@propelauth/nextjs 0.0.115 → 0.0.119

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/client/index.d.ts +119 -2
  2. package/dist/client/index.js +146 -12
  3. package/dist/client/index.js.map +1 -1
  4. package/dist/client/index.mjs +146 -12
  5. package/dist/client/index.mjs.map +1 -1
  6. package/dist/server/app-router/index.d.ts +113 -2
  7. package/dist/server/app-router/index.js +232 -36
  8. package/dist/server/app-router/index.js.map +1 -1
  9. package/dist/server/app-router/index.mjs +232 -36
  10. package/dist/server/app-router/index.mjs.map +1 -1
  11. package/dist/server/index.d.ts +111 -1
  12. package/dist/server/index.js +67 -16
  13. package/dist/server/index.js.map +1 -1
  14. package/dist/server/index.mjs +67 -16
  15. package/dist/server/index.mjs.map +1 -1
  16. package/dist/server/pages/index.d.ts +111 -1
  17. package/dist/server/pages/index.js +82 -24
  18. package/dist/server/pages/index.js.map +1 -1
  19. package/dist/server/pages/index.mjs +82 -24
  20. package/dist/server/pages/index.mjs.map +1 -1
  21. package/package.json +1 -1
package/dist/server/app-router/index.js CHANGED
@@ -81,10 +81,36 @@ var import_navigation = require("next/navigation.js");
81
81
  var import_headers = require("next/headers.js");
82
82
  var import_server = require("next/server.js");
83
83
 
84
+ // src/loginMethod.ts
85
+ function toLoginMethod(snake_case) {
86
+ if (!snake_case) {
87
+ return { loginMethod: "unknown" };
88
+ }
89
+ switch (snake_case.login_method) {
90
+ case "password":
91
+ return { loginMethod: "password" };
92
+ case "magic_link":
93
+ return { loginMethod: "magic_link" };
94
+ case "social_sso":
95
+ return { loginMethod: "social_sso", provider: snake_case.provider };
96
+ case "email_confirmation_link":
97
+ return { loginMethod: "email_confirmation_link" };
98
+ case "saml_sso":
99
+ return { loginMethod: "saml_sso", provider: snake_case.provider, orgId: snake_case.org_id };
100
+ case "impersonation":
101
+ return { loginMethod: "impersonation" };
102
+ case "generated_from_backend_api":
103
+ return { loginMethod: "generated_from_backend_api" };
104
+ default:
105
+ return { loginMethod: "unknown" };
106
+ }
107
+ }
108
+
84
109
  // src/user.ts
85
110
  var UserFromToken = class {
86
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
111
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
87
112
  this.userId = userId;
113
+ this.activeOrgId = activeOrgId;
88
114
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
89
115
  this.email = email;
90
116
  this.firstName = firstName;
@@ -93,6 +119,16 @@ var UserFromToken = class {
93
119
  this.legacyUserId = legacyUserId;
94
120
  this.impersonatorUserId = impersonatorUserId;
95
121
  this.properties = properties;
122
+ this.loginMethod = loginMethod;
123
+ }
124
+ getActiveOrg() {
125
+ if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
126
+ return void 0;
127
+ }
128
+ return this.orgIdToOrgMemberInfo[this.activeOrgId];
129
+ }
130
+ getActiveOrgId() {
131
+ return this.activeOrgId;
96
132
  }
97
133
  getOrg(orgId) {
98
134
  if (!this.orgIdToOrgMemberInfo) {
@@ -126,9 +162,7 @@ var UserFromToken = class {
126
162
  const obj = JSON.parse(json);
127
163
  const orgIdToOrgMemberInfo = {};
128
164
  for (const orgId in obj.orgIdToOrgMemberInfo) {
129
- orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
130
- JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
131
- );
165
+ orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]));
132
166
  }
133
167
  return new UserFromToken(
134
168
  obj.userId,
@@ -139,7 +173,34 @@ var UserFromToken = class {
139
173
  obj.username,
140
174
  obj.legacyUserId,
141
175
  obj.impersonatorUserId,
142
- obj.properties
176
+ obj.properties,
177
+ obj.activeOrgId,
178
+ obj.loginMethod
179
+ );
180
+ }
181
+ static fromJwtPayload(payload) {
182
+ let activeOrgId;
183
+ let orgIdToOrgMemberInfo;
184
+ if (payload.org_member_info) {
185
+ activeOrgId = payload.org_member_info.org_id;
186
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
187
+ } else {
188
+ activeOrgId = void 0;
189
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
190
+ }
191
+ const loginMethod = toLoginMethod(payload.login_method);
192
+ return new UserFromToken(
193
+ payload.user_id,
194
+ payload.email,
195
+ orgIdToOrgMemberInfo,
196
+ payload.first_name,
197
+ payload.last_name,
198
+ payload.username,
199
+ payload.legacy_user_id,
200
+ payload.impersonatorUserId,
201
+ payload.properties,
202
+ activeOrgId,
203
+ loginMethod
143
204
  );
144
205
  }
145
206
  };
@@ -190,17 +251,7 @@ var OrgMemberInfo = class {
