@propelauth/nextjs 0.0.115 → 0.0.119
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client/index.d.ts +119 -2
- package/dist/client/index.js +146 -12
- package/dist/client/index.js.map +1 -1
- package/dist/client/index.mjs +146 -12
- package/dist/client/index.mjs.map +1 -1
- package/dist/server/app-router/index.d.ts +113 -2
- package/dist/server/app-router/index.js +232 -36
- package/dist/server/app-router/index.js.map +1 -1
- package/dist/server/app-router/index.mjs +232 -36
- package/dist/server/app-router/index.mjs.map +1 -1
- package/dist/server/index.d.ts +111 -1
- package/dist/server/index.js +67 -16
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs +67 -16
- package/dist/server/index.mjs.map +1 -1
- package/dist/server/pages/index.d.ts +111 -1
- package/dist/server/pages/index.js +82 -24
- package/dist/server/pages/index.js.map +1 -1
- package/dist/server/pages/index.mjs +82 -24
- package/dist/server/pages/index.mjs.map +1 -1
- package/package.json +1 -1
@@ -81,10 +81,36 @@ var import_navigation = require("next/navigation.js");
|
|
81
81
|
var import_headers = require("next/headers.js");
|
82
82
|
var import_server = require("next/server.js");
|
83
83
|
|
84
|
+
// src/loginMethod.ts
|
85
|
+
function toLoginMethod(snake_case) {
|
86
|
+
if (!snake_case) {
|
87
|
+
return { loginMethod: "unknown" };
|
88
|
+
}
|
89
|
+
switch (snake_case.login_method) {
|
90
|
+
case "password":
|
91
|
+
return { loginMethod: "password" };
|
92
|
+
case "magic_link":
|
93
|
+
return { loginMethod: "magic_link" };
|
94
|
+
case "social_sso":
|
95
|
+
return { loginMethod: "social_sso", provider: snake_case.provider };
|
96
|
+
case "email_confirmation_link":
|
97
|
+
return { loginMethod: "email_confirmation_link" };
|
98
|
+
case "saml_sso":
|
99
|
+
return { loginMethod: "saml_sso", provider: snake_case.provider, orgId: snake_case.org_id };
|
100
|
+
case "impersonation":
|
101
|
+
return { loginMethod: "impersonation" };
|
102
|
+
case "generated_from_backend_api":
|
103
|
+
return { loginMethod: "generated_from_backend_api" };
|
104
|
+
default:
|
105
|
+
return { loginMethod: "unknown" };
|
106
|
+
}
|
107
|
+
}
|
108
|
+
|
84
109
|
// src/user.ts
|
85
110
|
var UserFromToken = class {
|
86
|
-
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
|
111
|
+
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
|
87
112
|
this.userId = userId;
|
113
|
+
this.activeOrgId = activeOrgId;
|
88
114
|
this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
|
89
115
|
this.email = email;
|
90
116
|
this.firstName = firstName;
|
@@ -93,6 +119,16 @@ var UserFromToken = class {
|
|
93
119
|
this.legacyUserId = legacyUserId;
|
94
120
|
this.impersonatorUserId = impersonatorUserId;
|
95
121
|
this.properties = properties;
|
122
|
+
this.loginMethod = loginMethod;
|
123
|
+
}
|
124
|
+
getActiveOrg() {
|
125
|
+
if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
|
126
|
+
return void 0;
|
127
|
+
}
|
128
|
+
return this.orgIdToOrgMemberInfo[this.activeOrgId];
|
129
|
+
}
|
130
|
+
getActiveOrgId() {
|
131
|
+
return this.activeOrgId;
|
96
132
|
}
|
97
133
|
getOrg(orgId) {
|
98
134
|
if (!this.orgIdToOrgMemberInfo) {
|
@@ -126,9 +162,7 @@ var UserFromToken = class {
|
|
126
162
|
const obj = JSON.parse(json);
|
127
163
|
const orgIdToOrgMemberInfo = {};
|
128
164
|
for (const orgId in obj.orgIdToOrgMemberInfo) {
|
129
|
-
orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
|
130
|
-
JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
|
131
|
-
);
|
165
|
+
orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]));
|
132
166
|
}
|
133
167
|
return new UserFromToken(
|
134
168
|
obj.userId,
|
@@ -139,7 +173,34 @@ var UserFromToken = class {
|
|
139
173
|
obj.username,
|
140
174
|
obj.legacyUserId,
|
141
175
|
obj.impersonatorUserId,
|
142
|
-
obj.properties
|
176
|
+
obj.properties,
|
177
|
+
obj.activeOrgId,
|
178
|
+
obj.loginMethod
|
179
