@propelauth/nextjs 0.0.118 → 0.0.119
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client/index.d.ts +69 -2
- package/dist/client/index.js +142 -8
- package/dist/client/index.js.map +1 -1
- package/dist/client/index.mjs +142 -8
- package/dist/client/index.mjs.map +1 -1
- package/dist/server/app-router/index.d.ts +63 -2
- package/dist/server/app-router/index.js +203 -33
- package/dist/server/app-router/index.js.map +1 -1
- package/dist/server/app-router/index.mjs +203 -33
- package/dist/server/app-router/index.mjs.map +1 -1
- package/dist/server/index.d.ts +61 -1
- package/dist/server/index.js +38 -13
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs +38 -13
- package/dist/server/index.mjs.map +1 -1
- package/dist/server/pages/index.d.ts +61 -1
- package/dist/server/pages/index.js +53 -21
- package/dist/server/pages/index.js.map +1 -1
- package/dist/server/pages/index.mjs +53 -21
- package/dist/server/pages/index.mjs.map +1 -1
- package/package.json +1 -1
@@ -108,8 +108,9 @@ function toLoginMethod(snake_case) {
|
|
108
108
|
|
109
109
|
// src/user.ts
|
110
110
|
var UserFromToken = class {
|
111
|
-
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) {
|
111
|
+
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
|
112
112
|
this.userId = userId;
|
113
|
+
this.activeOrgId = activeOrgId;
|
113
114
|
this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
|
114
115
|
this.email = email;
|
115
116
|
this.firstName = firstName;
|
@@ -120,6 +121,15 @@ var UserFromToken = class {
|
|
120
121
|
this.properties = properties;
|
121
122
|
this.loginMethod = loginMethod;
|
122
123
|
}
|
124
|
+
getActiveOrg() {
|
125
|
+
if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
|
126
|
+
return void 0;
|
127
|
+
}
|
128
|
+
return this.orgIdToOrgMemberInfo[this.activeOrgId];
|
129
|
+
}
|
130
|
+
getActiveOrgId() {
|
131
|
+
return this.activeOrgId;
|
132
|
+
}
|
123
133
|
getOrg(orgId) {
|
124
134
|
if (!this.orgIdToOrgMemberInfo) {
|
125
135
|
return void 0;
|
@@ -164,9 +174,35 @@ var UserFromToken = class {
|
|
164
174
|
obj.legacyUserId,
|
165
175
|
obj.impersonatorUserId,
|
166
176
|
obj.properties,
|
177
|
+
obj.activeOrgId,
|
167
178
|
obj.loginMethod
|
168
179
|
);
|
169
180
|
}
|
181
|
+
static fromJwtPayload(payload) {
|
182
|
+
let activeOrgId;
|
183
|
+
let orgIdToOrgMemberInfo;
|
184
|
+
if (payload.org_member_info) {
|
185
|
+
activeOrgId = payload.org_member_info.org_id;
|
186
|
+
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
|
187
|
+
} else {
|
188
|
+
activeOrgId = void 0;
|
189
|
+
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
|
190
|
+
}
|
191
|
+
const loginMethod = toLoginMethod(payload.login_method);
|
192
|
+
return new UserFromToken(
|
193
|
+
payload.user_id,
|
194
|
+
payload.email,
|
195
|
+
orgIdToOrgMemberInfo,
|
196
|
+
payload.first_name,
|
197
|
+
payload.last_name,
|
198
|
+
payload.username,
|
199
|
+
payload.legacy_user_id,
|
200
|
+
payload.impersonatorUserId,
|
201
|
+
payload.properties,
|
202
|
+
activeOrgId,
|
203
|
+
loginMethod
|
204
|
+
);
|
205
|
+
}
|
170
206
|
};
|
171
207
|
var OrgMemberInfo = class {
|
172
208
|
constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
|
@@ -215,18 +251,7 @@ var OrgMemberInfo = class {
|
|
215
251
|
}
|
216
252
|
};
|
217
253
|
function toUser(snake_case) {
|
218
|
-
return
|
219
|
-
snake_case.user_id,
|
220
|
-
snake_case.email,
|
221
|
-
toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
|
222
|
-
snake_case.first_name,
|
223
|
-
snake_case.last_name,
|
224
|
-
snake_case.username,
|
225
|
-
snake_case.legacy_user_id,
|
226
|
-
snake_case.impersonatorUserId,
|
227
|
-
snake_case.properties,
|
228
|
-
toLoginMethod(snake_case.login_method)
|
229
|
-
);
|
254
|
+
return UserFromToken.fromJwtPayload(snake_case);
|
230
255
|
}
|
231
256
|
function toOrgIdToOrgMemberInfo(snake_case) {
|
232
257
|
if (snake_case === void 0) {
|
@@ -298,12 +323,17 @@ function getVerifierKey() {
|
|
298
323
|
}
|
299
324
|
return verifierKey.replace(/\\n/g, "\n");
|
300
325
|
}
|
301
|
-
function refreshTokenWithAccessAndRefreshToken(refreshToken) {
|
326
|
+
function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
|
302
327
|
return __async(this, null, function* () {
|
303
328
|
const body = {
|
304
329
|
refresh_token: refreshToken
|
305
330
|
};
|
306
|
-
const
|
331
|
+
const queryParams = new URLSearchParams();
|
332
|
+
if (activeOrgId) {
|
333
|
+
queryParams.set("with_active_org_support", "true");
|
334
|
+
queryParams.set("active_org_id", activeOrgId);
|
335
|
+
}
|
336
|
+
const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
|
307
337
|
const response = yield fetch(url, {
|
308
338
|
method: "POST",
