@propelauth/nextjs 0.0.115 → 0.0.119

Sign up to get free protection for your applications and to get access to all the features.
Files changed (21) hide show
  1. package/dist/client/index.d.ts +119 -2
  2. package/dist/client/index.js +146 -12
  3. package/dist/client/index.js.map +1 -1
  4. package/dist/client/index.mjs +146 -12
  5. package/dist/client/index.mjs.map +1 -1
  6. package/dist/server/app-router/index.d.ts +113 -2
  7. package/dist/server/app-router/index.js +232 -36
  8. package/dist/server/app-router/index.js.map +1 -1
  9. package/dist/server/app-router/index.mjs +232 -36
  10. package/dist/server/app-router/index.mjs.map +1 -1
  11. package/dist/server/index.d.ts +111 -1
  12. package/dist/server/index.js +67 -16
  13. package/dist/server/index.js.map +1 -1
  14. package/dist/server/index.mjs +67 -16
  15. package/dist/server/index.mjs.map +1 -1
  16. package/dist/server/pages/index.d.ts +111 -1
  17. package/dist/server/pages/index.js +82 -24
  18. package/dist/server/pages/index.js.map +1 -1
  19. package/dist/server/pages/index.mjs +82 -24
  20. package/dist/server/pages/index.mjs.map +1 -1
  21. package/package.json +1 -1
package/dist/server/app-router/index.js CHANGED
@@ -81,10 +81,36 @@ var import_navigation = require("next/navigation.js");
81
81
  var import_headers = require("next/headers.js");
82
82
  var import_server = require("next/server.js");
83
83
 
84
+ // src/loginMethod.ts
85
+ function toLoginMethod(snake_case) {
86
+ if (!snake_case) {
87
+ return { loginMethod: "unknown" };
88
+ }
89
+ switch (snake_case.login_method) {
90
+ case "password":
91
+ return { loginMethod: "password" };
92
+ case "magic_link":
93
+ return { loginMethod: "magic_link" };
94
+ case "social_sso":
95
+ return { loginMethod: "social_sso", provider: snake_case.provider };
96
+ case "email_confirmation_link":
97
+ return { loginMethod: "email_confirmation_link" };
98
+ case "saml_sso":
99
+ return { loginMethod: "saml_sso", provider: snake_case.provider, orgId: snake_case.org_id };
100
+ case "impersonation":
101
+ return { loginMethod: "impersonation" };
102
+ case "generated_from_backend_api":
103
+ return { loginMethod: "generated_from_backend_api" };
104
+ default:
105
+ return { loginMethod: "unknown" };
106
+ }
107
+ }
108
+
84
109
  // src/user.ts
85
110
  var UserFromToken = class {
86
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
111
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
87
112
  this.userId = userId;
113
+ this.activeOrgId = activeOrgId;
88
114
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
89
115
  this.email = email;
90
116
  this.firstName = firstName;
@@ -93,6 +119,16 @@ var UserFromToken = class {
93
119
  this.legacyUserId = legacyUserId;
94
120
  this.impersonatorUserId = impersonatorUserId;
95
121
  this.properties = properties;
122
+ this.loginMethod = loginMethod;
123
+ }
124
+ getActiveOrg() {
125
+ if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
126
+ return void 0;
127
+ }
128
+ return this.orgIdToOrgMemberInfo[this.activeOrgId];
129
+ }
130
+ getActiveOrgId() {
131
+ return this.activeOrgId;
96
132
  }
97
133
  getOrg(orgId) {
98
134
  if (!this.orgIdToOrgMemberInfo) {
@@ -126,9 +162,7 @@ var UserFromToken = class {
126
162
  const obj = JSON.parse(json);
127
163
  const orgIdToOrgMemberInfo = {};
128
164
  for (const orgId in obj.orgIdToOrgMemberInfo) {
129
- orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
130
- JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
131
- );
165
+ orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]));
132
166
  }
133
167
  return new UserFromToken(
134
168
  obj.userId,
@@ -139,7 +173,34 @@ var UserFromToken = class {
139
173
  obj.username,
140
174
  obj.legacyUserId,
141
175
  obj.impersonatorUserId,
142
- obj.properties
176
+ obj.properties,
177
+ obj.activeOrgId,
178
+ obj.loginMethod
179
+ );
180
+ }
181
+ static fromJwtPayload(payload) {
182
+ let activeOrgId;
183
+ let orgIdToOrgMemberInfo;
184
+ if (payload.org_member_info) {
185
+ activeOrgId = payload.org_member_info.org_id;
186
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
187
+ } else {
188
+ activeOrgId = void 0;
189
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
190
+ }
191
+ const loginMethod = toLoginMethod(payload.login_method);
192
+ return new UserFromToken(
193
+ payload.user_id,
194
+ payload.email,
195
+ orgIdToOrgMemberInfo,
196
+ payload.first_name,
197
+ payload.last_name,
198
+ payload.username,
199
+ payload.legacy_user_id,
200
+ payload.impersonatorUserId,
201
+ payload.properties,
202
+ activeOrgId,
203
+ loginMethod
143
204
  );