190
251
  }
191
252
  };
192
253
  function toUser(snake_case) {
193
- return new UserFromToken(
194
- snake_case.user_id,
195
- snake_case.email,
196
- toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
197
- snake_case.first_name,
198
- snake_case.last_name,
199
- snake_case.username,
200
- snake_case.legacy_user_id,
201
- snake_case.impersonatorUserId,
202
- snake_case.properties
203
- );
254
+ return UserFromToken.fromJwtPayload(snake_case);
204
255
  }
205
256
  function toOrgIdToOrgMemberInfo(snake_case) {
206
257
  if (snake_case === void 0) {
@@ -272,12 +323,17 @@ function getVerifierKey() {
272
323
  }
273
324
  return verifierKey.replace(/\\n/g, "\n");
274
325
  }
275
- function refreshTokenWithAccessAndRefreshToken(refreshToken) {
326
+ function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
276
327
  return __async(this, null, function* () {
277
328
  const body = {
278
329
  refresh_token: refreshToken
279
330
  };
280
- const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
331
+ const queryParams = new URLSearchParams();
332
+ if (activeOrgId) {
333
+ queryParams.set("with_active_org_support", "true");
334
+ queryParams.set("active_org_id", activeOrgId);
335
+ }
336
+ const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
281
337
  const response = yield fetch(url, {
282
338
  method: "POST",
283
339
  body: JSON.stringify(body),
@@ -289,10 +345,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
289
345
  if (response.ok) {
290
346
  const data = yield response.json();
291
347
  const newRefreshToken = data.refresh_token;
292
- const {
293
- access_token: accessToken,
294
- expires_at_seconds: expiresAtSeconds
295
- } = data.access_token;
348
+ const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
296
349
  return {
297
350
  refreshToken: newRefreshToken,
298
351
  accessToken,
@@ -353,6 +406,9 @@ function validateAccessToken(accessToken) {
353
406
  });
354
407
  }
355
408
 
409
+ // src/shared.ts
410
+ var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
411
+
356
412
  // src/server/app-router.ts
357
413
  function getUserOrRedirect() {
358
414
  return __async(this, null, function* () {
@@ -367,8 +423,7 @@ function getUserOrRedirect() {
367
423
  }
368
424
  function getUser() {
369
425
  return __async(this, null, function* () {
370
- var _a;
371
- const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
426
+ const accessToken = getAccessToken();
372
427
  if (accessToken) {
373
428
  const user = yield validateAccessTokenOrUndefined(accessToken);
374
429
  if (user) {
@@ -379,14 +434,12 @@ function getUser() {
379
434
  });
380
435
  }
381
436
  function getAccessToken() {
382
- return __async(this, null, function* () {
383
- var _a;
384
- return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
385
- });
437
+ var _a;
438
+ return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
386
439
  }
387
440
  function authMiddleware(req) {
388
441
  return __async(this, null, function* () {
389
- var _a, _b;
442
+ var _a, _b, _c;
390
443
  if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
391
444
  throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
392
445
  } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
@@ -394,6 +447,7 @@ function authMiddleware(req) {
394
447
  }
395
448
  const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
396
449
  const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
450
+ const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
397
451
  if (accessToken) {
398
452
  const user = yield validateAccessTokenOrUndefined(accessToken);
399
453
  if (user) {
@@ -401,7 +455,7 @@ function authMiddleware(req) {
401
455
  }
402
456
  }
403
457
  if (refreshToken) {
404
- const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
458
+ const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
405
459
  if (response.error === "unexpected") {
406
460
  throw new Error("Unexpected error while refreshing access token");
407
461
  } else if (response.error === "unauthorized") {
@@ -462,7 +516,7 @@ function getRouteHandlers(args) {
462
516
  }
463
517
  function callbackGetHandler(req) {
464
518
  return __async(this, null, function* () {
465
- var _a, _b;
519
+ var _a, _b, _c;
466
520
  const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
467
521
  if (!oauthState || oauthState.length !== 64) {
468
522
  return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -498,6 +552,49 @@ function getRouteHandlers(args) {
498
552
  console.error("postLoginRedirectPathFn returned undefined");
499
553
