@propelauth/nextjs 0.0.118 → 0.0.119

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -108,8 +108,9 @@ function toLoginMethod(snake_case) {
108
108
 
109
109
  // src/user.ts
110
110
  var UserFromToken = class {
111
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) {
111
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
112
112
  this.userId = userId;
113
+ this.activeOrgId = activeOrgId;
113
114
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
114
115
  this.email = email;
115
116
  this.firstName = firstName;
@@ -120,6 +121,15 @@ var UserFromToken = class {
120
121
  this.properties = properties;
121
122
  this.loginMethod = loginMethod;
122
123
  }
124
+ getActiveOrg() {
125
+ if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
126
+ return void 0;
127
+ }
128
+ return this.orgIdToOrgMemberInfo[this.activeOrgId];
129
+ }
130
+ getActiveOrgId() {
131
+ return this.activeOrgId;
132
+ }
123
133
  getOrg(orgId) {
124
134
  if (!this.orgIdToOrgMemberInfo) {
125
135
  return void 0;
@@ -164,9 +174,35 @@ var UserFromToken = class {
164
174
  obj.legacyUserId,
165
175
  obj.impersonatorUserId,
166
176
  obj.properties,
177
+ obj.activeOrgId,
167
178
  obj.loginMethod
168
179
  );
169
180
  }
181
+ static fromJwtPayload(payload) {
182
+ let activeOrgId;
183
+ let orgIdToOrgMemberInfo;
184
+ if (payload.org_member_info) {
185
+ activeOrgId = payload.org_member_info.org_id;
186
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
187
+ } else {
188
+ activeOrgId = void 0;
189
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
190
+ }
191
+ const loginMethod = toLoginMethod(payload.login_method);
192
+ return new UserFromToken(
193
+ payload.user_id,
194
+ payload.email,
195
+ orgIdToOrgMemberInfo,
196
+ payload.first_name,
197
+ payload.last_name,
198
+ payload.username,
199
+ payload.legacy_user_id,
200
+ payload.impersonatorUserId,
201
+ payload.properties,
202
+ activeOrgId,
203
+ loginMethod
204
+ );
205
+ }
170
206
  };
171
207
  var OrgMemberInfo = class {
172
208
  constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -215,18 +251,7 @@ var OrgMemberInfo = class {
215
251
  }
216
252
  };
217
253
  function toUser(snake_case) {
218
- return new UserFromToken(
219
- snake_case.user_id,
220
- snake_case.email,
221
- toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
222
- snake_case.first_name,
223
- snake_case.last_name,
224
- snake_case.username,
225
- snake_case.legacy_user_id,
226
- snake_case.impersonatorUserId,
227
- snake_case.properties,
228
- toLoginMethod(snake_case.login_method)
229
- );
254
+ return UserFromToken.fromJwtPayload(snake_case);
230
255
  }
231
256
  function toOrgIdToOrgMemberInfo(snake_case) {
232
257
  if (snake_case === void 0) {
@@ -298,12 +323,17 @@ function getVerifierKey() {
298
323
  }
299
324
  return verifierKey.replace(/\\n/g, "\n");
300
325
  }
301
- function refreshTokenWithAccessAndRefreshToken(refreshToken) {
326
+ function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
302
327
  return __async(this, null, function* () {
303
328
  const body = {
304
329
  refresh_token: refreshToken
305
330
  };
306
- const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
331
+ const queryParams = new URLSearchParams();
332
+ if (activeOrgId) {
333
+ queryParams.set("with_active_org_support", "true");
334
+ queryParams.set("active_org_id", activeOrgId);
335
+ }
336
+ const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
307
337
  const response = yield fetch(url, {
308
338
  method: "POST",
309
339
  body: JSON.stringify(body),
@@ -315,10 +345,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
315
345
  if (response.ok) {
316
346
  const data = yield response.json();
317
347
  const newRefreshToken = data.refresh_token;
318
- const {
319
- access_token: accessToken,
320
- expires_at_seconds: expiresAtSeconds
321
- } = data.access_token;
348
+ const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
322
349
  return {
323
350
  refreshToken: newRefreshToken,
324
351
  accessToken,
@@ -379,6 +406,9 @@ function validateAccessToken(accessToken) {
379
406
  });
380
407
  }
381
408
 
409
+ // src/shared.ts
410
+ var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
411
+
382
412
  // src/server/app-router.ts
383
413
  function getUserOrRedirect() {
384
414
  return __async(this, null, function* () {
@@ -393,8 +423,7 @@ function getUserOrRedirect() {
393
423
  }
394
424
  function getUser() {
395
425
  return __async(this, null, function* () {
396
- var _a;
397
- const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
426
+ const accessToken = getAccessToken();
398
427
  if (accessToken) {
399
428
  const user = yield validateAccessTokenOrUndefined(accessToken);
400
429
  if (user) {
@@ -405,14 +434,12 @@ function getUser() {
405
434
  });
406
435
  }
407
436
  function getAccessToken() {
408
- return __async(this, null, function* () {
409
- var _a;
410
- return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
411
- });
437
+ var _a;
438
+ return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
412
439
  }
413
440
  function authMiddleware(req) {
414
441
  return __async(this, null, function* () {
415
- var _a, _b;
442
+ var _a, _b, _c;
416
443
  if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
417
444
  throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