144
205
  }
145
206
  };
@@ -190,17 +251,7 @@ var OrgMemberInfo = class {
190
251
  }
191
252
  };
192
253
  function toUser(snake_case) {
193
- return new UserFromToken(
194
- snake_case.user_id,
195
- snake_case.email,
196
- toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
197
- snake_case.first_name,
198
- snake_case.last_name,
199
- snake_case.username,
200
- snake_case.legacy_user_id,
201
- snake_case.impersonatorUserId,
202
- snake_case.properties
203
- );
254
+ return UserFromToken.fromJwtPayload(snake_case);
204
255
  }
205
256
  function toOrgIdToOrgMemberInfo(snake_case) {
206
257
  if (snake_case === void 0) {
@@ -272,12 +323,17 @@ function getVerifierKey() {
272
323
  }
273
324
  return verifierKey.replace(/\\n/g, "\n");
274
325
  }
275
- function refreshTokenWithAccessAndRefreshToken(refreshToken) {
326
+ function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
276
327
  return __async(this, null, function* () {
277
328
  const body = {
278
329
  refresh_token: refreshToken
279
330
  };
280
- const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
331
+ const queryParams = new URLSearchParams();
332
+ if (activeOrgId) {
333
+ queryParams.set("with_active_org_support", "true");
334
+ queryParams.set("active_org_id", activeOrgId);
335
+ }
336
+ const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
281
337
  const response = yield fetch(url, {
282
338
  method: "POST",
283
339
  body: JSON.stringify(body),
@@ -289,10 +345,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
289
345
  if (response.ok) {
290
346
  const data = yield response.json();
291
347
  const newRefreshToken = data.refresh_token;
292
- const {
293
- access_token: accessToken,
294
- expires_at_seconds: expiresAtSeconds
295
- } = data.access_token;
348
+ const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
296
349
  return {
297
350
  refreshToken: newRefreshToken,
298
351
  accessToken,
@@ -353,6 +406,9 @@ function validateAccessToken(accessToken) {
353
406
  });
354
407
  }
355
408
 
409
+ // src/shared.ts
410
+ var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
411
+
356
412
  // src/server/app-router.ts
357
413
  function getUserOrRedirect() {
358
414
  return __async(this, null, function* () {
@@ -367,8 +423,7 @@ function getUserOrRedirect() {
367
423
  }
368
424
  function getUser() {
369
425
  return __async(this, null, function* () {
370
- var _a;
371
- const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
426
+ const accessToken = getAccessToken();
372
427
  if (accessToken) {
373
428
  const user = yield validateAccessTokenOrUndefined(accessToken);
374
429
  if (user) {
@@ -379,14 +434,12 @@ function getUser() {
379
434
  });
380
435
  }
381
436
  function getAccessToken() {
382
- return __async(this, null, function* () {
383
- var _a;
384
- return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
385
- });
437
+ var _a;
438
+ return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
386
439
  }
387
440
  function authMiddleware(req) {
388
441
  return __async(this, null, function* () {
389
- var _a, _b;
442
+ var _a, _b, _c;
390
443
  if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
391
444
  throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
392
445
  } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
@@ -394,6 +447,7 @@ function authMiddleware(req) {
394
447
  }
395
448
  const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
396
449
  const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
450
+ const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
397
451
  if (accessToken) {
398
452
  const user = yield validateAccessTokenOrUndefined(accessToken);
399
453
  if (user) {
@@ -401,7 +455,7 @@ function authMiddleware(req) {
401
455
  }
402
456
  }
403
457
  if (refreshToken) {
404
- const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
458
+ const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
405
459
  if (response.error === "unexpected") {
406
460
  throw new Error("Unexpected error while refreshing access token");
407
461
  } else if (response.error === "unauthorized") {
@@ -462,7 +516,7 @@ function getRouteHandlers(args) {
462
516
  }
463
517
  function callbackGetHandler(req) {
464
518
  return __async(this, null, function* () {
465
- var _a, _b;
519
+ var _a, _b, _c;
466
520
  const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
467
521
  if (!oauthState || oauthState.length !== 64) {
468
522
  return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -498,6 +552,49 @@ function getRouteHandlers(args) {
498
552
  console.error("postLoginRedirectPathFn returned undefined");
