cAAM,cAAc,KAAK;AAIzB,cAAM,0BAAyB,SAAI,QAAQ,IAAI,0BAA0B,MAA1C,mBAA6C;AAC5E,cAAM,eACF,2DAA2B,6BAAM,2BAA0B,KAAK,wBAAwB,GAAG,IAAI;AACnG,YAAI,CAAC,cAAc;AACf,kBAAQ,MAAM,4CAA4C;AAC1D,iBAAO,IAAI,SAAS,oBAAoB,EAAE,QAAQ,IAAI,CAAC;AAAA,QAC3D;AAMA,cAAM,sBAAqB,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AAEvE,cAAM,OAAO,MAAM,oBAAoB,WAAW;AAClD,cAAM,2BAA2B,CAAC,CAAC,sBAAsB,CAAC,CAAC,KAAK,OAAO,kBAAkB;AAEzF,YAAI,cAAc;AAClB,YAAI,0BAA0B;AAC1B,wBAAc;AAAA,QAClB,WAAW,6BAAM,uBAAuB;AACpC,wBAAc,KAAK,sBAAsB,KAAK,IAAI;AAAA,QACtD;AAGA,YAAI,aAAa;AACb,gBAAMD,YAAW,MAAM,sCAAsC,KAAK,eAAe,WAAW;AAC5F,cAAIA,UAAS,UAAU,cAAc;AACjC,kBAAM,IAAI,MAAM,2CAA2C;AAAA,UAC/D,WAAWA,UAAS,UAAU,gBAAgB;AAC1C,oBAAQ;AAAA,cACJ;AAAA,YACJ;AACA,mBAAO,IAAI,SAAS,gBAAgB,EAAE,QAAQ,IAAI,CAAC;AAAA,UACvD,OAAO;AACH,kBAAMC,WAAU,IAAI,QAAQ;AAC5B,YAAAA,SAAQ,OAAO,YAAY,YAAY;AACvC,YAAAA,SAAQ;AAAA,cACJ;AAAA,cACA,GAAG,4BAA4BD,UAAS;AAAA,YAC5C;AACA,YAAAC,SAAQ;AAAA,cACJ;AAAA,cACA,GAAG,6BAA6BD,UAAS;AAAA,YAC7C;AACA,YAAAC,SAAQ;AAAA,cACJ;AAAA,cACA,GAAG,6BAA6B;AAAA,YACpC;AACA,YAAAA,SAAQ;AAAA,cACJ;AAAA,cACA,GAAG;AAAA,YACP;AACA,mBAAO,IAAI,SAAS,MAAM;AAAA,cACtB,QAAQ;AAAA,cACR,SAAAA;AAAA,YACJ,CAAC;AAAA,UACL;AAAA,QACJ;AAEA,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ,OAAO,YAAY,YAAY;AACvC,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG,4BAA4B;AAAA,QACnC;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG,6BAA6B,KAAK;AAAA,QACzC;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,eAAO,IAAI,SAAS,MAAM;AAAA,UACtB,QAAQ;AAAA,UACR,SAAAA;AAAA,QACJ,CAAC;AAAA,MACL,WAAW,SAAS,WAAW,KAAK;AAChC,gBAAQ;AAAA,UACJ;AAAA,QACJ;AACA,eAAO,IAAI,SAAS,oBAAoB,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC3D,OAAO;AACH,eAAO,IAAI,SAAS,oBAAoB,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC3D;AAAA,IACJ;AAAA;AAEA,WAAe,mBAAmB,KAAkB;AAAA;AA3RxD;AA4RQ,YAAM,mBAAkB,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AACpE,YAAM,eAAc,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AAGhE,UAAI,iBAAiB;AACjB,cAAM,kBAAkB,MAAM,sCAAsC,iBAAiB,WAAW;AAChG,YAAI,gBAAgB,UAAU,cAAc;AACxC,gBAAM,IAAI,MAAM,gDAAgD;AAAA,QACpE,WAAW,gBAAgB,UAAU,gBAAgB;AACjD,gBAAMA,WAAU,IAAI,QAAQ;AAC5B,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG;AAAA,UACP;AACA,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG;AAAA,UACP;AACA,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG;AAAA,UACP;AACA,iBAAO,IAAI,SAAS,gBAAgB,EAAE,QAAQ,KAAK,SAAAA,SAAQ,CAAC;AAAA,QAChE;AAEA,cAAM,eAAe,gBAAgB;AACrC,cAAM,cAAc,gBAAgB;AAEpC,cAAM,gBAAgB,iBAAiB;AACvC,cAAM,OAAO,GAAG;AAChB,cAAM,WAAW,MAAM,MAAM,MAAM;AAAA,UAC/B,SAAS;AAAA,YACL,gBAAgB;AAAA,YAChB,eAAe,YAAY;AAAA,UAC/B;AAAA,QACJ,CAAC;AACD,YAAI,SAAS,IAAI;AACb,gBAAM,gBAAgB,MAAM,oBAAoB,WAAW;AAC3D,gBAAM,OAAO,MAAM,SAAS,KAAK;AACjC,gBAAM,eAAe;AAAA,YACjB,UAAU;AAAA,YACV;AAAA,YACA,oBAAoB,cAAc;AAAA,YAClC;AAAA,UACJ;AAEA,gBAAMA,WAAU,IAAI,QAAQ;AAC5B,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG,4BAA4B;AAAA,UACnC;AACA,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG,6BAA6B;AAAA,UACpC;AACA,UAAAA,SAAQ,OAAO,gBAAgB,kBAAkB;AACjD,iBAAO,IAAI,SAAS,KAAK,UAAU,YAAY,GAAG;AAAA,YAC9C,QAAQ;AAAA,YACR,SAAAA;AAAA,UACJ,CAAC;AAAA,QACL,WAAW,SAAS,WAAW,KAAK;AAChC,gBAAMA,WAAU,IAAI,QAAQ;AAC5B,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG;AAAA,UACP;AACA,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG;AAAA,UACP;AACA,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG;AAAA,UACP;AACA,iBAAO,IAAI,SAAS,MAAM;AAAA,YACtB,QAAQ;AAAA,YACR,SAAAA;AAAA,UACJ,CAAC;AAAA,QACL,OAAO;AACH,iBAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,IAAI,CAAC;AAAA,QAC7C;AAAA,MACJ;AAEA,YAAMA,WAAU,IAAI,QAAQ;AAC5B,MAAAA,SAAQ,OAAO,cAAc,GAAG,8EAA8E;AAC9G,MAAAA,SAAQ,OAAO,cAAc,GAAG,+EAA+E;AAC/G,MAAAA,SAAQ,OAAO,cAAc,GAAG,+EAA+E;AAC/G,aAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC7C;AAAA;AAEA,WAAe,iBAAiB,KAAkB;AAAA;AAtXtD;AA2XQ,YAAM,QAAO,6BAAM,2BAA0B,KAAK,wBAAwB,GAAG,IAAI;AACjF,UAAI,CAAC,MAAM;AACP,gBAAQ,MAAM,oCAAoC;AAClD,eAAO,IAAI,SAAS,oBAAoB,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC3D;AAEA,YAAM,gBAAe,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AACjE,UAAI,CAAC,cAAc;AACf,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ,OAAO,YAAY,IAAI;AAC/B,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,eAAO,IAAI,SAAS,MAAM;AAAA,UACtB,QAAQ;AAAA,UACR,SAAAA;AAAA,QACJ,CAAC;AAAA,MACL;AAEA,YAAM,eAAc,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AAChE,YAAM,kBAAkB,MAAM,sCAAsC,cAAc,WAAW;AAC7F,UAAI,gBAAgB,UAAU,cAAc;AACxC,gBAAQ,MAAM,gDAAgD;AAC9D,eAAO,IAAI,SAAS,oBAAoB,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC3D,WAAW,gBAAgB,UAAU,gBAAgB;AACjD,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ,OAAO,YAAY,IAAI;AAC/B,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,eAAO,IAAI,SAAS,MAAM;AAAA,UACtB,QAAQ;AAAA,UACR,SAAAA;AAAA,QACJ,CAAC;AAAA,MACL,OAAO;AACH,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ,OAAO,YAAY,IAAI;AAC/B,eAAO,IAAI,SAAS,MAAM;AAAA,UACtB,QAAQ;AAAA,UACR,SAAAA;AAAA,QACJ,CAAC;AAAA,MACL;AAAA,IACJ;AAAA;AAEA,WAAe,kBAAkB,KAAkB;AAAA;AAzbvD;AA0bQ,YAAM,gBAAe,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AACjE,UAAI,CAAC,cAAc;AACf,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,eAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAAA,SAAQ,CAAC;AAAA,MACtD;AAEA,YAAM,gBAAgB,iBAAiB;AACvC,YAAM,oBAAoB,qBAAqB;AAC/C,YAAM,aAAa,EAAE,eAAe,aAAa;AACjD,YAAM,MAAM,GAAG;AACf,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAC9B,QAAQ;AAAA,QACR,MAAM,KAAK,UAAU,UAAU;AAAA,QAC/B,SAAS;AAAA,UACL,gBAAgB;AAAA,UAChB,eAAe,YAAY;AAAA,QAC/B;AAAA,MACJ,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AACd,gBAAQ;AAAA,UACJ;AAAA,UACA,SAAS;AAAA,UACT,SAAS;AAAA,QACb;AAAA,MACJ;AACA,YAAMA,WAAU,IAAI,QAAQ;AAC5B,MAAAA,SAAQ,OAAO,cAAc,GAAG,8EAA8E;AAC9G,MAAAA,SAAQ,OAAO,cAAc,GAAG,+EAA+E;AAC/G,MAAAA,SAAQ,OAAO,cAAc,GAAG,+EAA+E;AAC/G,aAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAAA,SAAQ,CAAC;AAAA,IACtD;AAAA;AAEA,WAAe,oBAAoB,KAAkB;AAAA;AAvezD;AAweQ,YAAM,mBAAkB,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AACpE,YAAM,cAAc,IAAI,QAAQ,aAAa,IAAI,eAAe;AAEhE,UAAI,CAAC,iBAAiB;AAClB,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,eAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAAA,SAAQ,CAAC;AAAA,MACtD;AAEA,UAAI,CAAC,aAAa;AACd,eAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC7C;AAEA,YAAM,kBAAkB,MAAM,sCAAsC,iBAAiB,WAAW;AAChG,UAAI,gBAAgB,UAAU,cAAc;AACxC,cAAM,IAAI,MAAM,8CAA8C;AAAA,MAClE,WAAW,gBAAgB,UAAU,gBAAgB;AACjD,eAAO,IAAI,SAAS,gBAAgB,EAAE,QAAQ,IAAI,CAAC;AAAA,MACvD;AAEA,YAAM,eAAe,gBAAgB;AACrC,YAAM,cAAc,gBAAgB;AAEpC,YAAM,gBAAgB,iBAAiB;AACvC,YAAM,OAAO,GAAG;AAChB,YAAM,WAAW,MAAM,MAAM,MAAM;AAAA,QAC/B,SAAS;AAAA,UACL,gBAAgB;AAAA,UAChB,eAAe,YAAY;AAAA,QAC/B;AAAA,MACJ,CAAC;AAED,UAAI,SAAS,IAAI;AACb,cAAM,gBAAgB,MAAM,oBAAoB,WAAW;AAC3D,cAAM,OAAO,MAAM,SAAS,KAAK;AACjC,cAAM,eAAe;AAAA,UACjB,UAAU;AAAA,UACV;AAAA,UACA,oBAAoB,cAAc;AAAA,UAClC;AAAA,QACJ;AAEA,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG,4BAA4B;AAAA,QACnC;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG,6BAA6B;AAAA,QACpC;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG,6BAA6B;AAAA,QACpC;AACA,QAAAA,SAAQ,OAAO,gBAAgB,kBAAkB;AACjD,eAAO,IAAI,SAAS,KAAK,UAAU,YAAY,GAAG;AAAA,UAC9C,QAAQ;AAAA,UACR,SAAAA;AAAA,QACJ,CAAC;AAAA,MACL,WAAW,SAAS,WAAW,KAAK;AAChC,eAAO,IAAI,SAAS,MAAM;AAAA,UACtB,QAAQ;AAAA,QACZ,CAAC;AAAA,MACL,OAAO;AACH,eAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC7C;AAAA,IACJ;AAAA;AAEA,WAAS,gBAAgB,KAAkB,EAAE,OAAO,GAAiC;AACjF,QAAI,OAAO,SAAS,SAAS;AACzB,aAAO,gBAAgB,GAAG;AAAA,IAC9B,WAAW,OAAO,SAAS,UAAU;AACjC,aAAO,iBAAiB,GAAG;AAAA,IAC/B,WAAW,OAAO,SAAS,YAAY;AACnC,aAAO,mBAAmB,GAAG;AAAA,IACjC,WAAW,OAAO,SAAS,YAAY;AACnC,aAAO,mBAAmB,GAAG;AAAA,IACjC,WAAW,OAAO,SAAS,UAAU;AACjC,aAAO,iBAAiB,GAAG;AAAA,IAC/B,OAAO;AACH,aAAO,IAAI,SAAS,IAAI,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC3C;AAAA,EACJ;AAEA,WAAS,iBAAiB,KAAkB,EAAE,OAAO,GAAiC;AAClF,QAAI,OAAO,SAAS,UAAU;AAC1B,aAAO,kBAAkB,GAAG;AAAA,IAChC,WAAW,OAAO,SAAS,kBAAkB;AACzC,aAAO,oBAAoB,GAAG;AAAA,IAClC,OAAO;AACH,aAAO,IAAI,SAAS,IAAI,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC3C;AAAA,EACJ;AAEA,SAAO;AAAA,IACH;AAAA,IACA;AAAA,EACJ;AACJ;AAEA,SAAS,cAAsB;AAC3B,QAAM,cAAc,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC;AAC7D,SAAO,MAAM,KAAK,WAAW,EACxB,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AAChB;","names":["response","headers"]}