418
445
  } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
@@ -420,6 +447,7 @@ function authMiddleware(req) {
420
447
  }
421
448
  const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
422
449
  const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
450
+ const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
423
451
  if (accessToken) {
424
452
  const user = yield validateAccessTokenOrUndefined(accessToken);
425
453
  if (user) {
@@ -427,7 +455,7 @@ function authMiddleware(req) {
427
455
  }
428
456
  }
429
457
  if (refreshToken) {
430
- const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
458
+ const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
431
459
  if (response.error === "unexpected") {
432
460
  throw new Error("Unexpected error while refreshing access token");
433
461
  } else if (response.error === "unauthorized") {
@@ -488,7 +516,7 @@ function getRouteHandlers(args) {
488
516
  }
489
517
  function callbackGetHandler(req) {
490
518
  return __async(this, null, function* () {
491
- var _a, _b;
519
+ var _a, _b, _c;
492
520
  const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
493
521
  if (!oauthState || oauthState.length !== 64) {
494
522
  return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -524,6 +552,49 @@ function getRouteHandlers(args) {
524
552
  console.error("postLoginRedirectPathFn returned undefined");
525
553
  return new Response("Unexpected error", { status: 500 });
526
554
  }
555
+ const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
556
+ const user = yield validateAccessToken(accessToken);
557
+ const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
558
+ let activeOrgId = void 0;
559
+ if (isUserInCurrentActiveOrg) {
560
+ activeOrgId = currentActiveOrgId;
561
+ } else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
562
+ activeOrgId = args.getDefaultActiveOrgId(req, user);
563
+ }
564
+ if (activeOrgId) {
565
+ const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
566
+ if (response2.error === "unexpected") {
567
+ throw new Error("Unexpected error while setting active org");
568
+ } else if (response2.error === "unauthorized") {
569
+ console.error(
570
+ "Unauthorized error while setting active org. Your user may not have access to this org"
571
+ );
572
+ return new Response("Unauthorized", { status: 401 });
573
+ } else {
574
+ const headers3 = new Headers();
575
+ headers3.append("Location", returnToPath);
576
+ headers3.append(
577
+ "Set-Cookie",
578
+ `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
579
+ );
580
+ headers3.append(
581
+ "Set-Cookie",
582
+ `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
583
+ );
584
+ headers3.append(
585
+ "Set-Cookie",
586
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
587
+ );
588
+ headers3.append(
589
+ "Set-Cookie",
590
+ `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
591
+ );
592
+ return new Response(null, {
593
+ status: 302,
594
+ headers: headers3
595
+ });
596
+ }
597
+ }
527
598
  const headers2 = new Headers();
528
599
  headers2.append("Location", returnToPath);
529
600
  headers2.append(
@@ -534,6 +605,10 @@ function getRouteHandlers(args) {
534
605
  "Set-Cookie",
535
606
  `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
536
607
  );
608
+ headers2.append(
609
+ "Set-Cookie",
610
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
611
+ );
537
612
  headers2.append(
538
613
  "Set-Cookie",
539
614
  `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
@@ -554,10 +629,11 @@ function getRouteHandlers(args) {
554
629
  }
555
630
  function userinfoGetHandler(req) {
556
631
  return __async(this, null, function* () {
557
- var _a;
632
+ var _a, _b;
558
633
  const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
634
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
559
635
  if (oldRefreshToken) {
560
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
636
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
561
637
  if (refreshResponse.error === "unexpected") {
562
638
  throw new Error("Unexpected error while refreshing access token");
563
639
  } else if (refreshResponse.error === "unauthorized") {
@@ -570,6 +646,10 @@ function getRouteHandlers(args) {
570
646
  "Set-Cookie",
571
647
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
572
648
  );
649
+ headers3.append(
650
+ "Set-Cookie",
651
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
652
+ );
573
653
  return new Response("Unauthorized", { status: 401, headers: headers3 });
574
654
  }
575
655
  const refreshToken = refreshResponse.refreshToken;
@@ -588,7 +668,8 @@ function getRouteHandlers(args) {
588
668
  const jsonResponse = {
589
669
  userinfo: data,
590
670
  accessToken,
591
- impersonatorUserId: userFromToken.impersonatorUserId
671
+ impersonatorUserId: userFromToken.impersonatorUserId,
672
+ activeOrgId
592
673
  };
593
674
  const headers3 = new Headers();
594
675
  headers3.append(
@@ -614,6 +695,10 @@ function getRouteHandlers(args) {
614
695
  "Set-Cookie",
615
696
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
616
697
  );
698
+ headers3.append(
699
+ "Set-Cookie",
700
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
701
+ );
617
702
  return new Response(null, {
618
703
  status: 401,
619
704
  headers: headers3