|
309
339
|
body: JSON.stringify(body),
|
@@ -315,10 +345,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
|
|
315
345
|
if (response.ok) {
|
316
346
|
const data = yield response.json();
|
317
347
|
const newRefreshToken = data.refresh_token;
|
318
|
-
const {
|
319
|
-
access_token: accessToken,
|
320
|
-
expires_at_seconds: expiresAtSeconds
|
321
|
-
} = data.access_token;
|
348
|
+
const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
|
322
349
|
return {
|
323
350
|
refreshToken: newRefreshToken,
|
324
351
|
accessToken,
|
@@ -379,6 +406,9 @@ function validateAccessToken(accessToken) {
|
|
379
406
|
});
|
380
407
|
}
|
381
408
|
|
409
|
+
// src/shared.ts
|
410
|
+
var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
|
411
|
+
|
382
412
|
// src/server/app-router.ts
|
383
413
|
function getUserOrRedirect() {
|
384
414
|
return __async(this, null, function* () {
|
@@ -393,8 +423,7 @@ function getUserOrRedirect() {
|
|
393
423
|
}
|
394
424
|
function getUser() {
|
395
425
|
return __async(this, null, function* () {
|
396
|
-
|
397
|
-
const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
426
|
+
const accessToken = getAccessToken();
|
398
427
|
if (accessToken) {
|
399
428
|
const user = yield validateAccessTokenOrUndefined(accessToken);
|
400
429
|
if (user) {
|
@@ -405,14 +434,12 @@ function getUser() {
|
|
405
434
|
});
|
406
435
|
}
|
407
436
|
function getAccessToken() {
|
408
|
-
|
409
|
-
|
410
|
-
return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
411
|
-
});
|
437
|
+
var _a;
|
438
|
+
return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
412
439
|
}
|
413
440
|
function authMiddleware(req) {
|
414
441
|
return __async(this, null, function* () {
|
415
|
-
var _a, _b;
|
442
|
+
var _a, _b, _c;
|
416
443
|
if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
|
417
444
|
throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
|
418
445
|
} else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
|
@@ -420,6 +447,7 @@ function authMiddleware(req) {
|
|
420
447
|
}
|
421
448
|
const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
422
449
|
const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
|
450
|
+
const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
|
423
451
|
if (accessToken) {
|
424
452
|
const user = yield validateAccessTokenOrUndefined(accessToken);
|
425
453
|
if (user) {
|
@@ -427,7 +455,7 @@ function authMiddleware(req) {
|
|
427
455
|
}
|
428
456
|
}
|
429
457
|
if (refreshToken) {
|
430
|
-
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
|
458
|
+
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
|
431
459
|
if (response.error === "unexpected") {
|
432
460
|
throw new Error("Unexpected error while refreshing access token");
|
433
461
|
} else if (response.error === "unauthorized") {
|
@@ -488,7 +516,7 @@ function getRouteHandlers(args) {
|
|
488
516
|
}
|
489
517
|
function callbackGetHandler(req) {
|
490
518
|
return __async(this, null, function* () {
|
491
|
-
var _a, _b;
|
519
|
+
var _a, _b, _c;
|
492
520
|
const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
|
493
521
|
if (!oauthState || oauthState.length !== 64) {
|
494
522
|
return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
|
@@ -524,6 +552,49 @@ function getRouteHandlers(args) {
|
|
524
552
|
console.error("postLoginRedirectPathFn returned undefined");
|
525
553
|
return new Response("Unexpected error", { status: 500 });
|
526
554
|
}
|
555
|
+
const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
|
556
|
+
const user = yield validateAccessToken(accessToken);
|
557
|
+
const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
|
558
|
+
let activeOrgId = void 0;
|
559
|
+
if (isUserInCurrentActiveOrg) {
|
560
|
+
activeOrgId = currentActiveOrgId;
|
561
|
+
} else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
|
562
|
+
activeOrgId = args.getDefaultActiveOrgId(req, user);
|
563
|
+
}
|
564
|
+
if (activeOrgId) {
|
565
|
+
const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
|
566
|
+
if (response2.error === "unexpected") {
|
567
|
+
throw new Error("Unexpected error while setting active org");
|
568
|
+
} else if (response2.error === "unauthorized") {
|
569
|
+
console.error(
|
570
|
+
"Unauthorized error while setting active org. Your user may not have access to this org"
|
571
|
+
);
|
572
|
+
return new Response("Unauthorized", { status: 401 });
|
573
|
+
} else {
|
574
|
+
const headers3 = new Headers();
|
575
|
+
headers3.append("Location", returnToPath);
|
576
|
+
headers3.append(
|
577
|
+
"Set-Cookie",
|
578
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
579
|
+
);
|
580
|
+
headers3.append(
|
581
|
+
"Set-Cookie",
|
