@propelauth/nextjs 0.0.118 → 0.0.119

Sign up to get free protection for your applications and to get access to all the features.
Files changed (21) hide show
  1. package/dist/client/index.d.ts +69 -2
  2. package/dist/client/index.js +142 -8
  3. package/dist/client/index.js.map +1 -1
  4. package/dist/client/index.mjs +142 -8
  5. package/dist/client/index.mjs.map +1 -1
  6. package/dist/server/app-router/index.d.ts +63 -2
  7. package/dist/server/app-router/index.js +203 -33
  8. package/dist/server/app-router/index.js.map +1 -1
  9. package/dist/server/app-router/index.mjs +203 -33
  10. package/dist/server/app-router/index.mjs.map +1 -1
  11. package/dist/server/index.d.ts +61 -1
  12. package/dist/server/index.js +38 -13
  13. package/dist/server/index.js.map +1 -1
  14. package/dist/server/index.mjs +38 -13
  15. package/dist/server/index.mjs.map +1 -1
  16. package/dist/server/pages/index.d.ts +61 -1
  17. package/dist/server/pages/index.js +53 -21
  18. package/dist/server/pages/index.js.map +1 -1
  19. package/dist/server/pages/index.mjs +53 -21
  20. package/dist/server/pages/index.mjs.map +1 -1
  21. package/package.json +1 -1
package/dist/server/app-router/index.js CHANGED
@@ -108,8 +108,9 @@ function toLoginMethod(snake_case) {
108
108
 
109
109
  // src/user.ts
110
110
  var UserFromToken = class {
111
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) {
111
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
112
112
  this.userId = userId;
113
+ this.activeOrgId = activeOrgId;
113
114
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
114
115
  this.email = email;
115
116
  this.firstName = firstName;
@@ -120,6 +121,15 @@ var UserFromToken = class {
120
121
  this.properties = properties;
121
122
  this.loginMethod = loginMethod;
122
123
  }
124
+ getActiveOrg() {
125
+ if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
126
+ return void 0;
127
+ }
128
+ return this.orgIdToOrgMemberInfo[this.activeOrgId];
129
+ }
130
+ getActiveOrgId() {
131
+ return this.activeOrgId;
132
+ }
123
133
  getOrg(orgId) {
124
134
  if (!this.orgIdToOrgMemberInfo) {
125
135
  return void 0;
@@ -164,9 +174,35 @@ var UserFromToken = class {
164
174
  obj.legacyUserId,
165
175
  obj.impersonatorUserId,
166
176
  obj.properties,
177
+ obj.activeOrgId,
167
178
  obj.loginMethod
168
179
  );
169
180
  }
181
+ static fromJwtPayload(payload) {
182
+ let activeOrgId;
183
+ let orgIdToOrgMemberInfo;
184
+ if (payload.org_member_info) {
185
+ activeOrgId = payload.org_member_info.org_id;
186
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
187
+ } else {
188
+ activeOrgId = void 0;
189
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
190
+ }
191
+ const loginMethod = toLoginMethod(payload.login_method);
192
+ return new UserFromToken(
193
+ payload.user_id,
194
+ payload.email,
195
+ orgIdToOrgMemberInfo,
196
+ payload.first_name,
197
+ payload.last_name,
198
+ payload.username,
199
+ payload.legacy_user_id,
200
+ payload.impersonatorUserId,
201
+ payload.properties,
202
+ activeOrgId,
203
+ loginMethod
204
+ );
205
+ }
170
206
  };
171
207
  var OrgMemberInfo = class {
172
208
  constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -215,18 +251,7 @@ var OrgMemberInfo = class {
215
251
  }
216
252
  };
217
253
  function toUser(snake_case) {
218
- return new UserFromToken(
219
- snake_case.user_id,
220
- snake_case.email,
221
- toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
222
- snake_case.first_name,
223
- snake_case.last_name,
224
- snake_case.username,
225
- snake_case.legacy_user_id,
226
- snake_case.impersonatorUserId,
227
- snake_case.properties,
228
- toLoginMethod(snake_case.login_method)
229
- );
254
+ return UserFromToken.fromJwtPayload(snake_case);
230
255
  }
231
256
  function toOrgIdToOrgMemberInfo(snake_case) {
232
257
  if (snake_case === void 0) {
@@ -298,12 +323,17 @@ function getVerifierKey() {
298
323
  }
299
324
  return verifierKey.replace(/\\n/g, "\n");
300
325
  }
301
- function refreshTokenWithAccessAndRefreshToken(refreshToken) {
326
+ function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
302
327
  return __async(this, null, function* () {
303
328
  const body = {
304
329
  refresh_token: refreshToken
305
330
  };
306