@@ -625,12 +710,13 @@ function getRouteHandlers(args) {
625
710
  const headers2 = new Headers();
626
711
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
627
712
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
713
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
628
714
  return new Response(null, { status: 401 });
629
715
  });
630
716
  }
631
717
  function logoutGetHandler(req) {
632
718
  return __async(this, null, function* () {
633
- var _a;
719
+ var _a, _b;
634
720
  const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
635
721
  if (!path) {
636
722
  console.error("postLoginPathFn returned undefined");
@@ -648,12 +734,17 @@ function getRouteHandlers(args) {
648
734
  "Set-Cookie",
649
735
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
650
736
  );
737
+ headers2.append(
738
+ "Set-Cookie",
739
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
740
+ );
651
741
  return new Response(null, {
652
742
  status: 302,
653
743
  headers: headers2
654
744
  });
655
745
  }
656
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
746
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
747
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
657
748
  if (refreshResponse.error === "unexpected") {
658
749
  console.error("Unexpected error while refreshing access token");
659
750
  return new Response("Unexpected error", { status: 500 });
@@ -668,6 +759,10 @@ function getRouteHandlers(args) {
668
759
  "Set-Cookie",
669
760
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
670
761
  );
762
+ headers2.append(
763
+ "Set-Cookie",
764
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
765
+ );
671
766
  return new Response(null, {
672
767
  status: 302,
673
768
  headers: headers2
@@ -696,6 +791,10 @@ function getRouteHandlers(args) {
696
791
  "Set-Cookie",
697
792
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
698
793
  );
794
+ headers3.append(
795
+ "Set-Cookie",
796
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
797
+ );
699
798
  return new Response(null, { status: 200, headers: headers3 });
700
799
  }
701
800
  const authUrlOrigin = getAuthUrlOrigin();
@@ -720,9 +819,78 @@ function getRouteHandlers(args) {
720
819
  const headers2 = new Headers();
721
820
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
722
821
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
822
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
723
823
  return new Response(null, { status: 200, headers: headers2 });
724
824
  });
725
825
  }
826
+ function setActiveOrgHandler(req) {
827
+ return __async(this, null, function* () {
828
+ var _a;
829
+ const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
830
+ const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
831
+ if (!oldRefreshToken) {
832
+ const headers2 = new Headers();
833
+ headers2.append(
834
+ "Set-Cookie",
835
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
836
+ );
837
+ return new Response(null, { status: 401, headers: headers2 });
838
+ }
839
+ if (!activeOrgId) {
840
+ return new Response(null, { status: 400 });
841
+ }
842
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
843
+ if (refreshResponse.error === "unexpected") {
844
+ throw new Error("Unexpected error while setting active org id");
845
+ } else if (refreshResponse.error === "unauthorized") {
846
+ return new Response("Unauthorized", { status: 401 });
847
+ }
848
+ const refreshToken = refreshResponse.refreshToken;
849
+ const accessToken = refreshResponse.accessToken;
850
+ const authUrlOrigin = getAuthUrlOrigin();
851
+ const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
852
+ const response = yield fetch(path, {
853
+ headers: {
854
+ "Content-Type": "application/json",
855
+ Authorization: "Bearer " + accessToken
856
+ }
857
+ });
858
+ if (response.ok) {
859
+ const userFromToken = yield validateAccessToken(accessToken);
860
+ const data = yield response.json();
861
+ const jsonResponse = {
862
+ userinfo: data,
863
+ accessToken,
864
+ impersonatorUserId: userFromToken.impersonatorUserId,
865
+ activeOrgId
866
+ };
867
+ const headers2 = new Headers();
868
+ headers2.append(
869
+ "Set-Cookie",
870
+ `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
871
+ );
872
+ headers2.append(
873
+ "Set-Cookie",
874
+ `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
875
+ );
876
+ headers2.append(
877
+ "Set-Cookie",
878
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
879
+ );
880
+ headers2.append("Content-Type", "application/json");
881
+ return new Response(JSON.stringify(jsonResponse), {
882
+ status: 200,
883
+ headers: headers2
884
+ });
885
+ } else if (response.status === 401) {
886
+ return new Response(null, {
887
+ status: 401
888
+ });
889
+ } else {
890
+ return new Response(null, { status: 500 });
891
+ }
892
+ });
893
+ }
726
894
  function getRouteHandler(req, { params }) {
727
895
  if (params.slug === "login") {
728
896
  return loginGetHandler(req);
@@ -741,6 +909,8 @@ function getRouteHandlers(args) {
741
909
  function postRouteHandler(req, { params }) {
742
910
  if (params.slug === "logout") {
743
911
  return logoutPostHandler(req);
912
+ } else if (params.slug === "set-active-org") {
913
+ return setActiveOrgHandler(req);
744
914
  } else {
745
915
  return new Response("", { status: 404 });
746
916
  }