1
+ {"version":3,"sources":["../../../src/server/exceptions.ts","../../../src/server/app-router.ts","../../../src/user.ts","../../../src/server/shared.ts"],"sourcesContent":["export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import { redirect } from 'next/navigation.js'\nimport { cookies, headers } from 'next/headers.js'\nimport { NextRequest, NextResponse } from 'next/server.js'\nimport {\n ACCESS_TOKEN_COOKIE_NAME,\n CALLBACK_PATH,\n COOKIE_OPTIONS,\n CUSTOM_HEADER_FOR_ACCESS_TOKEN,\n getAuthUrlOrigin,\n getIntegrationApiKey,\n getRedirectUri,\n LOGIN_PATH,\n LOGOUT_PATH,\n REFRESH_TOKEN_COOKIE_NAME,\n refreshTokenWithAccessAndRefreshToken,\n RETURN_TO_PATH_COOKIE_NAME,\n STATE_COOKIE_NAME,\n USERINFO_PATH,\n validateAccessToken,\n validateAccessTokenOrUndefined,\n} from './shared'\nimport { UserFromToken } from './index'\n\nexport async function getUserOrRedirect(): Promise<UserFromToken> {\n const user = await getUser()\n if (user) {\n return user\n } else {\n redirect(LOGIN_PATH)\n throw new Error('Redirecting to login')\n }\n}\n\nexport async function getUser(): Promise<UserFromToken | undefined> {\n const accessToken = headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || cookies().get(ACCESS_TOKEN_COOKIE_NAME)?.value\n if (accessToken) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return user\n }\n }\n return undefined\n}\n\nexport async function getAccessToken(): Promise<string | undefined> {\n return headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || cookies().get(ACCESS_TOKEN_COOKIE_NAME)?.value\n}\n\n// Purpose of this middleware is just to keep the access token cookie alive\n// In an ideal world, this could be done in `getUser`, however, you can't\n// set a cookie in a server component.\n// There also doesn't seem to be any way right now to set a cookie in a\n// middleware and pass it forward (you can only set them on the response).\n// You CAN, however, pass in custom headers,\n// so we'll use CUSTOM_HEADER_FOR_ACCESS_TOKEN as a workaround\nexport async function authMiddleware(req: NextRequest): Promise<Response> {\n if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {\n throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`)\n } else if (\n req.nextUrl.pathname === CALLBACK_PATH ||\n req.nextUrl.pathname === LOGOUT_PATH ||\n req.nextUrl.pathname === USERINFO_PATH\n ) {\n // Don't do anything for the callback, logout, or userinfo paths, as they will modify the cookies themselves\n return NextResponse.next()\n }\n\n const accessToken = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)?.value\n const refreshToken = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)?.value\n\n // If we are authenticated, we can continue\n if (accessToken) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return NextResponse.next()\n }\n }\n\n // Otherwise, we need to refresh the access token\n if (refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken)\n if (response.error === 'unexpected') {\n throw new Error('Unexpected error while refreshing access token')\n } else if (response.error === 'unauthorized') {\n const response = NextResponse.next()\n response.cookies.delete(ACCESS_TOKEN_COOKIE_NAME)\n response.cookies.delete(REFRESH_TOKEN_COOKIE_NAME)\n return response\n } else {\n const headers = new Headers(req.headers)\n // Pass along the new access token in a header since cookies don't work\n headers.append(CUSTOM_HEADER_FOR_ACCESS_TOKEN, response.accessToken)\n const nextResponse = NextResponse.next({\n request: {\n headers,\n },\n })\n nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS)\n nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS)\n return nextResponse\n }\n }\n\n return NextResponse.next()\n}\n\nexport type RouteHandlerArgs = {\n postLoginRedirectPathFn?: (req: NextRequest) => string\n}\n\nexport function getRouteHandlers(args?: RouteHandlerArgs) {\n function loginGetHandler(req: NextRequest) {\n return signupOrLoginHandler(req, false)\n }\n\n function signupGetHandler(req: NextRequest) {\n return signupOrLoginHandler(req, true)\n }\n\n function signupOrLoginHandler(req: NextRequest, isSignup: boolean) {\n const returnToPath = req.nextUrl.searchParams.get('return_to_path')\n const state = randomState()\n const redirectUri = getRedirectUri()\n\n const authorizeUrlSearchParams = new URLSearchParams({\n redirect_uri: redirectUri,\n state,\n signup: isSignup ? 'true' : 'false',\n })\n const authorize_url = getAuthUrlOrigin() + '/propelauth/ssr/authorize?' + authorizeUrlSearchParams.toString()\n\n const headers = new Headers()\n headers.append('Location', authorize_url)\n headers.append('Set-Cookie', `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite=Lax`)\n if (returnToPath) {\n if (returnToPath.startsWith('/')) {\n headers.append(\n 'Set-Cookie',\n `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=600`\n )\n } else {\n console.warn('return_to_path must start with /')\n }\n }\n\n return new Response(null, {\n status: 302,\n headers,\n })\n }\n\n async function callbackGetHandler(req: NextRequest) {\n const oauthState = req.cookies.get(STATE_COOKIE_NAME)?.value\n if (!oauthState || oauthState.length !== 64) {\n return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } })\n }\n\n const queryParams = req.nextUrl.searchParams\n const state = queryParams.get('state')\n const code = queryParams.get('code')\n if (state !== oauthState) {\n return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } })\n }\n\n const authUrlOrigin = getAuthUrlOrigin()\n const redirectUri = getRedirectUri()\n const integrationApiKey = getIntegrationApiKey()\n const oauth_token_body = {\n redirect_uri: redirectUri,\n code,\n }\n const url = `${authUrlOrigin}/propelauth/ssr/token`\n const response = await fetch(url, {\n method: 'POST',\n body: JSON.stringify(oauth_token_body),\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + integrationApiKey,\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n\n const accessToken = data.access_token\n\n // If we have a return_to_path cookie, we'll use that\n // Otherwise, we'll use the postLoginRedirectPathFn\n const returnToPathFromCookie = req.cookies.get(RETURN_TO_PATH_COOKIE_NAME)?.value\n const returnToPath =\n returnToPathFromCookie ?? (args?.postLoginRedirectPathFn ? args.postLoginRedirectPathFn(req) : '/')\n if (!returnToPath) {\n console.error('postLoginRedirectPathFn returned undefined')\n return new Response('Unexpected error', { status: 500 })\n }\n\n const headers = new Headers()\n headers.append('Location', returnToPath)\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append(\n 'Set-Cookie',\n `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response(null, {\n status: 302,\n headers,\n })\n } else if (response.status === 401) {\n console.error(\n \"Couldn't finish the login process for this user. This is most likely caused by an incorrect PROPELAUTH_API_KEY.\"\n )\n return new Response('Unexpected error', { status: 500 })\n } else {\n return new Response('Unexpected error', { status: 500 })\n }\n }\n\n async function userinfoGetHandler(req: NextRequest) {\n const oldRefreshToken = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)?.value\n\n // For the userinfo endpoint, we want to get the most up-to-date info, so we'll refresh the access token\n if (oldRefreshToken) {\n const refreshResponse = await refreshTokenWithAccessAndRefreshToken(oldRefreshToken)\n if (refreshResponse.error === 'unexpected') {\n throw new Error('Unexpected error while refreshing access token')\n } else if (refreshResponse.error === 'unauthorized') {\n const headers = new Headers()\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response('Unauthorized', { status: 401, headers })\n }\n\n const refreshToken = refreshResponse.refreshToken\n const accessToken = refreshResponse.accessToken\n\n const authUrlOrigin = getAuthUrlOrigin()\n const path = `${authUrlOrigin}/propelauth/oauth/userinfo`\n const response = await fetch(path, {\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + accessToken,\n },\n })\n if (response.ok) {\n const userFromToken = await validateAccessToken(accessToken)\n const data = await response.json()\n const jsonResponse = {\n userinfo: data,\n accessToken,\n impersonatorUserId: userFromToken.impersonatorUserId,\n }\n\n const headers = new Headers()\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`\n )\n headers.append('Content-Type', 'application/json')\n return new Response(JSON.stringify(jsonResponse), {\n status: 200,\n headers,\n })\n } else if (response.status === 401) {\n const headers = new Headers()\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response(null, {\n status: 401,\n headers,\n })\n } else {\n return new Response(null, { status: 500 })\n }\n }\n\n const headers = new Headers()\n headers.append('Set-Cookie', `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n headers.append('Set-Cookie', `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n return new Response(null, { status: 401 })\n }\n\n async function logoutGetHandler(req: NextRequest) {\n // Real logout requests will go to the logout POST handler\n // This endpoint is a landing page for when people logout from the hosted UIs\n // Instead of doing a logout we'll check the refresh token.