@propelauth/nextjs 0.0.115 → 0.0.119

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/client/index.d.ts +119 -2
  2. package/dist/client/index.js +146 -12
  3. package/dist/client/index.js.map +1 -1
  4. package/dist/client/index.mjs +146 -12
  5. package/dist/client/index.mjs.map +1 -1
  6. package/dist/server/app-router/index.d.ts +113 -2
  7. package/dist/server/app-router/index.js +232 -36
  8. package/dist/server/app-router/index.js.map +1 -1
  9. package/dist/server/app-router/index.mjs +232 -36
  10. package/dist/server/app-router/index.mjs.map +1 -1
  11. package/dist/server/index.d.ts +111 -1
  12. package/dist/server/index.js +67 -16
  13. package/dist/server/index.js.map +1 -1
  14. package/dist/server/index.mjs +67 -16
  15. package/dist/server/index.mjs.map +1 -1
  16. package/dist/server/pages/index.d.ts +111 -1
  17. package/dist/server/pages/index.js +82 -24
  18. package/dist/server/pages/index.js.map +1 -1
  19. package/dist/server/pages/index.mjs +82 -24
  20. package/dist/server/pages/index.mjs.map +1 -1
  21. package/package.json +1 -1
package/dist/server/app-router/index.mjs CHANGED
@@ -40,10 +40,36 @@ import { redirect } from "next/navigation.js";
40
40
  import { cookies, headers } from "next/headers.js";
41
41
  import { NextResponse } from "next/server.js";
42
42
 
43
+ // src/loginMethod.ts
44
+ function toLoginMethod(snake_case) {
45
+ if (!snake_case) {
46
+ return { loginMethod: "unknown" };
47
+ }
48
+ switch (snake_case.login_method) {
49
+ case "password":
50
+ return { loginMethod: "password" };
51
+ case "magic_link":
52
+ return { loginMethod: "magic_link" };
53
+ case "social_sso":
54
+ return { loginMethod: "social_sso", provider: snake_case.provider };
55
+ case "email_confirmation_link":
56
+ return { loginMethod: "email_confirmation_link" };
57
+ case "saml_sso":
58
+ return { loginMethod: "saml_sso", provider: snake_case.provider, orgId: snake_case.org_id };
59
+ case "impersonation":
60
+ return { loginMethod: "impersonation" };
61
+ case "generated_from_backend_api":
62
+ return { loginMethod: "generated_from_backend_api" };
63
+ default:
64
+ return { loginMethod: "unknown" };
65
+ }
66
+ }
67
+
43
68
  // src/user.ts
44
69
  var UserFromToken = class {
45
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
70
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
46
71
  this.userId = userId;
72
+ this.activeOrgId = activeOrgId;
47
73
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
48
74
  this.email = email;
49
75
  this.firstName = firstName;
@@ -52,6 +78,16 @@ var UserFromToken = class {
52
78
  this.legacyUserId = legacyUserId;
53
79
  this.impersonatorUserId = impersonatorUserId;
54
80
  this.properties = properties;
81
+ this.loginMethod = loginMethod;
82
+ }
83
+ getActiveOrg() {
84
+ if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
85
+ return void 0;
86
+ }
87
+ return this.orgIdToOrgMemberInfo[this.activeOrgId];
88
+ }
89
+ getActiveOrgId() {
90
+ return this.activeOrgId;
55
91
  }
56
92
  getOrg(orgId) {
57
93
  if (!this.orgIdToOrgMemberInfo) {
@@ -85,9 +121,7 @@ var UserFromToken = class {
85
121
  const obj = JSON.parse(json);
86
122
  const orgIdToOrgMemberInfo = {};
87
123
  for (const orgId in obj.orgIdToOrgMemberInfo) {
88
- orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
89
- JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
90
- );
124
+ orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]));
91
125
  }
92
126
  return new UserFromToken(
93
127
  obj.userId,
@@ -98,7 +132,34 @@ var UserFromToken = class {
98
132
  obj.username,
99
133
  obj.legacyUserId,
100
134
  obj.impersonatorUserId,
101
- obj.properties
135
+ obj.properties,
136
+ obj.activeOrgId,
137
+ obj.loginMethod
138
+ );
139
+ }
140
+ static fromJwtPayload(payload) {
141
+ let activeOrgId;
142
+ let orgIdToOrgMemberInfo;
143
+ if (payload.org_member_info) {
144
+ activeOrgId = payload.org_member_info.org_id;
145
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
146
+ } else {
147
+ activeOrgId = void 0;
148
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
149
+ }
150
+ const loginMethod = toLoginMethod(payload.login_method);
151
+ return new UserFromToken(
152
+ payload.user_id,
153
+ payload.email,
154
+ orgIdToOrgMemberInfo,
155
+ payload.first_name,
156
+ payload.last_name,
157
+ payload.username,
158
+ payload.legacy_user_id,
159
+ payload.impersonatorUserId,
160
+ payload.properties,
161
+ activeOrgId,
162
+ loginMethod
102
163
  );
103
164
  }
104
165
  };
@@ -149,17 +210,7 @@ var OrgMemberInfo = class {
149
210
  }
150
211
  };
151
212
  function toUser(snake_case) {
152
- return new UserFromToken(