- const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
331
+ const queryParams = new URLSearchParams();
332
+ if (activeOrgId) {
333
+ queryParams.set("with_active_org_support", "true");
334
+ queryParams.set("active_org_id", activeOrgId);
335
+ }
336
+ const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
307
337
  const response = yield fetch(url, {
308
338
  method: "POST",
309
339
  body: JSON.stringify(body),
@@ -315,10 +345,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
315
345
  if (response.ok) {
316
346
  const data = yield response.json();
317
347
  const newRefreshToken = data.refresh_token;
318
- const {
319
- access_token: accessToken,
320
- expires_at_seconds: expiresAtSeconds
321
- } = data.access_token;
348
+ const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
322
349
  return {
323
350
  refreshToken: newRefreshToken,
324
351
  accessToken,
@@ -379,6 +406,9 @@ function validateAccessToken(accessToken) {
379
406
  });
380
407
  }
381
408
 
409
+ // src/shared.ts
410
+ var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
411
+
382
412
  // src/server/app-router.ts
383
413
  function getUserOrRedirect() {
384
414
  return __async(this, null, function* () {
@@ -393,8 +423,7 @@ function getUserOrRedirect() {
393
423
  }
394
424
  function getUser() {
395
425
  return __async(this, null, function* () {
396
- var _a;
397
- const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
426
+ const accessToken = getAccessToken();
398
427
  if (accessToken) {
399
428
  const user = yield validateAccessTokenOrUndefined(accessToken);
400
429
  if (user) {
@@ -405,14 +434,12 @@ function getUser() {
405
434
  });
406
435
  }
407
436
  function getAccessToken() {
408
- return __async(this, null, function* () {
409
- var _a;
410
- return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
411
- });
437
+ var _a;
438
+ return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
412
439
  }
413
440
  function authMiddleware(req) {
414
441
  return __async(this, null, function* () {
415
- var _a, _b;
442
+ var _a, _b, _c;
416
443
  if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
417
444
  throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
418
445
  } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
@@ -420,6 +447,7 @@ function authMiddleware(req) {
420
447
  }
421
448
  const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
422
449
  const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
450
+ const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
423
451
  if (accessToken) {
424
452
  const user = yield validateAccessTokenOrUndefined(accessToken);
425
453
  if (user) {
@@ -427,7 +455,7 @@ function authMiddleware(req) {
427
455
  }
428
456
  }
429
457
  if (refreshToken) {
430
- const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
458
+ const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
431
459
  if (response.error === "unexpected") {
432
460
  throw new Error("Unexpected error while refreshing access token");
433
461
  } else if (response.error === "unauthorized") {
@@ -488,7 +516,7 @@ function getRouteHandlers(args) {
488
516
  }
489
517
  function callbackGetHandler(req) {
490
518
  return __async(this, null, function* () {
491
- var _a, _b;
519
+ var _a, _b, _c;
492
520
  const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
493
521
  if (!oauthState || oauthState.length !== 64) {
494
522
  return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -524,6 +552,49 @@ function getRouteHandlers(args) {
524
552
  console.error("postLoginRedirectPathFn returned undefined");
525
553
  return new Response("Unexpected error", { status: 500 });
526
554
  }
555
+ const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
556
+ const user = yield validateAccessToken(accessToken);
557
+ const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
558
+ let activeOrgId = void 0;
559
+ if (isUserInCurrentActiveOrg) {
560
+ activeOrgId = currentActiveOrgId;
561
+ } else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
562
+ activeOrgId = args.getDefaultActiveOrgId(req, user);
563
+ }
564
+ if (activeOrgId) {
565
+ const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
566
+ if (response2.error === "unexpected") {
567
+ throw new Error("Unexpected error while setting active org");