  return new Response("Unexpected error", { status: 500 });
500
554
  }
555
+ const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
556
+ const user = yield validateAccessToken(accessToken);
557
+ const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
558
+ let activeOrgId = void 0;
559
+ if (isUserInCurrentActiveOrg) {
560
+ activeOrgId = currentActiveOrgId;
561
+ } else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
562
+ activeOrgId = args.getDefaultActiveOrgId(req, user);
563
+ }
564
+ if (activeOrgId) {
565
+ const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
566
+ if (response2.error === "unexpected") {
567
+ throw new Error("Unexpected error while setting active org");
568
+ } else if (response2.error === "unauthorized") {
569
+ console.error(
570
+ "Unauthorized error while setting active org. Your user may not have access to this org"
571
+ );
572
+ return new Response("Unauthorized", { status: 401 });
573
+ } else {
574
+ const headers3 = new Headers();
575
+ headers3.append("Location", returnToPath);
576
+ headers3.append(
577
+ "Set-Cookie",
578
+ `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
579
+ );
580
+ headers3.append(
581
+ "Set-Cookie",
582
+ `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
583
+ );
584
+ headers3.append(
585
+ "Set-Cookie",
586
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
587
+ );
588
+ headers3.append(
589
+ "Set-Cookie",
590
+ `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
591
+ );
592
+ return new Response(null, {
593
+ status: 302,
594
+ headers: headers3
595
+ });
596
+ }
597
+ }
501
598
  const headers2 = new Headers();
502
599
  headers2.append("Location", returnToPath);
503
600
  headers2.append(
@@ -508,6 +605,10 @@ function getRouteHandlers(args) {
508
605
  "Set-Cookie",
509
606
  `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
510
607
  );
608
+ headers2.append(
609
+ "Set-Cookie",
610
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
611
+ );
511
612
  headers2.append(
512
613
  "Set-Cookie",
513
614
  `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
@@ -528,10 +629,11 @@ function getRouteHandlers(args) {
528
629
  }
529
630
  function userinfoGetHandler(req) {
530
631
  return __async(this, null, function* () {
531
- var _a;
632
+ var _a, _b;
532
633
  const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
634
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
533
635
  if (oldRefreshToken) {
534
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
636
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
535
637
  if (refreshResponse.error === "unexpected") {
536
638
  throw new Error("Unexpected error while refreshing access token");
537
639
  } else if (refreshResponse.error === "unauthorized") {
@@ -544,6 +646,10 @@ function getRouteHandlers(args) {
544
646
  "Set-Cookie",
545
647
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
546
648
  );
649
+ headers3.append(
650
+ "Set-Cookie",
651
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
652
+ );
547
653
  return new Response("Unauthorized", { status: 401, headers: headers3 });
548
654
  }
549
655
  const refreshToken = refreshResponse.refreshToken;
@@ -562,7 +668,8 @@ function getRouteHandlers(args) {
562
668
  const jsonResponse = {
563
669
  userinfo: data,
564
670
  accessToken,
565
- impersonatorUserId: userFromToken.impersonatorUserId
671
+ impersonatorUserId: userFromToken.impersonatorUserId,
672
+ activeOrgId
566
673
  };
567
674
  const headers3 = new Headers();
568
675
  headers3.append(
@@ -588,6 +695,10 @@ function getRouteHandlers(args) {
588
695
  "Set-Cookie",
589
696
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
590
697
  );
698
+ headers3.append(
699
+ "Set-Cookie",
700
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
701
+ );
591
702
  return new Response(null, {
592
703
  status: 401,
593
704
  headers: headers3
@@ -599,12 +710,13 @@ function getRouteHandlers(args) {
599
710
  const headers2 = new Headers();
600
711
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
601
712
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
713
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
602
714
  return new Response(null, { status: 401 });
603
715
  });
604
716
  }
605
717
  function logoutGetHandler(req) {
606
718
  return __async(this, null, function* () {
607
- var _a;
719
+ var _a, _b;
608
720
  const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
609
721
  if (!path) {
610
722
  console.error("postLoginPathFn returned undefined");
@@ -622,12 +734,17 @@ function getRouteHandlers(args) {
622
734
  "Set-Cookie",
623