499
553
  return new Response("Unexpected error", { status: 500 });
500
554
  }
555
+ const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
556
+ const user = yield validateAccessToken(accessToken);
557
+ const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
558
+ let activeOrgId = void 0;
559
+ if (isUserInCurrentActiveOrg) {
560
+ activeOrgId = currentActiveOrgId;
561
+ } else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
562
+ activeOrgId = args.getDefaultActiveOrgId(req, user);
563
+ }
564
+ if (activeOrgId) {
565
+ const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
566
+ if (response2.error === "unexpected") {
567
+ throw new Error("Unexpected error while setting active org");
568
+ } else if (response2.error === "unauthorized") {
569
+ console.error(
570
+ "Unauthorized error while setting active org. Your user may not have access to this org"
571
+ );
572
+ return new Response("Unauthorized", { status: 401 });
573
+ } else {
574
+ const headers3 = new Headers();
575
+ headers3.append("Location", returnToPath);
576
+ headers3.append(
577
+ "Set-Cookie",
578
+ `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
579
+ );
580
+ headers3.append(
581
+ "Set-Cookie",
582
+ `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
583
+ );
584
+ headers3.append(
585
+ "Set-Cookie",
586
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
587
+ );
588
+ headers3.append(
589
+ "Set-Cookie",
590
+ `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
591
+ );
592
+ return new Response(null, {
593
+ status: 302,
594
+ headers: headers3
595
+ });
596
+ }
597
+ }
501
598
  const headers2 = new Headers();
502
599
  headers2.append("Location", returnToPath);
503
600
  headers2.append(
@@ -508,6 +605,10 @@ function getRouteHandlers(args) {
508
605
  "Set-Cookie",
509
606
  `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
510
607
  );
608
+ headers2.append(
609
+ "Set-Cookie",
610
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
611
+ );
511
612
  headers2.append(
512
613
  "Set-Cookie",
513
614
  `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
@@ -528,10 +629,11 @@ function getRouteHandlers(args) {
528
629
  }
529
630
  function userinfoGetHandler(req) {
530
631
  return __async(this, null, function* () {
531
- var _a;
632
+ var _a, _b;
532
633
  const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
634
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
533
635
  if (oldRefreshToken) {
534
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
636
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
535
637
  if (refreshResponse.error === "unexpected") {
536
638
  throw new Error("Unexpected error while refreshing access token");
537
639
  } else if (refreshResponse.error === "unauthorized") {
@@ -544,6 +646,10 @@ function getRouteHandlers(args) {
544
646
  "Set-Cookie",
545
647
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
546
648
  );
649
+ headers3.append(
650
+ "Set-Cookie",
651
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
652
+ );
547
653
  return new Response("Unauthorized", { status: 401, headers: headers3 });
548
654
  }
549
655
  const refreshToken = refreshResponse.refreshToken;
@@ -562,7 +668,8 @@ function getRouteHandlers(args) {
562
668
  const jsonResponse = {
563
669
  userinfo: data,
564
670
  accessToken,
565
- impersonatorUserId: userFromToken.impersonatorUserId
671
+ impersonatorUserId: userFromToken.impersonatorUserId,
672
+ activeOrgId
566
673
  };
567
674
  const headers3 = new Headers();
568
675
  headers3.append(
@@ -588,6 +695,10 @@ function getRouteHandlers(args) {
588
695
  "Set-Cookie",
589
696
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
590
697
  );
698
+ headers3.append(
699
+ "Set-Cookie",
700
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
701
+ );
591
702
  return new Response(null, {
592
703
  status: 401,
593
704
  headers: headers3
@@ -599,12 +710,13 @@ function getRouteHandlers(args) {
599
710
  const headers2 = new Headers();
600
711
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
601
712
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
713
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
602
714
  return new Response(null, { status: 401 });
603
715
  });
604
716
  }
605
717
  function logoutGetHandler(req) {
606
718
  return __async(this, null, function* () {
607
- var _a;
719
+ var _a, _b;
608
720
  const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
609
721
  if (!path) {
610
722
  console.error("postLoginPathFn returned undefined");
@@ -622,12 +734,17 @@ function getRouteHandlers(args) {
622