\n // If it's invalid, we'll clear the cookies and redirect using the postLoginRedirectPathFn\n const path = args?.postLoginRedirectPathFn ? args.postLoginRedirectPathFn(req) : '/'\n if (!path) {\n console.error('postLoginPathFn returned undefined')\n return new Response('Unexpected error', { status: 500 })\n }\n\n const refreshToken = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)?.value\n if (!refreshToken) {\n const headers = new Headers()\n headers.append('Location', path)\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response(null, {\n status: 302,\n headers,\n })\n }\n\n const refreshResponse = await refreshTokenWithAccessAndRefreshToken(refreshToken)\n if (refreshResponse.error === 'unexpected') {\n console.error('Unexpected error while refreshing access token')\n return new Response('Unexpected error', { status: 500 })\n } else if (refreshResponse.error === 'unauthorized') {\n const headers = new Headers()\n headers.append('Location', path)\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response(null, {\n status: 302,\n headers,\n })\n } else {\n const headers = new Headers()\n headers.append('Location', path)\n return new Response(null, {\n status: 302,\n headers,\n })\n }\n }\n\n async function logoutPostHandler(req: NextRequest) {\n const refreshToken = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)?.value\n if (!refreshToken) {\n const headers = new Headers()\n headers.append(\n 'Set-Cookie',\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n headers.append(\n 'Set-Cookie',\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`\n )\n return new Response(null, { status: 200, headers })\n }\n\n const authUrlOrigin = getAuthUrlOrigin()\n const integrationApiKey = getIntegrationApiKey()\n const logoutBody = { refresh_token: refreshToken }\n const url = `${authUrlOrigin}/api/backend/v1/logout`\n const response = await fetch(url, {\n method: 'POST',\n body: JSON.stringify(logoutBody),\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + integrationApiKey,\n },\n })\n\n if (!response.ok) {\n console.warn(\n 'Unable to logout, clearing cookies and continuing anyway',\n response.status,\n response.statusText\n )\n }\n const headers = new Headers()\n headers.append('Set-Cookie', `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n headers.append('Set-Cookie', `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n return new Response(null, { status: 200, headers })\n }\n\n function getRouteHandler(req: NextRequest, { params }: { params: { slug: string } }) {\n if (params.slug === 'login') {\n return loginGetHandler(req)\n } else if (params.slug === 'signup') {\n return signupGetHandler(req)\n } else if (params.slug === 'callback') {\n return callbackGetHandler(req)\n } else if (params.slug === 'userinfo') {\n return userinfoGetHandler(req)\n } else if (params.slug === 'logout') {\n return logoutGetHandler(req)\n } else {\n return new Response('', { status: 404 })\n }\n }\n\n function postRouteHandler(req: NextRequest, { params }: { params: { slug: string } }) {\n if (params.slug === 'logout') {\n return logoutPostHandler(req)\n } else {\n return new Response('', { status: 404 })\n }\n }\n\n return {\n getRouteHandler,\n postRouteHandler,\n }\n}\n\nfunction randomState(): string {\n const randomBytes = crypto.getRandomValues(new Uint8Array(32))\n return Array.from(randomBytes)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('')\n}\n","export class UserFromToken {\n public userId: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n ) {\n this.userId = userId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, \"-\")\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(\n JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])\n )\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties,\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n return this.userAssignedRole === role\n }\n\n public isAtLeastRole(role: string): boolean {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n return this.userInheritedRolesPlusCurrentRole\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n}\nexport type InternalUser = {\n user_id: string\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return new UserFromToken(\n snake_case.user_id,\n snake_case.email,\n toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),\n snake_case.first_name,\n snake_case.last_name,\n snake_case.username,\n snake_case.legacy_user_id,\n snake_case.impersonatorUserId,\n snake_case.properties,\n )\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions\n )\n }\n }\n\n return camelCase\n}\n","import {ResponseCookie} from \"next/dist/compiled/@edge-runtime/cookies\";\nimport {InternalUser, toUser, UserFromToken} from \"../user\";\nimport {ConfigurationException, UnauthorizedException} from \"./exceptions\";\nimport * as jose from \"jose\";\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: \"none\"\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: \"unauthorized\"\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: \"unexpected\"\n}\n\nexport type RefreshTokenResponse =\n RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = \"/api/auth/login\"\nexport const CALLBACK_PATH = \"/api/auth/callback\"\nexport const USERINFO_PATH = \"/api/auth/userinfo\"\nexport const LOGOUT_PATH = \"/api/auth/logout\"\nexport const ACCESS_TOKEN_COOKIE_NAME = \"__pa_at\"\nexport const REFRESH_TOKEN_COOKIE_NAME = \"__pa_rt\"\nexport const STATE_COOKIE_NAME = \"__pa_state\"\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = \"x-propelauth-access-token\"\nexport const RETURN_TO_PATH_COOKIE_NAME = \"__pa_return_to_path\"\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: \"lax\",\n secure: true,\n path: \"/\",\n}\n\nexport function getAuthUrlOrigin() {\n return getAuthUrl().origin\n}\n\nexport function getAuthUrl() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error(\"NEXT_PUBLIC_AUTH_URL is not set\")\n }\n return new URL(authUrl)\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.PROPELAUTH_REDIRECT_URI\n if (!redirectUri) {\n throw new Error(\"PROPELAUTH_REDIRECT_URI is not set\")\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error(\"PROPELAUTH_API_KEY is not set\")\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.PROPELAUTH_VERIFIER_KEY\n if (!verifierKey) {\n throw new Error(\"PROPELAUTH_VERIFIER_KEY is not set\")\n }\n return verifierKey.replace(/\\\\n/g, \"\\n\")\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(refreshToken: string): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`\n const response = await fetch(url, {\n method: \"POST\",\n body: JSON.stringify(body),\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: \"Bearer \" + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const {\n access_token: accessToken,\n expires_at_seconds: expiresAtSeconds,\n } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: \"none\",\n }\n } else if (response.status === 400 || response.status === 401) {\n return {error: \"unauthorized\"}\n } else {\n return {error: \"unexpected\"}\n }\n}\n\nexport async function validateAccessTokenOrUndefined(accessToken: string | undefined): Promise<UserFromToken | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.info(\"Error validating access token\", err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<UserFromToken> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), \"RS256\")\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException(\"Invalid verifier key\")\n }\n\n if (!accessToken) {\n throw new UnauthorizedException(\"No access token provided\")\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith(\"bearer \")) {\n accessTokenWithoutBearer = accessToken.substring(\"bearer \".length)\n }\n\n try {\n const {payload} = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: [\"RS256\"],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException(\"Unable to decode jwt\")\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACpBA,SAAS,gBAAgB;AACzB,SAAS,SAAS,eAAe;AACjC,SAAsB,oBAAoB;;;ACFnC,IAAM,gBAAN,MAAoB;AAAA,EAgBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACF;AACE,SAAK,SAAS;AACd,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAAA,EACtB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc;AAAA,QACxC,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC;AAAA,MAClD;AAAA,IACJ;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AACJ;AAMO,IAAM,gBAAN,MAAoB;AAAA,EAUvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AAEtB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AAAA,EAC3B;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,WAAO,KAAK,qBAAqB;AAAA,EACrC;AAAA,EAEO,cAAc,MAAuB;AACxC,WAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,EAC/D;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAA0C;AAC1C,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AA4BO,SAAS,OAAO,YAAyC;AAC5D,SAAO,IAAI;AAAA,IACP,WAAW;AAAA,IACX,WAAW;AAAA,IACX,uBAAuB,WAAW,yBAAyB;AAAA,IAC3D,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,EACf;AACJ;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;AC/OA,YAAY,UAAU;AAqBf,IAAM,aAAa;AACnB,IAAM,gBAAgB;AACtB,IAAM,gBAAgB;AACtB,IAAM,cAAc;AACpB,IAAM,2BAA2B;AACjC,IAAM,4BAA4B;AAClC,IAAM,oBAAoB;AAC1B,IAAM,iCAAiC;AACvC,IAAM,6BAA6B;AAEnC,IAAM,iBAA0C;AAAA,EACnD,UAAU;AAAA,EACV,UAAU;AAAA,EACV,QAAQ;AAAA,EACR,MAAM;AACV;AAEO,SAAS,mBAAmB;AAC/B,SAAO,WAAW,EAAE;AACxB;AAEO,SAAS,aAAa;AACzB,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO;AAC1B;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO;AACX;AAEO,SAAS,uBAAuB;AACnC,QAAM,oBAAoB,QAAQ,IAAI;AACtC,MAAI,CAAC,mBAAmB;AACpB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AACA,SAAO;AACX;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AAEA,SAAsB,sCAAsC,cAAqD;AAAA;AAC7G,UAAM,OAAO;AAAA,MACT,eAAe;AAAA,IACnB;AACA,UAAM,MAAM,GAAG,iBAAiB;AAChC,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAC9B,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,gBAAgB;AAAA,QAChB,eAAe,YAAY,qBAAqB;AAAA,MACpD;AAAA,IACJ,CAAC;AAED,QAAI,SAAS,IAAI;AACb,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,kBAAkB,KAAK;AAC7B,YAAM;AAAA,QACF,cAAc;AAAA,QACd,oBAAoB;AAAA,MACxB,IAAI,KAAK;AAET,aAAO;AAAA,QACH,cAAc;AAAA,QACd;AAAA,QACA,OAAO;AAAA,MACX;AAAA,IACJ,WAAW,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AAC3D,aAAO,EAAC,OAAO,eAAc;AAAA,IACjC,OAAO;AACH,aAAO,EAAC,OAAO,aAAY;AAAA,IAC/B;AAAA,EACJ;AAAA;AAEA,SAAsB,+BAA+B,aAAqE;AAAA;AACtH,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,KAAK,iCAAiC,GAAG;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAyD;AAAA;AAC/F,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAC,QAAO,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QACxE,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;;;AFvIA,SAAsB,oBAA4C;AAAA;AAC9D,UAAM,OAAO,MAAM,QAAQ;AAC3B,QAAI,MAAM;AACN,aAAO;AAAA,IACX,OAAO;AACH,eAAS,UAAU;AACnB,YAAM,IAAI,MAAM,sBAAsB;AAAA,IAC1C;AAAA,EACJ;AAAA;AAEA,SAAsB,UAA8C;AAAA;AAjCpE;AAkCI,UAAM,cAAc,QAAQ,EAAE,IAAI,8BAA8B,OAAK,aAAQ,EAAE,IAAI,wBAAwB,MAAtC,mBAAyC;AAC9G,QAAI,aAAa;AACb,YAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,UAAI,MAAM;AACN,eAAO;AAAA,MACX;AAAA,IACJ;AACA,WAAO;AAAA,EACX;AAAA;AAEA,SAAsB,iBAA8C;AAAA;AA5CpE;AA6CI,WAAO,QAAQ,EAAE,IAAI,8BAA8B,OAAK,aAAQ,EAAE,IAAI,wBAAwB,MAAtC,mBAAyC;AAAA,EACrG;AAAA;AASA,SAAsB,eAAe,KAAqC;AAAA;AAvD1E;AAwDI,QAAI,IAAI,QAAQ,IAAI,8BAA8B,GAAG;AACjD,YAAM,IAAI,MAAM,GAAG,sEAAsE;AAAA,IAC7F,WACI,IAAI,QAAQ,aAAa,iBACzB,IAAI,QAAQ,aAAa,eACzB,IAAI,QAAQ,aAAa,eAC3B;AAEE,aAAO,aAAa,KAAK;AAAA,IAC7B;AAEA,UAAM,eAAc,SAAI,QAAQ,IAAI,wBAAwB,MAAxC,mBAA2C;AAC/D,UAAM,gBAAe,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AAGjE,QAAI,aAAa;AACb,YAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,UAAI,MAAM;AACN,eAAO,aAAa,KAAK;AAAA,MAC7B;AAAA,IACJ;AAGA,QAAI,cAAc;AACd,YAAM,WAAW,MAAM,sCAAsC,YAAY;AACzE,UAAI,SAAS,UAAU,cAAc;AACjC,cAAM,IAAI,MAAM,gDAAgD;AAAA,MACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,cAAMA,YAAW,aAAa,KAAK;AACnC,QAAAA,UAAS,QAAQ,OAAO,wBAAwB;AAChD,QAAAA,UAAS,QAAQ,OAAO,yBAAyB;AACjD,eAAOA;AAAA,MACX,OAAO;AACH,cAAMC,WAAU,IAAI,QAAQ,IAAI,OAAO;AAEvC,QAAAA,SAAQ,OAAO,gCAAgC,SAAS,WAAW;AACnE,cAAM,eAAe,aAAa,KAAK;AAAA,UACnC,SAAS;AAAA,YACL,SAAAA;AAAA,UACJ;AAAA,QACJ,CAAC;AACD,qBAAa,QAAQ,IAAI,0BAA0B,SAAS,aAAa,cAAc;AACvF,qBAAa,QAAQ,IAAI,2BAA2B,SAAS,cAAc,cAAc;AACzF,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO,aAAa,KAAK;AAAA,EAC7B;AAAA;AAMO,SAAS,iBAAiB,MAAyB;AACtD,WAAS,gBAAgB,KAAkB;AACvC,WAAO,qBAAqB,KAAK,KAAK;AAAA,EAC1C;AAEA,WAAS,iBAAiB,KAAkB;AACxC,WAAO,qBAAqB,KAAK,IAAI;AAAA,EACzC;AAEA,WAAS,qBAAqB,KAAkB,UAAmB;AAC/D,UAAM,eAAe,IAAI,QAAQ,aAAa,IAAI,gBAAgB;AAClE,UAAM,QAAQ,YAAY;AAC1B,UAAM,cAAc,eAAe;AAEnC,UAAM,2BAA2B,IAAI,gBAAgB;AAAA,MACjD,cAAc;AAAA,MACd;AAAA,MACA,QAAQ,WAAW,SAAS;AAAA,IAChC,CAAC;AACD,UAAM,gBAAgB,iBAAiB,IAAI,+BAA+B,yBAAyB,SAAS;AAE5G,UAAMA,WAAU,IAAI,QAAQ;AAC5B,IAAAA,SAAQ,OAAO,YAAY,aAAa;AACxC,IAAAA,SAAQ,OAAO,cAAc,GAAG,qBAAqB,+CAA+C;AACpG,QAAI,cAAc;AACd,UAAI,aAAa,WAAW,GAAG,GAAG;AAC9B,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG,8BAA8B;AAAA,QACrC;AAAA,MACJ,OAAO;AACH,gBAAQ,KAAK,kCAAkC;AAAA,MACnD;AAAA,IACJ;AAEA,WAAO,IAAI,SAAS,MAAM;AAAA,MACtB,QAAQ;AAAA,MACR,SAAAA;AAAA,IACJ,CAAC;AAAA,EACL;AAEA,WAAe,mBAAmB,KAAkB;AAAA;AAvJxD;AAwJQ,YAAM,cAAa,SAAI,QAAQ,IAAI,iBAAiB,MAAjC,mBAAoC;AACvD,UAAI,CAAC,cAAc,WAAW,WAAW,IAAI;AACzC,eAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAS,EAAE,UAAU,WAAW,EAAE,CAAC;AAAA,MAChF;AAEA,YAAM,cAAc,IAAI,QAAQ;AAChC,YAAM,QAAQ,YAAY,IAAI,OAAO;AACrC,YAAM,OAAO,YAAY,IAAI,MAAM;AACnC,UAAI,UAAU,YAAY;AACtB,eAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAS,EAAE,UAAU,WAAW,EAAE,CAAC;AAAA,MAChF;AAEA,YAAM,gBAAgB,iBAAiB;AACvC,YAAM,cAAc,eAAe;AACnC,YAAM,oBAAoB,qBAAqB;AAC/C,YAAM,mBAAmB;AAAA,QACrB,cAAc;AAAA,QACd;AAAA,MACJ;AACA,YAAM,MAAM,GAAG;AACf,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAC9B,QAAQ;AAAA,QACR,MAAM,KAAK,UAAU,gBAAgB;AAAA,QACrC,SAAS;AAAA,UACL,gBAAgB;AAAA,UAChB,eAAe,YAAY;AAAA,QAC/B;AAAA,MACJ,CAAC;AAED,UAAI,SAAS,IAAI;AACb,cAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,cAAM,cAAc,KAAK;AAIzB,cAAM,0BAAyB,SAAI,QAAQ,IAAI,0BAA0B,MAA1C,mBAA6C;AAC5E,cAAM,eACF,2DAA2B,6BAAM,2BAA0B,KAAK,wBAAwB,GAAG,IAAI;AACnG,YAAI,CAAC,cAAc;AACf,kBAAQ,MAAM,4CAA4C;AAC1D,iBAAO,IAAI,SAAS,oBAAoB,EAAE,QAAQ,IAAI,CAAC;AAAA,QAC3D;AAEA,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ,OAAO,YAAY,YAAY;AACvC,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG,4BAA4B;AAAA,QACnC;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG,6BAA6B,KAAK;AAAA,QACzC;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,eAAO,IAAI,SAAS,MAAM;AAAA,UACtB,QAAQ;AAAA,UACR,SAAAA;AAAA,QACJ,CAAC;AAAA,MACL,WAAW,SAAS,WAAW,KAAK;AAChC,gBAAQ;AAAA,UACJ;AAAA,QACJ;AACA,eAAO,IAAI,SAAS,oBAAoB,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC3D,OAAO;AACH,eAAO,IAAI,SAAS,oBAAoB,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC3D;AAAA,IACJ;AAAA;AAEA,WAAe,mBAAmB,KAAkB;AAAA;AAhOxD;AAiOQ,YAAM,mBAAkB,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AAGpE,UAAI,iBAAiB;AACjB,cAAM,kBAAkB,MAAM,sCAAsC,eAAe;AACnF,YAAI,gBAAgB,UAAU,cAAc;AACxC,gBAAM,IAAI,MAAM,gDAAgD;AAAA,QACpE,WAAW,gBAAgB,UAAU,gBAAgB;AACjD,gBAAMA,WAAU,IAAI,QAAQ;AAC5B,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG;AAAA,UACP;AACA,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG;AAAA,UACP