153
- snake_case.user_id,
154
- snake_case.email,
155
- toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
156
- snake_case.first_name,
157
- snake_case.last_name,
158
- snake_case.username,
159
- snake_case.legacy_user_id,
160
- snake_case.impersonatorUserId,
161
- snake_case.properties
162
- );
213
+ return UserFromToken.fromJwtPayload(snake_case);
163
214
  }
164
215
  function toOrgIdToOrgMemberInfo(snake_case) {
165
216
  if (snake_case === void 0) {
@@ -231,12 +282,17 @@ function getVerifierKey() {
231
282
  }
232
283
  return verifierKey.replace(/\\n/g, "\n");
233
284
  }
234
- function refreshTokenWithAccessAndRefreshToken(refreshToken) {
285
+ function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
235
286
  return __async(this, null, function* () {
236
287
  const body = {
237
288
  refresh_token: refreshToken
238
289
  };
239
- const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
290
+ const queryParams = new URLSearchParams();
291
+ if (activeOrgId) {
292
+ queryParams.set("with_active_org_support", "true");
293
+ queryParams.set("active_org_id", activeOrgId);
294
+ }
295
+ const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
240
296
  const response = yield fetch(url, {
241
297
  method: "POST",
242
298
  body: JSON.stringify(body),
@@ -248,10 +304,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
248
304
  if (response.ok) {
249
305
  const data = yield response.json();
250
306
  const newRefreshToken = data.refresh_token;
251
- const {
252
- access_token: accessToken,
253
- expires_at_seconds: expiresAtSeconds
254
- } = data.access_token;
307
+ const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
255
308
  return {
256
309
  refreshToken: newRefreshToken,
257
310
  accessToken,
@@ -312,6 +365,9 @@ function validateAccessToken(accessToken) {
312
365
  });
313
366
  }
314
367
 
368
+ // src/shared.ts
369
+ var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
370
+
315
371
  // src/server/app-router.ts
316
372
  function getUserOrRedirect() {
317
373
  return __async(this, null, function* () {
@@ -326,8 +382,7 @@ function getUserOrRedirect() {
326
382
  }
327
383
  function getUser() {
328
384
  return __async(this, null, function* () {
329
- var _a;
330
- const accessToken = headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = cookies().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
385
+ const accessToken = getAccessToken();
331
386
  if (accessToken) {
332
387
  const user = yield validateAccessTokenOrUndefined(accessToken);
333
388
  if (user) {
@@ -338,14 +393,12 @@ function getUser() {
338
393
  });
339
394
  }
340
395
  function getAccessToken() {
341
- return __async(this, null, function* () {
342
- var _a;
343
- return headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = cookies().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
344
- });
396
+ var _a;
397
+ return headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = cookies().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
345
398
  }
346
399
  function authMiddleware(req) {
347
400
  return __async(this, null, function* () {
348
- var _a, _b;
401
+ var _a, _b, _c;
349
402
  if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
350
403
  throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
351
404
  } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
@@ -353,6 +406,7 @@ function authMiddleware(req) {
353
406
  }
354
407
  const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
355
408
  const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
409
+ const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
356
410
  if (accessToken) {
357
411
  const user = yield validateAccessTokenOrUndefined(accessToken);
358
412
  if (user) {
@@ -360,7 +414,7 @@ function authMiddleware(req) {
360
414
  }
361
415
  }
362
416
  if (refreshToken) {
363
- const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
417
+ const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
364
418
  if (response.error === "unexpected") {
365
419
  throw new Error("Unexpected error while refreshing access token");
366
420
  } else if (response.error === "unauthorized") {
@@ -421,7 +475,7 @@ function getRouteHandlers(args) {
421
475
  }
422
476
  function callbackGetHandler(req) {
423
477
  return __async(this, null, function* () {
424
- var _a, _b;
478
+ var _a, _b, _c;
425
479
  const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
426
480
  if (!oauthState || oauthState.length !== 64) {
427
481
  return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -457,6 +511,49 @@ function getRouteHandlers(args) {
457
511