734
  "Set-Cookie",
623
735
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
624
736
  );
737
+ headers2.append(
738
+ "Set-Cookie",
739
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
740
+ );
625
741
  return new Response(null, {
626
742
  status: 302,
627
743
  headers: headers2
628
744
  });
629
745
  }
630
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
746
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
747
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
631
748
  if (refreshResponse.error === "unexpected") {
632
749
  console.error("Unexpected error while refreshing access token");
633
750
  return new Response("Unexpected error", { status: 500 });
@@ -642,6 +759,10 @@ function getRouteHandlers(args) {
642
759
  "Set-Cookie",
643
760
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
644
761
  );
762
+ headers2.append(
763
+ "Set-Cookie",
764
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
765
+ );
645
766
  return new Response(null, {
646
767
  status: 302,
647
768
  headers: headers2
@@ -670,6 +791,10 @@ function getRouteHandlers(args) {
670
791
  "Set-Cookie",
671
792
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
672
793
  );
794
+ headers3.append(
795
+ "Set-Cookie",
796
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
797
+ );
673
798
  return new Response(null, { status: 200, headers: headers3 });
674
799
  }
675
800
  const authUrlOrigin = getAuthUrlOrigin();
@@ -694,9 +819,78 @@ function getRouteHandlers(args) {
694
819
  const headers2 = new Headers();
695
820
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
696
821
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
822
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
697
823
  return new Response(null, { status: 200, headers: headers2 });
698
824
  });
699
825
  }
826
+ function setActiveOrgHandler(req) {
827
+ return __async(this, null, function* () {
828
+ var _a;
829
+ const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
830
+ const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
831
+ if (!oldRefreshToken) {
832
+ const headers2 = new Headers();
833
+ headers2.append(
834
+ "Set-Cookie",
835
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
836
+ );
837
+ return new Response(null, { status: 401, headers: headers2 });
838
+ }
839
+ if (!activeOrgId) {
840
+ return new Response(null, { status: 400 });
841
+ }
842
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
843
+ if (refreshResponse.error === "unexpected") {
844
+ throw new Error("Unexpected error while setting active org id");
845
+ } else if (refreshResponse.error === "unauthorized") {
846
+ return new Response("Unauthorized", { status: 401 });
847
+ }
848
+ const refreshToken = refreshResponse.refreshToken;
849
+ const accessToken = refreshResponse.accessToken;
850
+ const authUrlOrigin = getAuthUrlOrigin();
851
+ const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
852
+ const response = yield fetch(path, {
853
+ headers: {
854
+ "Content-Type": "application/json",
855
+ Authorization: "Bearer " + accessToken
856
+ }
857
+ });
858
+ if (response.ok) {
859
+ const userFromToken = yield validateAccessToken(accessToken);
860
+ const data = yield response.json();
861
+ const jsonResponse = {
862
+ userinfo: data,
863
+ accessToken,
864
+ impersonatorUserId: userFromToken.impersonatorUserId,
865
+ activeOrgId
866
+ };
867
+ const headers2 = new Headers();
868
+ headers2.append(
869
+ "Set-Cookie",
870
+ `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
871
+ );
872
+ headers2.append(
873
+ "Set-Cookie",
874
+ `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
875
+ );
876
+ headers2.append(
877
+ "Set-Cookie",
878
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
879
+ );
880
+ headers2.append("Content-Type", "application/json");
881
+ return new Response(JSON.stringify(jsonResponse), {
882
+ status: 200,
883
+ headers: headers2
884
+ });
885
+ } else if (response.status === 401) {
886
+ return new Response(null, {
887
+ status: 401
888
+ });
889
+ } else {
890
+ return new Response(null, { status: 500 });
891
+ }
892
+ });
893
+ }
700
894
  function getRouteHandler(req, { params }) {
701
895
  if (params.slug === "login") {
702
896
  return loginGetHandler(req);
@@ -715,6 +909,8 @@ function getRouteHandlers(args) {
715
909
  function postRouteHandler(req, { params }) {
716
910
  if (params.slug === "logout") {
717
911
  return logoutPostHandler(req);
912
+ } else if (params.slug === "set-active-org") {
913
+ return setActiveOrgHandler(req);
718
914
  } else {
719
915
  return new Response("", { status: 404 });
720
916
  }