;AACA,iBAAO,IAAI,SAAS,gBAAgB,EAAE,QAAQ,KAAK,SAAAA,SAAQ,CAAC;AAAA,QAChE;AAEA,cAAM,eAAe,gBAAgB;AACrC,cAAM,cAAc,gBAAgB;AAEpC,cAAM,gBAAgB,iBAAiB;AACvC,cAAM,OAAO,GAAG;AAChB,cAAM,WAAW,MAAM,MAAM,MAAM;AAAA,UAC/B,SAAS;AAAA,YACL,gBAAgB;AAAA,YAChB,eAAe,YAAY;AAAA,UAC/B;AAAA,QACJ,CAAC;AACD,YAAI,SAAS,IAAI;AACb,gBAAM,gBAAgB,MAAM,oBAAoB,WAAW;AAC3D,gBAAM,OAAO,MAAM,SAAS,KAAK;AACjC,gBAAM,eAAe;AAAA,YACjB,UAAU;AAAA,YACV;AAAA,YACA,oBAAoB,cAAc;AAAA,UACtC;AAEA,gBAAMA,WAAU,IAAI,QAAQ;AAC5B,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG,4BAA4B;AAAA,UACnC;AACA,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG,6BAA6B;AAAA,UACpC;AACA,UAAAA,SAAQ,OAAO,gBAAgB,kBAAkB;AACjD,iBAAO,IAAI,SAAS,KAAK,UAAU,YAAY,GAAG;AAAA,YAC9C,QAAQ;AAAA,YACR,SAAAA;AAAA,UACJ,CAAC;AAAA,QACL,WAAW,SAAS,WAAW,KAAK;AAChC,gBAAMA,WAAU,IAAI,QAAQ;AAC5B,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG;AAAA,UACP;AACA,UAAAA,SAAQ;AAAA,YACJ;AAAA,YACA,GAAG;AAAA,UACP;AACA,iBAAO,IAAI,SAAS,MAAM;AAAA,YACtB,QAAQ;AAAA,YACR,SAAAA;AAAA,UACJ,CAAC;AAAA,QACL,OAAO;AACH,iBAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,IAAI,CAAC;AAAA,QAC7C;AAAA,MACJ;AAEA,YAAMA,WAAU,IAAI,QAAQ;AAC5B,MAAAA,SAAQ,OAAO,cAAc,GAAG,8EAA8E;AAC9G,MAAAA,SAAQ,OAAO,cAAc,GAAG,+EAA+E;AAC/G,aAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC7C;AAAA;AAEA,WAAe,iBAAiB,KAAkB;AAAA;AAhTtD;AAqTQ,YAAM,QAAO,6BAAM,2BAA0B,KAAK,wBAAwB,GAAG,IAAI;AACjF,UAAI,CAAC,MAAM;AACP,gBAAQ,MAAM,oCAAoC;AAClD,eAAO,IAAI,SAAS,oBAAoB,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC3D;AAEA,YAAM,gBAAe,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AACjE,UAAI,CAAC,cAAc;AACf,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ,OAAO,YAAY,IAAI;AAC/B,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,eAAO,IAAI,SAAS,MAAM;AAAA,UACtB,QAAQ;AAAA,UACR,SAAAA;AAAA,QACJ,CAAC;AAAA,MACL;AAEA,YAAM,kBAAkB,MAAM,sCAAsC,YAAY;AAChF,UAAI,gBAAgB,UAAU,cAAc;AACxC,gBAAQ,MAAM,gDAAgD;AAC9D,eAAO,IAAI,SAAS,oBAAoB,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC3D,WAAW,gBAAgB,UAAU,gBAAgB;AACjD,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ,OAAO,YAAY,IAAI;AAC/B,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,eAAO,IAAI,SAAS,MAAM;AAAA,UACtB,QAAQ;AAAA,UACR,SAAAA;AAAA,QACJ,CAAC;AAAA,MACL,OAAO;AACH,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ,OAAO,YAAY,IAAI;AAC/B,eAAO,IAAI,SAAS,MAAM;AAAA,UACtB,QAAQ;AAAA,UACR,SAAAA;AAAA,QACJ,CAAC;AAAA,MACL;AAAA,IACJ;AAAA;AAEA,WAAe,kBAAkB,KAAkB;AAAA;AA1WvD;AA2WQ,YAAM,gBAAe,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AACjE,UAAI,CAAC,cAAc;AACf,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,QAAAA,SAAQ;AAAA,UACJ;AAAA,UACA,GAAG;AAAA,QACP;AACA,eAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAAA,SAAQ,CAAC;AAAA,MACtD;AAEA,YAAM,gBAAgB,iBAAiB;AACvC,YAAM,oBAAoB,qBAAqB;AAC/C,YAAM,aAAa,EAAE,eAAe,aAAa;AACjD,YAAM,MAAM,GAAG;AACf,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAC9B,QAAQ;AAAA,QACR,MAAM,KAAK,UAAU,UAAU;AAAA,QAC/B,SAAS;AAAA,UACL,gBAAgB;AAAA,UAChB,eAAe,YAAY;AAAA,QAC/B;AAAA,MACJ,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AACd,gBAAQ;AAAA,UACJ;AAAA,UACA,SAAS;AAAA,UACT,SAAS;AAAA,QACb;AAAA,MACJ;AACA,YAAMA,WAAU,IAAI,QAAQ;AAC5B,MAAAA,SAAQ,OAAO,cAAc,GAAG,8EAA8E;AAC9G,MAAAA,SAAQ,OAAO,cAAc,GAAG,+EAA+E;AAC/G,aAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAAA,SAAQ,CAAC;AAAA,IACtD;AAAA;AAEA,WAAS,gBAAgB,KAAkB,EAAE,OAAO,GAAiC;AACjF,QAAI,OAAO,SAAS,SAAS;AACzB,aAAO,gBAAgB,GAAG;AAAA,IAC9B,WAAW,OAAO,SAAS,UAAU;AACjC,aAAO,iBAAiB,GAAG;AAAA,IAC/B,WAAW,OAAO,SAAS,YAAY;AACnC,aAAO,mBAAmB,GAAG;AAAA,IACjC,WAAW,OAAO,SAAS,YAAY;AACnC,aAAO,mBAAmB,GAAG;AAAA,IACjC,WAAW,OAAO,SAAS,UAAU;AACjC,aAAO,iBAAiB,GAAG;AAAA,IAC/B,OAAO;AACH,aAAO,IAAI,SAAS,IAAI,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC3C;AAAA,EACJ;AAEA,WAAS,iBAAiB,KAAkB,EAAE,OAAO,GAAiC;AAClF,QAAI,OAAO,SAAS,UAAU;AAC1B,aAAO,kBAAkB,GAAG;AAAA,IAChC,OAAO;AACH,aAAO,IAAI,SAAS,IAAI,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC3C;AAAA,EACJ;AAEA,SAAO;AAAA,IACH;AAAA,IACA;AAAA,EACJ;AACJ;AAEA,SAAS,cAAsB;AAC3B,QAAM,cAAc,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC;AAC7D,SAAO,MAAM,KAAK,WAAW,EACxB,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AAChB;","names":["response","headers"]}
package/dist/server/index.d.ts CHANGED
@@ -1,9 +1,8 @@
1
1
  import * as _propelauth_node_apis from '@propelauth/node-apis';
2
- export { AccessToken, AccessTokenCreationException, AddUserToOrgException, AddUserToOrgRequest, ApiKeyCreateException, ApiKeyDeleteException, ApiKeyFetchException, ApiKeyFull, ApiKeyNew, ApiKeyResultPage, ApiKeyUpdateException, ApiKeyUpdateRequest, ApiKeyValidateException, ApiKeyValidation, ApiKeysCreateRequest, ApiKeysQueryRequest, BadRequestException, ChangeUserRoleInOrgException, CreateAccessTokenRequest, CreateMagicLinkRequest, CreateOrgException, CreateOrgRequest, CreateUserException, CreateUserRequest, ForbiddenException, InviteUserToOrgRequest, MagicLink, MagicLinkCreationException, MigrateUserException, MigrateUserFromExternalSourceRequest, OrgApiKeyValidation, OrgQuery, OrgQueryResponse, PersonalApiKeyValidation, RemoveUserFromOrgException, RemoveUserFromOrgRequest, TokenVerificationMetadata, UnexpectedException, UpdateOrgException, UpdateOrgRequest, UpdateUserEmailException, UpdateUserEmailRequest, UpdateUserMetadataException, UpdateUserMetadataRequest, UpdateUserPasswordException, UpdateUserPasswordRequest, UserNotFoundException, UsersInOrgQuery, UsersPagedResponse, UsersQuery } from '@propelauth/node-apis';
2
+ export { AccessToken, AccessTokenCreationException, AddUserToOrgException, AddUserToOrgRequest, ApiKeyCreateException, ApiKeyDeleteException, ApiKeyFetchException, ApiKeyFull, ApiKeyNew, ApiKeyResultPage, ApiKeyUpdateException, ApiKeyUpdateRequest, ApiKeyValidateException, ApiKeyValidation, ApiKeysCreateRequest, ApiKeysQueryRequest, ChangeUserRoleInOrgException, CreateAccessTokenRequest, CreateMagicLinkRequest, CreateOrgException, CreateOrgRequest, CreateUserException, CreateUserRequest, ForbiddenException, MagicLink, MagicLinkCreationException, MigrateUserException, MigrateUserFromExternalSourceRequest, OrgApiKeyValidation, OrgQuery, OrgQueryResponse, PersonalApiKeyValidation, RemoveUserFromOrgException, RemoveUserFromOrgRequest, TokenVerificationMetadata, UnexpectedException, UpdateOrgException, UpdateOrgRequest, UpdateUserEmailException, UpdateUserEmailRequest, UpdateUserMetadataException, UpdateUserMetadataRequest, UpdateUserPasswordException, UpdateUserPasswordRequest, UserNotFoundException, UsersInOrgQuery, UsersPagedResponse, UsersQuery } from '@propelauth/node-apis';
3
3
 
4
4
  declare class UserFromToken {
5
5
  userId: string;
6
- activeOrgId?: string;
7
6
  orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo;
8
7
  email: string;
9
8
  firstName?: string;
@@ -16,15 +15,12 @@ declare class UserFromToken {
16
15
  impersonatorUserId?: string;
17
16
  constructor(userId: string, email: string, orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo, firstName?: string, lastName?: string, username?: string, legacyUserId?: string, impersonatorUserId?: string, properties?: {
18
17
  [key: string]: unknown;
19
- }, activeOrgId?: string);
20
- getActiveOrg(): OrgMemberInfo | undefined;
21
- getActiveOrgId(): string | undefined;
18
+ });
22
19
  getOrg(orgId: string): OrgMemberInfo | undefined;
23
20
  getOrgByName(orgName: string): OrgMemberInfo | undefined;
24
21
  getOrgs(): OrgMemberInfo[];
25
22
  isImpersonating(): boolean;
26
23
  static fromJSON(json: string): UserFromToken;
27
- static fromJwtPayload(payload: InternalUser): UserFromToken;
28
24
  }
29
25
  type OrgIdToOrgMemberInfo = {
30
26
  [orgId: string]: OrgMemberInfo;
@@ -51,33 +47,6 @@ declare class OrgMemberInfo {
51
47
  get inheritedRolesPlusCurrentRole(): string[];
52
48
  get permissions(): string[];
53
49
  }
54
- type InternalOrgMemberInfo = {
55
- org_id: string;
56
- org_name: string;
57
- org_metadata: {
58
- [key: string]: any;
59
- };
60
- url_safe_org_name: string;
61
- user_role: string;
62
- inherited_user_roles_plus_current_role: string[];
63
- user_permissions: string[];
64
- };
65
- type InternalUser = {
66
- user_id: string;
67
- org_member_info?: InternalOrgMemberInfo;
68
- org_id_to_org_member_info?: {