  console.error("postLoginRedirectPathFn returned undefined");
458
512
  return new Response("Unexpected error", { status: 500 });
459
513
  }
514
+ const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
515
+ const user = yield validateAccessToken(accessToken);
516
+ const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
517
+ let activeOrgId = void 0;
518
+ if (isUserInCurrentActiveOrg) {
519
+ activeOrgId = currentActiveOrgId;
520
+ } else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
521
+ activeOrgId = args.getDefaultActiveOrgId(req, user);
522
+ }
523
+ if (activeOrgId) {
524
+ const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
525
+ if (response2.error === "unexpected") {
526
+ throw new Error("Unexpected error while setting active org");
527
+ } else if (response2.error === "unauthorized") {
528
+ console.error(
529
+ "Unauthorized error while setting active org. Your user may not have access to this org"
530
+ );
531
+ return new Response("Unauthorized", { status: 401 });
532
+ } else {
533
+ const headers3 = new Headers();
534
+ headers3.append("Location", returnToPath);
535
+ headers3.append(
536
+ "Set-Cookie",
537
+ `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
538
+ );
539
+ headers3.append(
540
+ "Set-Cookie",
541
+ `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
542
+ );
543
+ headers3.append(
544
+ "Set-Cookie",
545
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
546
+ );
547
+ headers3.append(
548
+ "Set-Cookie",
549
+ `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
550
+ );
551
+ return new Response(null, {
552
+ status: 302,
553
+ headers: headers3
554
+ });
555
+ }
556
+ }
460
557
  const headers2 = new Headers();
461
558
  headers2.append("Location", returnToPath);
462
559
  headers2.append(
@@ -467,6 +564,10 @@ function getRouteHandlers(args) {
467
564
  "Set-Cookie",
468
565
  `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
469
566
  );
567
+ headers2.append(
568
+ "Set-Cookie",
569
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
570
+ );
470
571
  headers2.append(
471
572
  "Set-Cookie",
472
573
  `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
@@ -487,10 +588,11 @@ function getRouteHandlers(args) {
487
588
  }
488
589
  function userinfoGetHandler(req) {
489
590
  return __async(this, null, function* () {
490
- var _a;
591
+ var _a, _b;
491
592
  const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
593
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
492
594
  if (oldRefreshToken) {
493
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
595
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
494
596
  if (refreshResponse.error === "unexpected") {
495
597
  throw new Error("Unexpected error while refreshing access token");
496
598
  } else if (refreshResponse.error === "unauthorized") {
@@ -503,6 +605,10 @@ function getRouteHandlers(args) {
503
605
  "Set-Cookie",
504
606
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
505
607
  );
608
+ headers3.append(
609
+ "Set-Cookie",
610
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
611
+ );
506
612
  return new Response("Unauthorized", { status: 401, headers: headers3 });
507
613
  }
508
614
  const refreshToken = refreshResponse.refreshToken;
@@ -521,7 +627,8 @@ function getRouteHandlers(args) {
521
627
  const jsonResponse = {
522
628
  userinfo: data,
523
629
  accessToken,
524
- impersonatorUserId: userFromToken.impersonatorUserId
630
+ impersonatorUserId: userFromToken.impersonatorUserId,
631
+ activeOrgId
525
632
  };
526
633
  const headers3 = new Headers();
527
634
  headers3.append(
@@ -547,6 +654,10 @@ function getRouteHandlers(args) {
547
654
  "Set-Cookie",
548
655
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
549
656
  );
657
+ headers3.append(
658
+ "Set-Cookie",
659
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
660
+ );
550
661
  return new Response(null, {
551
662
  status: 401,
552
663
  headers: headers3
@@ -558,12 +669,13 @@ function getRouteHandlers(args) {
558
669
  const headers2 = new Headers();
559
670
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
560
671
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
672
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
561
673
  return new Response(null, { status: 401 });
562
674
  });
563
675
  }
564
676
  function logoutGetHandler(req) {
565
677
  return __async(this, null, function* () {
566
- var _a;
678
+ var _a, _b;
567
679
  const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
568
680
  if (!path) {
569
681
  console.error("postLoginPathFn returned undefined");
@@ -581,12 +693,17 @@ function getRouteHandlers(args) {