|
+
);
|
180
|
+
}
|
181
|
+
static fromJwtPayload(payload) {
|
182
|
+
let activeOrgId;
|
183
|
+
let orgIdToOrgMemberInfo;
|
184
|
+
if (payload.org_member_info) {
|
185
|
+
activeOrgId = payload.org_member_info.org_id;
|
186
|
+
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
|
187
|
+
} else {
|
188
|
+
activeOrgId = void 0;
|
189
|
+
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
|
190
|
+
}
|
191
|
+
const loginMethod = toLoginMethod(payload.login_method);
|
192
|
+
return new UserFromToken(
|
193
|
+
payload.user_id,
|
194
|
+
payload.email,
|
195
|
+
orgIdToOrgMemberInfo,
|
196
|
+
payload.first_name,
|
197
|
+
payload.last_name,
|
198
|
+
payload.username,
|
199
|
+
payload.legacy_user_id,
|
200
|
+
payload.impersonatorUserId,
|
201
|
+
payload.properties,
|
202
|
+
activeOrgId,
|
203
|
+
loginMethod
|
143
204
|
);
|
144
205
|
}
|
145
206
|
};
|
@@ -190,17 +251,7 @@ var OrgMemberInfo = class {
|
|
190
251
|
}
|
191
252
|
};
|
192
253
|
function toUser(snake_case) {
|
193
|
-
return
|
194
|
-
snake_case.user_id,
|
195
|
-
snake_case.email,
|
196
|
-
toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
|
197
|
-
snake_case.first_name,
|
198
|
-
snake_case.last_name,
|
199
|
-
snake_case.username,
|
200
|
-
snake_case.legacy_user_id,
|
201
|
-
snake_case.impersonatorUserId,
|
202
|
-
snake_case.properties
|
203
|
-
);
|
254
|
+
return UserFromToken.fromJwtPayload(snake_case);
|
204
255
|
}
|
205
256
|
function toOrgIdToOrgMemberInfo(snake_case) {
|
206
257
|
if (snake_case === void 0) {
|
@@ -272,12 +323,17 @@ function getVerifierKey() {
|
|
272
323
|
}
|
273
324
|
return verifierKey.replace(/\\n/g, "\n");
|
274
325
|
}
|
275
|
-
function refreshTokenWithAccessAndRefreshToken(refreshToken) {
|
326
|
+
function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
|
276
327
|
return __async(this, null, function* () {
|
277
328
|
const body = {
|
278
329
|
refresh_token: refreshToken
|
279
330
|
};
|
280
|
-
const
|
331
|
+
const queryParams = new URLSearchParams();
|
332
|
+
if (activeOrgId) {
|
333
|
+
queryParams.set("with_active_org_support", "true");
|
334
|
+
queryParams.set("active_org_id", activeOrgId);
|
335
|
+
}
|
336
|
+
const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
|
281
337
|
const response = yield fetch(url, {
|
282
338
|
method: "POST",
|
283
339
|
body: JSON.stringify(body),
|
@@ -289,10 +345,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
|
|
289
345
|
if (response.ok) {
|
290
346
|
const data = yield response.json();
|
291
347
|
const newRefreshToken = data.refresh_token;
|
292
|
-
const {
|
293
|
-
access_token: accessToken,
|
294
|
-
expires_at_seconds: expiresAtSeconds
|
295
|
-
} = data.access_token;
|
348
|
+
const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
|
296
349
|
return {
|
297
350
|
refreshToken: newRefreshToken,
|
298
351
|
accessToken,
|
@@ -353,6 +406,9 @@ function validateAccessToken(accessToken) {
|
|
353
406
|
});
|
354
407
|
}
|
355
408
|
|
409
|
+
// src/shared.ts
|
410
|
+
var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
|
411
|
+
|
356
412
|
// src/server/app-router.ts
|
357
413
|
function getUserOrRedirect() {
|
358
414
|
return __async(this, null, function* () {
|
@@ -367,8 +423,7 @@ function getUserOrRedirect() {
|
|
367
423
|
}
|
368
424
|
function getUser() {
|
369
425
|
return __async(this, null, function* () {
|
370
|
-
|
371
|
-
const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
426
|
+
const accessToken = getAccessToken();
|
372
427
|
if (accessToken) {
|
373
428
|
const user = yield validateAccessTokenOrUndefined(accessToken);
|
374
429
|
if (user) {
|
@@ -379,14 +434,12 @@ function getUser() {
|
|
379
434
|
});
|
380
435
|
}
|
381
436
|
function getAccessToken() {
|
382
|
-
|
383
|
-
|
384
|
-
return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
385
|
-
});
|
437
|
+
var _a;
|
438
|
+
return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