568
+ } else if (response2.error === "unauthorized") {
569
+ console.error(
570
+ "Unauthorized error while setting active org. Your user may not have access to this org"
571
+ );
572
+ return new Response("Unauthorized", { status: 401 });
573
+ } else {
574
+ const headers3 = new Headers();
575
+ headers3.append("Location", returnToPath);
576
+ headers3.append(
577
+ "Set-Cookie",
578
+ `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
579
+ );
580
+ headers3.append(
581
+ "Set-Cookie",
582
+ `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
583
+ );
584
+ headers3.append(
585
+ "Set-Cookie",
586
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
587
+ );
588
+ headers3.append(
589
+ "Set-Cookie",
590
+ `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
591
+ );
592
+ return new Response(null, {
593
+ status: 302,
594
+ headers: headers3
595
+ });
596
+ }
597
+ }
527
598
  const headers2 = new Headers();
528
599
  headers2.append("Location", returnToPath);
529
600
  headers2.append(
@@ -534,6 +605,10 @@ function getRouteHandlers(args) {
534
605
  "Set-Cookie",
535
606
  `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
536
607
  );
608
+ headers2.append(
609
+ "Set-Cookie",
610
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
611
+ );
537
612
  headers2.append(
538
613
  "Set-Cookie",
539
614
  `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
@@ -554,10 +629,11 @@ function getRouteHandlers(args) {
554
629
  }
555
630
  function userinfoGetHandler(req) {
556
631
  return __async(this, null, function* () {
557
- var _a;
632
+ var _a, _b;
558
633
  const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
634
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
559
635
  if (oldRefreshToken) {
560
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
636
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
561
637
  if (refreshResponse.error === "unexpected") {
562
638
  throw new Error("Unexpected error while refreshing access token");
563
639
  } else if (refreshResponse.error === "unauthorized") {
@@ -570,6 +646,10 @@ function getRouteHandlers(args) {
570
646
  "Set-Cookie",
571
647
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
572
648
  );
649
+ headers3.append(
650
+ "Set-Cookie",
651
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
652
+ );
573
653
  return new Response("Unauthorized", { status: 401, headers: headers3 });
574
654
  }
575
655
  const refreshToken = refreshResponse.refreshToken;
@@ -588,7 +668,8 @@ function getRouteHandlers(args) {
588
668
  const jsonResponse = {
589
669
  userinfo: data,
590
670
  accessToken,
591
- impersonatorUserId: userFromToken.impersonatorUserId
671
+ impersonatorUserId: userFromToken.impersonatorUserId,
672
+ activeOrgId
592
673
  };
593
674
  const headers3 = new Headers();
594
675
  headers3.append(
@@ -614,6 +695,10 @@ function getRouteHandlers(args) {
614
695
  "Set-Cookie",
615
696
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
616
697
  );
698
+ headers3.append(
699
+ "Set-Cookie",
700
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
701
+ );
617
702
  return new Response(null, {
618
703
  status: 401,
619
704
  headers: headers3
@@ -625,12 +710,13 @@ function getRouteHandlers(args) {
625
710
  const headers2 = new Headers();
626
711
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
627
712
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
713
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
628
714
  return new Response(null, { status: 401 });
629
715
  });
630
716
  }
631
717
  function logoutGetHandler(req) {
632
718
  return __async(this, null, function* () {
633
- var _a;
719
+ var _a, _b;
634
720
  const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
635
721
  if (!path) {
636
722
  console.error("postLoginPathFn returned undefined");
@@ -648,12 +734,17 @@ function getRouteHandlers(args) {
648
734
  "Set-Cookie",
649
735
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
650
736
  );
737
+ headers2.append(
738
+ "Set-Cookie",
739
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
740
+ );
651
741
  return new Response(null, {
652
742
  status: 302,
653
743
  headers: headers2
654
744
  });
655
745
  }
656
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