735
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
624
736
  );
737
+ headers2.append(
738
+ "Set-Cookie",
739
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
740
+ );
625
741
  return new Response(null, {
626
742
  status: 302,
627
743
  headers: headers2
628
744
  });
629
745
  }
630
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
746
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
747
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
631
748
  if (refreshResponse.error === "unexpected") {
632
749
  console.error("Unexpected error while refreshing access token");
633
750
  return new Response("Unexpected error", { status: 500 });
@@ -642,6 +759,10 @@ function getRouteHandlers(args) {
642
759
  "Set-Cookie",
643
760
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
644
761
  );
762
+ headers2.append(
763
+ "Set-Cookie",
764
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
765
+ );
645
766
  return new Response(null, {
646
767
  status: 302,
647
768
  headers: headers2
@@ -670,6 +791,10 @@ function getRouteHandlers(args) {
670
791
  "Set-Cookie",
671
792
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
672
793
  );
794
+ headers3.append(
795
+ "Set-Cookie",
796
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
797
+ );
673
798
  return new Response(null, { status: 200, headers: headers3 });
674
799
  }
675
800
  const authUrlOrigin = getAuthUrlOrigin();
@@ -694,9 +819,78 @@ function getRouteHandlers(args) {
694
819
  const headers2 = new Headers();
695
820
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
696
821
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
822
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
697
823
  return new Response(null, { status: 200, headers: headers2 });
698
824
  });
699
825
  }
826
+ function setActiveOrgHandler(req) {
827
+ return __async(this, null, function* () {
828
+ var _a;
829
+ const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
830
+ const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
831
+ if (!oldRefreshToken) {
832
+ const headers2 = new Headers();
833
+ headers2.append(
834
+ "Set-Cookie",
835
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
836
+ );
837
+ return new Response(null, { status: 401, headers: headers2 });
838
+ }
839
+ if (!activeOrgId) {
840
+ return new Response(null, { status: 400 });
841
+ }
842
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
843
+ if (refreshResponse.error === "unexpected") {
844
+ throw new Error("Unexpected error while setting active org id");
845
+ } else if (refreshResponse.error === "unauthorized") {
846
+ return new Response("Unauthorized", { status: 401 });
847
+ }
848
+ const refreshToken = refreshResponse.refreshToken;
849
+ const accessToken = refreshResponse.accessToken;
850
+ const authUrlOrigin = getAuthUrlOrigin();
851
+ const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
852
+ const response = yield fetch(path, {
853
+ headers: {
854
+ "Content-Type": "application/json",
855
+ Authorization: "Bearer " + accessToken
856
+ }
857
+ });
858
+ if (response.ok) {
859
+ const userFromToken = yield validateAccessToken(accessToken);
860
+ const data = yield response.json();
861
+ const jsonResponse = {
862
+ userinfo: data,
863
+ accessToken,
864
+ impersonatorUserId: userFromToken.impersonatorUserId,
865
+ activeOrgId
866
+ };
867
+ const headers2 = new Headers();
868
+ headers2.append(
869
+ "Set-Cookie",
870
+ `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
871
+ );
872
+ headers2.append(
873
+ "Set-Cookie",
874
+ `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
875
+ );
876
+ headers2.append(
877
+ "Set-Cookie",
878
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
879
+ );
880
+ headers2.append("Content-Type", "application/json");
881
+ return new Response(JSON.stringify(jsonResponse), {
882
+ status: 200,
883
+ headers: headers2
884
+ });
885
+ } else if (response.status === 401) {
886
+ return new Response(null, {
887
+ status: 401
888
+ });
889
+ } else {
890
+ return new Response(null, { status: 500 });
891
+ }
892
+ });
893
+ }
700
894
  function getRouteHandler(req, { params }) {
701
895
  if (params.slug === "login") {
702
896
  return loginGetHandler(req);
@@ -715,6 +909,8 @@ function getRouteHandlers(args) {
715
909
  function postRouteHandler(req, { params }) {
716
910
  if (params.slug === "logout") {
717
911
  return logoutPostHandler(req);
912
+ } else if (params.slug === "set-active-org") {
913
+ return setActiveOrgHandler(req);
718
914
  } else {
719
915
  return new Response("", { status: 404 });
720
916
  }