386
439
|
}
|
387
440
|
function authMiddleware(req) {
|
388
441
|
return __async(this, null, function* () {
|
389
|
-
var _a, _b;
|
442
|
+
var _a, _b, _c;
|
390
443
|
if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
|
391
444
|
throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
|
392
445
|
} else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
|
@@ -394,6 +447,7 @@ function authMiddleware(req) {
|
|
394
447
|
}
|
395
448
|
const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
396
449
|
const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
|
450
|
+
const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
|
397
451
|
if (accessToken) {
|
398
452
|
const user = yield validateAccessTokenOrUndefined(accessToken);
|
399
453
|
if (user) {
|
@@ -401,7 +455,7 @@ function authMiddleware(req) {
|
|
401
455
|
}
|
402
456
|
}
|
403
457
|
if (refreshToken) {
|
404
|
-
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
|
458
|
+
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
|
405
459
|
if (response.error === "unexpected") {
|
406
460
|
throw new Error("Unexpected error while refreshing access token");
|
407
461
|
} else if (response.error === "unauthorized") {
|
@@ -462,7 +516,7 @@ function getRouteHandlers(args) {
|
|
462
516
|
}
|
463
517
|
function callbackGetHandler(req) {
|
464
518
|
return __async(this, null, function* () {
|
465
|
-
var _a, _b;
|
519
|
+
var _a, _b, _c;
|
466
520
|
const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
|
467
521
|
if (!oauthState || oauthState.length !== 64) {
|
468
522
|
return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
|
@@ -498,6 +552,49 @@ function getRouteHandlers(args) {
|
|
498
552
|
console.error("postLoginRedirectPathFn returned undefined");
|
499
553
|
return new Response("Unexpected error", { status: 500 });
|
500
554
|
}
|
555
|
+
const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
|
556
|
+
const user = yield validateAccessToken(accessToken);
|
557
|
+
const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
|
558
|
+
let activeOrgId = void 0;
|
559
|
+
if (isUserInCurrentActiveOrg) {
|
560
|
+
activeOrgId = currentActiveOrgId;
|
561
|
+
} else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
|
562
|
+
activeOrgId = args.getDefaultActiveOrgId(req, user);
|
563
|
+
}
|
564
|
+
if (activeOrgId) {
|
565
|
+
const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
|
566
|
+
if (response2.error === "unexpected") {
|
567
|
+
throw new Error("Unexpected error while setting active org");
|
568
|
+
} else if (response2.error === "unauthorized") {
|
569
|
+
console.error(
|
570
|
+
"Unauthorized error while setting active org. Your user may not have access to this org"
|
571
|
+
);
|
572
|
+
return new Response("Unauthorized", { status: 401 });
|
573
|
+
} else {
|
574
|
+
const headers3 = new Headers();
|
575
|
+
headers3.append("Location", returnToPath);
|
576
|
+
headers3.append(
|
577
|
+
"Set-Cookie",
|
578
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
579
|
+
);
|
580
|
+
headers3.append(
|
581
|
+
"Set-Cookie",
|
582
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
583
|
+
);
|
584
|
+
headers3.append(
|
585
|
+
"Set-Cookie",
|
586
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
587
|
+
);
|
588
|
+
headers3.append(
|
589
|
+
"Set-Cookie",
|
590
|
+
`${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
591
|
+
);
|
592
|
+
return new Response(null, {
|
593
|
+
status: 302,
|
594
|
+
headers: headers3
|
595
|
+
});
|
596
|
+
}
|
597
|
+
}
|
501
598
|
const headers2 = new Headers();
|
502
599
|
headers2.append("Location", returnToPath);
|
503
600
|
headers2.append(
|
@@ -508,6 +605,10 @@ function getRouteHandlers(args) {
|
|
508
605
|
"Set-Cookie",
|
509
606
|
`${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
510
607
|
);
|
608
|
+
headers2.append(
|
609
|
+
"Set-Cookie",
|
610