746
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
747
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
657
748
  if (refreshResponse.error === "unexpected") {
658
749
  console.error("Unexpected error while refreshing access token");
659
750
  return new Response("Unexpected error", { status: 500 });
@@ -668,6 +759,10 @@ function getRouteHandlers(args) {
668
759
  "Set-Cookie",
669
760
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
670
761
  );
762
+ headers2.append(
763
+ "Set-Cookie",
764
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
765
+ );
671
766
  return new Response(null, {
672
767
  status: 302,
673
768
  headers: headers2
@@ -696,6 +791,10 @@ function getRouteHandlers(args) {
696
791
  "Set-Cookie",
697
792
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
698
793
  );
794
+ headers3.append(
795
+ "Set-Cookie",
796
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
797
+ );
699
798
  return new Response(null, { status: 200, headers: headers3 });
700
799
  }
701
800
  const authUrlOrigin = getAuthUrlOrigin();
@@ -720,9 +819,78 @@ function getRouteHandlers(args) {
720
819
  const headers2 = new Headers();
721
820
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
722
821
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
822
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
723
823
  return new Response(null, { status: 200, headers: headers2 });
724
824
  });
725
825
  }
826
+ function setActiveOrgHandler(req) {
827
+ return __async(this, null, function* () {
828
+ var _a;
829
+ const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
830
+ const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
831
+ if (!oldRefreshToken) {
832
+ const headers2 = new Headers();
833
+ headers2.append(
834
+ "Set-Cookie",
835
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
836
+ );
837
+ return new Response(null, { status: 401, headers: headers2 });
838
+ }
839
+ if (!activeOrgId) {
840
+ return new Response(null, { status: 400 });
841
+ }
842
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
843
+ if (refreshResponse.error === "unexpected") {
844
+ throw new Error("Unexpected error while setting active org id");
845
+ } else if (refreshResponse.error === "unauthorized") {
846
+ return new Response("Unauthorized", { status: 401 });
847
+ }
848
+ const refreshToken = refreshResponse.refreshToken;
849
+ const accessToken = refreshResponse.accessToken;
850
+ const authUrlOrigin = getAuthUrlOrigin();
851
+ const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
852
+ const response = yield fetch(path, {
853
+ headers: {
854
+ "Content-Type": "application/json",
855
+ Authorization: "Bearer " + accessToken
856
+ }
857
+ });
858
+ if (response.ok) {
859
+ const userFromToken = yield validateAccessToken(accessToken);
860
+ const data = yield response.json();
861
+ const jsonResponse = {
862
+ userinfo: data,
863
+ accessToken,
864
+ impersonatorUserId: userFromToken.impersonatorUserId,
865
+ activeOrgId
866
+ };
867
+ const headers2 = new Headers();
868
+ headers2.append(
869
+ "Set-Cookie",
870
+ `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
871
+ );
872
+ headers2.append(
873
+ "Set-Cookie",
874
+ `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
875
+ );
876
+ headers2.append(
877
+ "Set-Cookie",
878
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
879
+ );
880
+ headers2.append("Content-Type", "application/json");
881
+ return new Response(JSON.stringify(jsonResponse), {
882
+ status: 200,
883
+ headers: headers2
884
+ });
885
+ } else if (response.status === 401) {
886
+ return new Response(null, {
887
+ status: 401
888
+ });
889
+ } else {
890
+ return new Response(null, { status: 500 });
891
+ }
892
+ });
893
+ }
726
894
  function getRouteHandler(req, { params }) {
727
895
  if (params.slug === "login") {
728
896
  return loginGetHandler(req);
@@ -741,6 +909,8 @@ function getRouteHandlers(args) {
741
909
  function postRouteHandler(req, { params }) {
742
910
  if (params.slug === "logout") {
743
911
  return logoutPostHandler(req);
912
+ } else if (params.slug === "set-active-org") {
913
+ return setActiveOrgHandler(req);
744
914
  } else {
745
915
  return new Response("", { status: 404 });
746
916
  }