69
- [org_id: string]: InternalOrgMemberInfo;
70
- };
71
- email: string;
72
- first_name?: string;
73
- last_name?: string;
74
- username?: string;
75
- properties?: {
76
- [key: string]: unknown;
77
- };
78
- legacy_user_id?: string;
79
- impersonatorUserId?: string;
80
- };
81
50
 
82
51
  declare function validateAccessTokenOrUndefined(accessToken: string | undefined): Promise<UserFromToken | undefined>;
83
52
  declare function validateAccessToken(accessToken: string | undefined): Promise<UserFromToken>;
package/dist/server/index.js CHANGED
@@ -62,9 +62,8 @@ module.exports = __toCommonJS(server_exports);
62
62
 
63
63
  // src/user.ts
64
64
  var UserFromToken = class {
65
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId) {
65
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
66
66
  this.userId = userId;
67
- this.activeOrgId = activeOrgId;
68
67
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
69
68
  this.email = email;
70
69
  this.firstName = firstName;
@@ -74,15 +73,6 @@ var UserFromToken = class {
74
73
  this.impersonatorUserId = impersonatorUserId;
75
74
  this.properties = properties;
76
75
  }
77
- getActiveOrg() {
78
- if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
79
- return void 0;
80
- }
81
- return this.orgIdToOrgMemberInfo[this.activeOrgId];
82
- }
83
- getActiveOrgId() {
84
- return this.activeOrgId;
85
- }
86
76
  getOrg(orgId) {
87
77
  if (!this.orgIdToOrgMemberInfo) {
88
78
  return void 0;
@@ -115,7 +105,9 @@ var UserFromToken = class {
115
105
  const obj = JSON.parse(json);
116
106
  const orgIdToOrgMemberInfo = {};
117
107
  for (const orgId in obj.orgIdToOrgMemberInfo) {
118
- orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]));
108
+ orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
109
+ JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
110
+ );
119
111
  }
120
112
  return new UserFromToken(
121
113
  obj.userId,
@@ -129,29 +121,6 @@ var UserFromToken = class {
129
121
  obj.properties
130
122
  );
131
123
  }
132
- static fromJwtPayload(payload) {
133
- let activeOrgId;
134
- let orgIdToOrgMemberInfo;
135
- if (payload.org_member_info) {
136
- activeOrgId = payload.org_member_info.org_id;
137
- orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
138
- } else {
139
- activeOrgId = void 0;
140
- orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
141
- }
142
- return new UserFromToken(
143
- payload.user_id,
144
- payload.email,
145
- orgIdToOrgMemberInfo,
146
- payload.first_name,
147
- payload.last_name,
148
- payload.username,
149
- payload.legacy_user_id,
150
- payload.impersonatorUserId,
151
- payload.properties,
152
- activeOrgId
153
- );
154
- }
155
124
  };
156
125
  var OrgMemberInfo = class {
157
126
  constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -200,7 +169,17 @@ var OrgMemberInfo = class {
200
169
  }
201
170
  };
202
171
  function toUser(snake_case) {
203
- return UserFromToken.fromJwtPayload(snake_case);
172
+ return new UserFromToken(
173
+ snake_case.user_id,
174
+ snake_case.email,
175
+ toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
176
+ snake_case.first_name,
177
+ snake_case.last_name,
178
+ snake_case.username,
179
+ snake_case.legacy_user_id,
180
+ snake_case.impersonatorUserId,
181
+ snake_case.properties
182
+ );
204
183
  }
205
184
  function toOrgIdToOrgMemberInfo(snake_case) {
206
185
  if (snake_case === void 0) {
package/dist/server/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/server/index.ts","../../src/user.ts","../../src/server/exceptions.ts","../../src/server/shared.ts","../../src/server/api.ts"],"sourcesContent":["export {validateAccessToken, validateAccessTokenOrUndefined} from \"./shared\"\nexport type {OrgIdToOrgMemberInfo} from \"../user\"\nexport {UserFromToken, OrgMemberInfo} from \"../user\"\nexport {UnauthorizedException, ConfigurationException} from \"./exceptions\"\nexport {getPropelAuthApis} from \"./api\"\nexport type {\n AccessToken,\n AccessTokenCreationException,\n AddUserToOrgException,\n AddUserToOrgRequest,\n ApiKeyCreateException,\n ApiKeyDeleteException,\n ApiKeyFetchException,\n ApiKeyFull,\n ApiKeyNew,\n ApiKeyResultPage,\n ApiKeyUpdateException,\n ApiKeyUpdateRequest,\n ApiKeyValidateException,\n ApiKeyValidation,\n ApiKeysCreateRequest,\n ApiKeysQueryRequest,\n BadRequestException,\n ChangeUserRoleInOrgException,\n CreateAccessTokenRequest,\n CreateMagicLinkRequest,\n CreateOrgException,\n CreateOrgRequest,\n CreateUserException,\n CreateUserRequest,\n ForbiddenException,\n InviteUserToOrgRequest,\n MagicLink,\n MagicLinkCreationException,\n MigrateUserException,\n MigrateUserFromExternalSourceRequest,\n OrgApiKeyValidation,\n OrgQuery,\n OrgQueryResponse,\n PersonalApiKeyValidation,\n RemoveUserFromOrgException,\n RemoveUserFromOrgRequest,\n TokenVerificationMetadata,\n UnexpectedException,\n UpdateOrgException,\n UpdateOrgRequest,\n UpdateUserEmailException,\n UpdateUserEmailRequest,\n UpdateUserMetadataException,\n UpdateUserMetadataRequest,\n UpdateUserPasswordException,\n UpdateUserPasswordRequest,\n UserNotFoundException,\n UsersInOrgQuery,\n UsersPagedResponse,\n UsersQuery,\n} from \"@propelauth/node-apis\"\n","export class UserFromToken {\n public userId: string\n\n public activeOrgId?: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n activeOrgId?: string\n ) {\n this.userId = userId\n\n this.activeOrgId = activeOrgId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n }\n\n public getActiveOrg(): OrgMemberInfo | undefined {\n if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[this.activeOrgId]\n }\n\n public getActiveOrgId(): string | undefined {\n return this.activeOrgId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, '-')\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]))\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties\n )\n }\n\n public static fromJwtPayload(payload: InternalUser): UserFromToken {\n let activeOrgId: string | undefined\n let orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo | undefined\n\n if (payload.org_member_info) {\n activeOrgId = payload.org_member_info.org_id\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info })\n } else {\n activeOrgId = undefined\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info)\n }\n\n return new UserFromToken(\n payload.user_id,\n payload.email,\n orgIdToOrgMemberInfo,\n payload.first_name,\n payload.last_name,\n payload.username,\n payload.legacy_user_id,\n payload.impersonatorUserId,\n payload.properties,\n activeOrgId\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n return this.userAssignedRole === role\n }\n\n public isAtLeastRole(role: string): boolean {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n return this.userInheritedRolesPlusCurrentRole\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n}\nexport type InternalUser = {\n user_id: string\n\n org_member_info?: InternalOrgMemberInfo\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return UserFromToken.fromJwtPayload(snake_case)\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions\n )\n }\n }\n\n return camelCase\n}\n","export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import { ResponseCookie } from 'next/dist/compiled/@edge-runtime/cookies'\nimport { InternalUser, toUser, UserFromToken } from '../user'\nimport { ConfigurationException, UnauthorizedException } from './exceptions'\nimport * as jose from 'jose'\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: 'none'\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: 'unauthorized'\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: 'unexpected'\n}\n\nexport type RefreshTokenResponse =\n | RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = '/api/auth/login'\nexport const CALLBACK_PATH = '/api/auth/callback'\nexport const USERINFO_PATH = '/api/auth/userinfo'\nexport const LOGOUT_PATH = '/api/auth/logout'\nexport const ACCESS_TOKEN_COOKIE_NAME = '__pa_at'\nexport const REFRESH_TOKEN_COOKIE_NAME = '__pa_rt'\nexport const STATE_COOKIE_NAME = '__pa_state'\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = 'x-propelauth-access-token'\nexport const RETURN_TO_PATH_COOKIE_NAME = '__pa_return_to_path'\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: 'lax',\n secure: true,\n path: '/',\n}\n\nexport function getAuthUrlOrigin() {\n return getAuthUrl().origin\n}\n\nexport function getAuthUrl() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error('NEXT_PUBLIC_AUTH_URL is not set')\n }\n return new URL(authUrl)\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.PROPELAUTH_REDIRECT_URI\n if (!redirectUri) {\n throw new Error('PROPELAUTH_REDIRECT_URI is not set')\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error('PROPELAUTH_API_KEY is not set')\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.PROPELAUTH_VERIFIER_KEY\n if (!verifierKey) {\n throw new Error('PROPELAUTH_VERIFIER_KEY is not set')\n }\n return verifierKey.replace(/\\\\n/g, '\\n')\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(\n refreshToken: string,\n activeOrgId?: string\n): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n\n const queryParams = new URLSearchParams()\n if (activeOrgId) {\n queryParams.set('with_active_org_support', 'true')\n queryParams.set('active_org_id', activeOrgId)\n }\n\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`\n const response = await fetch(url, {\n method: 'POST',\n body: JSON.stringify(body),\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: 'none',\n }\n } else if (response.status === 400 || response.status === 401) {\n return { error: 'unauthorized' }\n } else {\n return { error: 'unexpected' }\n }\n}\n\nexport async function validateAccessTokenOrUndefined(\n accessToken: string | undefined\n): Promise<UserFromToken | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.info('Error validating access token', err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<UserFromToken> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), 'RS256')\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException('Invalid verifier key')\n }\n\n if (!accessToken) {\n throw new UnauthorizedException('No access token provided')\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith('bearer ')) {\n accessTokenWithoutBearer = accessToken.substring('bearer '.length)\n }\n\n try {\n const { payload } = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: ['RS256'],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException('Unable to decode jwt')\n }\n }\n}\n","import {getApis} from \"@propelauth/node-apis\";\nimport {getAuthUrl, getIntegrationApiKey} from \"./shared\";\n\nexport const getPropelAuthApis = () => {\n const authUrl = getAuthUrl()\n const integrationApiKey = getIntegrationApiKey()\n\n return getApis(authUrl, integrationApiKey)\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAO,IAAM,gBAAN,MAAoB;AAAA,EAkBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACA,aACF;AACE,SAAK,SAAS;AAEd,SAAK,cAAc;AACnB,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAAA,EACtB;AAAA,EAEO,eAA0C;AAC7C,QAAI,CAAC,KAAK,eAAe,CAAC,KAAK,sBAAsB;AACjD,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK,WAAW;AAAA,EACrD;AAAA,EAEO,iBAAqC;AACxC,WAAO,KAAK;AAAA,EAChB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc,SAAS,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC,CAAC;AAAA,IACxG;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA,EAEA,OAAc,eAAe,SAAsC;AAC/D,QAAI;AACJ,QAAI;AAEJ,QAAI,QAAQ,iBAAiB;AACzB,oBAAc,QAAQ,gBAAgB;AACtC,6BAAuB,uBAAuB,EAAE,CAAC,WAAW,GAAG,QAAQ,gBAAgB,CAAC;AAAA,IAC5F,OAAO;AACH,oBAAc;AACd,6BAAuB,uBAAuB,QAAQ,yBAAyB;AAAA,IACnF;AAEA,WAAO,IAAI;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACJ;AAAA,EACJ;AACJ;AAMO,IAAM,gBAAN,MAAoB;AAAA,EAUvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AAEtB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AAAA,EAC3B;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,WAAO,KAAK,qBAAqB;AAAA,EACrC;AAAA,EAEO,cAAc,MAAuB;AACxC,WAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,EAC/D;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAA0C;AAC1C,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AA8BO,SAAS,OAAO,YAAyC;AAC5D,SAAO,cAAc,eAAe,UAAU;AAClD;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;ACnRO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACjBA,WAAsB;AAsCf,SAAS,mBAAmB;AAC/B,SAAO,WAAW,EAAE;AACxB;AAEO,SAAS,aAAa;AACzB,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO;AAC1B;AAUO,SAAS,uBAAuB;AACnC,QAAM,oBAAoB,QAAQ,IAAI;AACtC,MAAI,CAAC,mBAAmB;AACpB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AACA,SAAO;AACX;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AA2CA,SAAsB,+BAClB,aACkC;AAAA;AAClC,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,KAAK,iCAAiC,GAAG;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAyD;AAAA;AAC/F,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAE,QAAQ,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QAC1E,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;;;ACvKA,uBAAsB;AAGf,IAAM,oBAAoB,MAAM;AACnC,QAAM,UAAU,WAAW;AAC3B,QAAM,oBAAoB,qBAAqB;AAE/C,aAAO,0BAAQ,SAAS,iBAAiB;AAC7C;","names":[]}
1
+ {"version":3,"sources":["../../src/server/index.ts","../../src/user.ts","../../src/server/exceptions.ts","../../src/server/shared.ts","../../src/server/api.ts"],"sourcesContent":["export { validateAccessToken, validateAccessTokenOrUndefined } from './shared'\nexport type { OrgIdToOrgMemberInfo } from '../user'\nexport { UserFromToken, OrgMemberInfo } from '../user'\nexport { UnauthorizedException, ConfigurationException } from './exceptions'\nexport { getPropelAuthApis } from './api'\nexport type {\n AccessToken,\n AccessTokenCreationException,\n AddUserToOrgException,\n AddUserToOrgRequest,\n ApiKeyCreateException,\n ApiKeyDeleteException,\n ApiKeyFetchException,\n ApiKeyFull,\n ApiKeyNew,\n ApiKeyResultPage,\n ApiKeyUpdateException,\n ApiKeyUpdateRequest,\n ApiKeyValidateException,\n ApiKeyValidation,\n ApiKeysCreateRequest,\n ApiKeysQueryRequest,\n ChangeUserRoleInOrgException,\n CreateAccessTokenRequest,\n CreateMagicLinkRequest,\n CreateOrgException,\n CreateOrgRequest,\n CreateUserException,\n CreateUserRequest,\n ForbiddenException,\n MagicLink,\n MagicLinkCreationException,\n MigrateUserException,\n MigrateUserFromExternalSourceRequest,\n OrgApiKeyValidation,\n OrgQuery,\n OrgQueryResponse,\n PersonalApiKeyValidation,\n RemoveUserFromOrgException,\n RemoveUserFromOrgRequest,\n TokenVerificationMetadata,\n UnexpectedException,\n UpdateOrgException,\n UpdateOrgRequest,\n UpdateUserEmailException,\n UpdateUserEmailRequest,\n UpdateUserMetadataException,\n UpdateUserMetadataRequest,\n UpdateUserPasswordException,\n UpdateUserPasswordRequest,\n UserNotFoundException,\n UsersInOrgQuery,\n UsersPagedResponse,\n UsersQuery,\n} from '@propelauth/node-apis'\n","export class UserFromToken {\n public userId: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n ) {\n this.userId = userId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, \"-\")\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(\n JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])\n )\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties,\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n return this.userAssignedRole === role\n }\n\n public isAtLeastRole(role: string): boolean {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n return this.userInheritedRolesPlusCurrentRole\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n}\nexport type InternalUser = {\n user_id: string\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return new UserFromToken(\n snake_case.user_id,\n snake_case.email,\n toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),\n snake_case.first_name,\n snake_case.last_name,\n snake_case.username,\n snake_case.legacy_user_id,\n snake_case.impersonatorUserId,\n snake_case.properties,\n )\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions\n )\n }\n }\n\n return camelCase\n}\n","export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import {ResponseCookie} from \"next/dist/compiled/@edge-runtime/cookies\";\nimport {InternalUser, toUser, UserFromToken} from \"../user\";\nimport {ConfigurationException, UnauthorizedException} from \"./exceptions\";\nimport * as jose from \"jose\";\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: \"none\"\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: \"unauthorized\"\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: \"unexpected\"\n}\n\nexport type RefreshTokenResponse =\n RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = \"/api/auth/login\"\nexport const CALLBACK_PATH = \"/api/auth/callback\"\nexport const USERINFO_PATH = \"/api/auth/userinfo\"\nexport const LOGOUT_PATH = \"/api/auth/logout\"\nexport const ACCESS_TOKEN_COOKIE_NAME = \"__pa_at\"\nexport const REFRESH_TOKEN_COOKIE_NAME = \"__pa_rt\"\nexport const STATE_COOKIE_NAME = \"__pa_state\"\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = \"x-propelauth-access-token\"\nexport const RETURN_TO_PATH_COOKIE_NAME = \"__pa_return_to_path\"\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: \"lax\",\n secure: true,\n path: \"/\",\n}\n\nexport function getAuthUrlOrigin() {\n return getAuthUrl().origin\n}\n\nexport function getAuthUrl() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error(\"NEXT_PUBLIC_AUTH_URL is not set\")\n }\n return new URL(authUrl)\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.PROPELAUTH_REDIRECT_URI\n if (!redirectUri) {\n throw new Error(\"PROPELAUTH_REDIRECT_URI is not set\")\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error(\"PROPELAUTH_API_KEY is not set\")\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.PROPELAUTH_VERIFIER_KEY\n if (!verifierKey) {\n throw new Error(\"PROPELAUTH_VERIFIER_KEY is not set\")\n }\n return verifierKey.replace(/\\\\n/g, \"\\n\")\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(refreshToken: string): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`\n const response = await fetch(url, {\n method: \"POST\",\n body: JSON.stringify(body),\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: \"Bearer \" + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const {\n access_token: accessToken,\n expires_at_seconds: expiresAtSeconds,\n } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: \"none\",\n }\n } else if (response.status === 400 || response.status === 401) {\n return {error: \"unauthorized\"}\n } else {\n return {error: \"unexpected\"}\n }\n}\n\nexport async function validateAccessTokenOrUndefined(accessToken: string | undefined): Promise<UserFromToken | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.info(\"Error validating access token\", err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<UserFromToken> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), \"RS256\")\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException(\"Invalid verifier key\")\n }\n\n if (!accessToken) {\n throw new UnauthorizedException(\"No access token provided\")\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith(\"bearer \")) {\n accessTokenWithoutBearer = accessToken.substring(\"bearer \".length)\n }\n\n try {\n const {payload} = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: [\"RS256\"],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException(\"Unable to decode jwt\")\n }\n }\n}\n","import {getApis} from \"@propelauth/node-apis\";\nimport {getAuthUrl, getIntegrationApiKey} from \"./shared\";\n\nexport const getPropelAuthApis = () => {\n const authUrl = getAuthUrl()\n const integrationApiKey = getIntegrationApiKey()\n\n return getApis(authUrl, integrationApiKey)\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAO,IAAM,gBAAN,MAAoB;AAAA,EAgBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACF;AACE,SAAK,SAAS;AACd,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAAA,EACtB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc;AAAA,QACxC,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC;AAAA,MAClD;AAAA,IACJ;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AACJ;AAMO,IAAM,gBAAN,MAAoB;AAAA,EAUvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AAEtB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AAAA,EAC3B;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,WAAO,KAAK,qBAAqB;AAAA,EACrC;AAAA,EAEO,cAAc,MAAuB;AACxC,WAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,EAC/D;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAA0C;AAC1C,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AA4BO,SAAS,OAAO,YAAyC;AAC5D,SAAO,IAAI;AAAA,IACP,WAAW;AAAA,IACX,WAAW;AAAA,IACX,uBAAuB,WAAW,yBAAyB;AAAA,IAC3D,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,EACf;AACJ;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;AClPO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACjBA,WAAsB;AAsCf,SAAS,mBAAmB;AAC/B,SAAO,WAAW,EAAE;AACxB;AAEO,SAAS,aAAa;AACzB,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO;AAC1B;AAUO,SAAS,uBAAuB;AACnC,QAAM,oBAAoB,QAAQ,IAAI;AACtC,MAAI,CAAC,mBAAmB;AACpB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AACA,SAAO;AACX;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AAoCA,SAAsB,+BAA+B,aAAqE;AAAA;AACtH,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,KAAK,iCAAiC,GAAG;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAyD;AAAA;AAC/F,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAC,QAAO,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QACxE,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;;;AC9JA,uBAAsB;AAGf,IAAM,oBAAoB,MAAM;AACnC,QAAM,UAAU,WAAW;AAC3B,QAAM,oBAAoB,qBAAqB;AAE/C,aAAO,0BAAQ,SAAS,iBAAiB;AAC7C;","names":[]}
package/dist/server/index.mjs CHANGED
@@ -21,9 +21,8 @@ var __async = (__this, __arguments, generator) => {
21
21
 
22
22
  // src/user.ts
23
23
  var UserFromToken = class {
24
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId) {
24
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
25
25
  this.userId = userId;
26
- this.activeOrgId = activeOrgId;
27
26
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
28
27
  this.email = email;
29
28
  this.firstName = firstName;
@@ -33,15 +32,6 @@ var UserFromToken = class {
33
32
  this.impersonatorUserId = impersonatorUserId;
34
33
  this.properties = properties;
35
34
  }
36
- getActiveOrg() {
37
- if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
38
- return void 0;
39
- }
40
- return this.orgIdToOrgMemberInfo[this.activeOrgId];
41
- }
42
- getActiveOrgId() {
43
- return this.activeOrgId;
44
- }
45
35
  getOrg(orgId) {
46
36
  if (!this.orgIdToOrgMemberInfo) {
47
37
  return void 0;
@@ -74,7 +64,9 @@ var UserFromToken = class {
74
64
  const obj = JSON.parse(json);
75
65
  const orgIdToOrgMemberInfo = {};
76
66
  for (const orgId in obj.orgIdToOrgMemberInfo) {
77
- orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]));
67
+ orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
68
+ JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
69
+ );
78
70
  }
79
71
  return new UserFromToken(
80
72
  obj.userId,
@@ -88,29 +80,6 @@ var UserFromToken = class {
88
80
  obj.properties
89
81
  );
90
82
  }
91
- static fromJwtPayload(payload) {
92
- let activeOrgId;
93
- let orgIdToOrgMemberInfo;
94
- if (payload.org_member_info) {
95
- activeOrgId = payload.org_member_info.org_id;
96
- orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
97
- } else {
98
- activeOrgId = void 0;
99
- orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
100
- }
101
- return new UserFromToken(
102
- payload.user_id,
103
- payload.email,
104
- orgIdToOrgMemberInfo,
105
- payload.first_name,
106
- payload.last_name,
107
- payload.username,
108
- payload.legacy_user_id,
109
- payload.impersonatorUserId,
110
- payload.properties,
111
- activeOrgId
112
- );
113
- }
114
83
  };
115
84
  var OrgMemberInfo = class {
116
85
  constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -159,7 +128,17 @@ var OrgMemberInfo = class {
159
128
  }
160
129
  };
161
130
  function toUser(snake_case) {
162
- return UserFromToken.fromJwtPayload(snake_case);
131
+ return new UserFromToken(
132
+ snake_case.user_id,
133
+ snake_case.email,
134
+ toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
135
+ snake_case.first_name,
136
+ snake_case.last_name,
137
+ snake_case.username,
138
+ snake_case.legacy_user_id,
139
+ snake_case.impersonatorUserId,
140
+ snake_case.properties
141
+ );
163
142
  }
164
143
  function toOrgIdToOrgMemberInfo(snake_case) {
165
144
  if (snake_case === void 0) {