581
693
  "Set-Cookie",
582
694
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
583
695
  );
696
+ headers2.append(
697
+ "Set-Cookie",
698
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
699
+ );
584
700
  return new Response(null, {
585
701
  status: 302,
586
702
  headers: headers2
587
703
  });
588
704
  }
589
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
705
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
706
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
590
707
  if (refreshResponse.error === "unexpected") {
591
708
  console.error("Unexpected error while refreshing access token");
592
709
  return new Response("Unexpected error", { status: 500 });
@@ -601,6 +718,10 @@ function getRouteHandlers(args) {
601
718
  "Set-Cookie",
602
719
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
603
720
  );
721
+ headers2.append(
722
+ "Set-Cookie",
723
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
724
+ );
604
725
  return new Response(null, {
605
726
  status: 302,
606
727
  headers: headers2
@@ -629,6 +750,10 @@ function getRouteHandlers(args) {
629
750
  "Set-Cookie",
630
751
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
631
752
  );
753
+ headers3.append(
754
+ "Set-Cookie",
755
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
756
+ );
632
757
  return new Response(null, { status: 200, headers: headers3 });
633
758
  }
634
759
  const authUrlOrigin = getAuthUrlOrigin();
@@ -653,9 +778,78 @@ function getRouteHandlers(args) {
653
778
  const headers2 = new Headers();
654
779
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
655
780
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
781
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
656
782
  return new Response(null, { status: 200, headers: headers2 });
657
783
  });
658
784
  }
785
+ function setActiveOrgHandler(req) {
786
+ return __async(this, null, function* () {
787
+ var _a;
788
+ const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
789
+ const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
790
+ if (!oldRefreshToken) {
791
+ const headers2 = new Headers();
792
+ headers2.append(
793
+ "Set-Cookie",
794
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
795
+ );
796
+ return new Response(null, { status: 401, headers: headers2 });
797
+ }
798
+ if (!activeOrgId) {
799
+ return new Response(null, { status: 400 });
800
+ }
801
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
802
+ if (refreshResponse.error === "unexpected") {
803
+ throw new Error("Unexpected error while setting active org id");
804
+ } else if (refreshResponse.error === "unauthorized") {
805
+ return new Response("Unauthorized", { status: 401 });
806
+ }
807
+ const refreshToken = refreshResponse.refreshToken;
808
+ const accessToken = refreshResponse.accessToken;
809
+ const authUrlOrigin = getAuthUrlOrigin();
810
+ const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
811
+ const response = yield fetch(path, {
812
+ headers: {
813
+ "Content-Type": "application/json",
814
+ Authorization: "Bearer " + accessToken
815
+ }
816
+ });
817
+ if (response.ok) {
818
+ const userFromToken = yield validateAccessToken(accessToken);
819
+ const data = yield response.json();
820
+ const jsonResponse = {
821
+ userinfo: data,
822
+ accessToken,
823
+ impersonatorUserId: userFromToken.impersonatorUserId,
824
+ activeOrgId
825
+ };
826
+ const headers2 = new Headers();
827
+ headers2.append(
828
+ "Set-Cookie",
829
+ `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
830
+ );
831
+ headers2.append(
832
+ "Set-Cookie",
833
+ `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
834
+ );
835
+ headers2.append(
836
+ "Set-Cookie",
837
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
838
+ );
839
+ headers2.append("Content-Type", "application/json");
840
+ return new Response(JSON.stringify(jsonResponse), {
841
+ status: 200,
842
+ headers: headers2
843
+ });
844
+ } else if (response.status === 401) {
845
+ return new Response(null, {
846
+ status: 401
847
+ });
848
+ } else {
849
+ return new Response(null, { status: 500 });
850
+ }
851
+ });
852
+ }
659
853
  function getRouteHandler(req, { params }) {
660
854
  if (params.slug === "login") {
661
855
  return loginGetHandler(req);
@@ -674,6 +868,8 @@ function getRouteHandlers(args) {
674
868
  function postRouteHandler(req, { params }) {
675
869
  if (params.slug === "logout") {
676
870
  return logoutPostHandler(req);
871
+ } else if (params.slug === "set-active-org") {
872
+ return setActiveOrgHandler(req);
677
873
  } else {
678
874
  return new Response("", { status: 404 });
679
875
  }