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
611
|
+
);
|
511
612
|
headers2.append(
|
512
613
|
"Set-Cookie",
|
513
614
|
`${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
@@ -528,10 +629,11 @@ function getRouteHandlers(args) {
|
|
528
629
|
}
|
529
630
|
function userinfoGetHandler(req) {
|
530
631
|
return __async(this, null, function* () {
|
531
|
-
var _a;
|
632
|
+
var _a, _b;
|
532
633
|
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
634
|
+
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
|
533
635
|
if (oldRefreshToken) {
|
534
|
-
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
|
636
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
|
535
637
|
if (refreshResponse.error === "unexpected") {
|
536
638
|
throw new Error("Unexpected error while refreshing access token");
|
537
639
|
} else if (refreshResponse.error === "unauthorized") {
|
@@ -544,6 +646,10 @@ function getRouteHandlers(args) {
|
|
544
646
|
"Set-Cookie",
|
545
647
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
546
648
|
);
|
649
|
+
headers3.append(
|
650
|
+
"Set-Cookie",
|
651
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
652
|
+
);
|
547
653
|
return new Response("Unauthorized", { status: 401, headers: headers3 });
|
548
654
|
}
|
549
655
|
const refreshToken = refreshResponse.refreshToken;
|
@@ -562,7 +668,8 @@ function getRouteHandlers(args) {
|
|
562
668
|
const jsonResponse = {
|
563
669
|
userinfo: data,
|
564
670
|
accessToken,
|
565
|
-
impersonatorUserId: userFromToken.impersonatorUserId
|
671
|
+
impersonatorUserId: userFromToken.impersonatorUserId,
|
672
|
+
activeOrgId
|
566
673
|
};
|
567
674
|
const headers3 = new Headers();
|
568
675
|
headers3.append(
|
@@ -588,6 +695,10 @@ function getRouteHandlers(args) {
|
|
588
695
|
"Set-Cookie",
|
589
696
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
590
697
|
);
|
698
|
+
headers3.append(
|
699
|
+
"Set-Cookie",
|
700
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
701
|
+
);
|
591
702
|
return new Response(null, {
|
592
703
|
status: 401,
|
593
704
|
headers: headers3
|
@@ -599,12 +710,13 @@ function getRouteHandlers(args) {
|
|
599
710
|
const headers2 = new Headers();
|
600
711
|
headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
601
712
|
headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
713
|
+
headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
602
714
|
return new Response(null, { status: 401 });
|
603
715
|
});
|
604
716
|
}
|
605
717
|
function logoutGetHandler(req) {
|
606
718
|
return __async(this, null, function* () {
|
607
|
-
var _a;
|
719
|
+
var _a, _b;
|
608
720
|
const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
|
609
721
|
if (!path) {
|
610
722
|
console.error("postLoginPathFn returned undefined");
|
@@ -622,12 +734,17 @@ function getRouteHandlers(args) {
|
|
622
734
|
"Set-Cookie",
|
623
735
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
624
736
|
);
|
737
|
+
headers2.append(
|
738
|
+
"Set-Cookie",
|
739
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
740
|
+
);
|
625
741
|
return new Response(null, {
|
626
742
|
status: 302,
|
627
743
|
headers: headers2
|
628
744
|
});
|
629
745
|
}
|
630
|
-
const
|
746
|
+
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
|
747
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
|
631
748
|
if (refreshResponse.error === "unexpected") {
|
632
749
|
console.error("Unexpected error while refreshing access token");
|
633
750
|
return new Response("Unexpected error", { status: 500 });
|
@@ -642,6 +759,10 @@ function getRouteHandlers(args) {
|
|
642
759
|
"Set-Cookie",
|
643
760
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
644
761
|
);
|
762
|
+
headers2.append(
|
763
|
+
"Set-Cookie",
|
764
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
765
|
+
);
|
645
766
|
return new Response(null, {
|
646
767
|
status: 302,
|
647
768
|
headers: headers2
|
@@ -670,6 +791,10 @@ function getRouteHandlers(args) {
|
|
670
791
|
"Set-Cookie",
|
671
792
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
672
793
|
);
|
794
|
+
headers3.append(
|
795
|
+
"Set-Cookie",
|
796
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
797
|
+
);
|
673
798
|
return new Response(null, { status: 200, headers: headers3 });
|
674
799
|
}
|
675
800
|
const authUrlOrigin = getAuthUrlOrigin();
|
@@ -694,9 +819,78 @@ function getRouteHandlers(args) {
|
|
694
819
|
const headers2 = new Headers();
|
695
820
|
headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
696
821
|
headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
822
|
+
headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
697
823
|
return new Response(null, { status: 200, headers: headers2 });
|
698
824
|
});
|
699
825
|
}
|
826
|
+
function setActiveOrgHandler(req) {
|
827
|
+
return __async(this, null, function* () {
|
828
|
+
var _a;
|
829
|
+
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
830
|
+
const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
|
831
|
+
if (!oldRefreshToken) {
|
832
|
+
const headers2 = new Headers();
|
833
|
+
headers2.append(
|
834
|
+
"Set-Cookie",
|
835
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
836
|
+
);
|
837
|
+
return new Response(null, { status: 401, headers: headers2 });
|
838
|
+
}
|
839
|
+
if (!activeOrgId) {
|
840
|
+
return new Response(null, { status: 400 });
|
841
|
+
}
|
842
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
|
843
|
+
if (refreshResponse.error === "unexpected") {
|
844
|
+
throw new Error("Unexpected error while setting active org id");
|
845
|
+
} else if (refreshResponse.error === "unauthorized") {
|
846
|
+
return new Response("Unauthorized", { status: 401 });
|
847
|
+
}
|
848
|
+
const refreshToken = refreshResponse.refreshToken;
|
849
|
+
const accessToken = refreshResponse.accessToken;
|
850
|
+
const authUrlOrigin = getAuthUrlOrigin();
|
851
|
+
const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
|
852
|
+
const response = yield fetch(path, {
|
853
|
+
headers: {
|
854
|
+
"Content-Type": "application/json",
|
855
|
+
Authorization: "Bearer " + accessToken
|
856
|
+
}
|
857
|
+
});
|
858
|
+
if (response.ok) {
|
859
|
+
const userFromToken = yield validateAccessToken(accessToken);
|
860
|
+
const data = yield response.json();
|
861
|
+
const jsonResponse = {
|
862
|
+
userinfo: data,
|
863
|
+
accessToken,
|
864
|
+
impersonatorUserId: userFromToken.impersonatorUserId,
|
865
|
+
activeOrgId
|
866
|
+
};
|
867
|
+
const headers2 = new Headers();
|
868
|
+
headers2.append(
|
869
|
+
"Set-Cookie",
|
870
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
871
|
+
);
|
872
|
+
headers2.append(
|
873
|
+
"Set-Cookie",
|
874
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
875
|
+
);
|
876
|
+
headers2.append(
|
877
|
+
"Set-Cookie",
|
878
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
879
|
+
);
|
880
|
+
headers2.append("Content-Type", "application/json");
|
881
|
+
return new Response(JSON.stringify(jsonResponse), {
|
882
|
+
status: 200,
|
883
|
+
headers: headers2
|
884
|
+
});
|
885
|
+
} else if (response.status === 401) {
|
886
|
+
return new Response(null, {
|
887
|
+
status: 401
|
888
|
+
});
|
889
|
+
} else {
|
890
|
+
return new Response(null, { status: 500 });
|
891
|
+
}
|
892
|
+
});
|
893
|
+
}
|
700
894
|
function getRouteHandler(req, { params }) {
|
701
895
|
if (params.slug === "login") {
|
702
896
|
return loginGetHandler(req);
|
@@ -715,6 +909,8 @@ function getRouteHandlers(args) {
|
|
715
909
|
function postRouteHandler(req, { params }) {
|
716
910
|
if (params.slug === "logout") {
|
717
911
|
return logoutPostHandler(req);
|
912
|
+
} else if (params.slug === "set-active-org") {
|
913
|
+
return setActiveOrgHandler(req);
|
718
914
|
} else {
|
719
915
|
return new Response("", { status: 404 });
|
720
916
|
}
|