582
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
583
|
+
);
|
584
|
+
headers3.append(
|
585
|
+
"Set-Cookie",
|
586
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
587
|
+
);
|
588
|
+
headers3.append(
|
589
|
+
"Set-Cookie",
|
590
|
+
`${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
591
|
+
);
|
592
|
+
return new Response(null, {
|
593
|
+
status: 302,
|
594
|
+
headers: headers3
|
595
|
+
});
|
596
|
+
}
|
597
|
+
}
|
527
598
|
const headers2 = new Headers();
|
528
599
|
headers2.append("Location", returnToPath);
|
529
600
|
headers2.append(
|
@@ -534,6 +605,10 @@ function getRouteHandlers(args) {
|
|
534
605
|
"Set-Cookie",
|
535
606
|
`${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
536
607
|
);
|
608
|
+
headers2.append(
|
609
|
+
"Set-Cookie",
|
610
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
611
|
+
);
|
537
612
|
headers2.append(
|
538
613
|
"Set-Cookie",
|
539
614
|
`${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
@@ -554,10 +629,11 @@ function getRouteHandlers(args) {
|
|
554
629
|
}
|
555
630
|
function userinfoGetHandler(req) {
|
556
631
|
return __async(this, null, function* () {
|
557
|
-
var _a;
|
632
|
+
var _a, _b;
|
558
633
|
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
634
|
+
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
|
559
635
|
if (oldRefreshToken) {
|
560
|
-
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
|
636
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
|
561
637
|
if (refreshResponse.error === "unexpected") {
|
562
638
|
throw new Error("Unexpected error while refreshing access token");
|
563
639
|
} else if (refreshResponse.error === "unauthorized") {
|
@@ -570,6 +646,10 @@ function getRouteHandlers(args) {
|
|
570
646
|
"Set-Cookie",
|
571
647
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
572
648
|
);
|
649
|
+
headers3.append(
|
650
|
+
"Set-Cookie",
|
651
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
652
|
+
);
|
573
653
|
return new Response("Unauthorized", { status: 401, headers: headers3 });
|
574
654
|
}
|
575
655
|
const refreshToken = refreshResponse.refreshToken;
|
@@ -588,7 +668,8 @@ function getRouteHandlers(args) {
|
|
588
668
|
const jsonResponse = {
|
589
669
|
userinfo: data,
|
590
670
|
accessToken,
|
591
|
-
impersonatorUserId: userFromToken.impersonatorUserId
|
671
|
+
impersonatorUserId: userFromToken.impersonatorUserId,
|
672
|
+
activeOrgId
|
592
673
|
};
|
593
674
|
const headers3 = new Headers();
|
594
675
|
headers3.append(
|
@@ -614,6 +695,10 @@ function getRouteHandlers(args) {
|
|
614
695
|
"Set-Cookie",
|
615
696
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
616
697
|
);
|
698
|
+
headers3.append(
|
699
|
+
"Set-Cookie",
|
700
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
701
|
+
);
|
617
702
|
return new Response(null, {
|
618
703
|
status: 401,
|
619
704
|
headers: headers3
|
@@ -625,12 +710,13 @@ function getRouteHandlers(args) {
|
|
625
710
|
const headers2 = new Headers();
|
626
711
|
headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
627
712
|
headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
713
|
+
headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
628
714
|
return new Response(null, { status: 401 });
|
629
715
|
});
|
630
716
|
}
|
631
717
|
function logoutGetHandler(req) {
|
632
718
|
return __async(this, null, function* () {
|
633
|
-
var _a;
|
719
|
+
var _a, _b;
|
634
720
|
const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
|
635
721
|
if (!path) {
|
636
722
|
console.error("postLoginPathFn returned undefined");
|
@@ -648,12 +734,17 @@ function getRouteHandlers(args) {
|
|
648
734
|
"Set-Cookie",
|
649
735
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
650
736
|
);
|
737
|
+
headers2.append(
|
738
|
+
"Set-Cookie",
|
739
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
740
|
+
);
|
651
741
|
return new Response(null, {
|
652
742
|
status: 302,
|
653
743
|
headers: headers2
|
654
744
|
});
|
655
745
|
}
|
656
|
-
const
|
746
|
+
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
|
747
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
|
657
748
|
if (refreshResponse.error === "unexpected") {
|
658
749
|
console.error("Unexpected error while refreshing access token");
|
659
750
|
return new Response("Unexpected error", { status: 500 });
|
@@ -668,6 +759,10 @@ function getRouteHandlers(args) {
|
|
668
759
|
"Set-Cookie",
|
669
760
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
670
761
|
);
|
762
|
+
headers2.append(
|
763
|
+
"Set-Cookie",
|
764
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
765
|
+
);
|
671
766
|
return new Response(null, {
|
672
767
|
status: 302,
|
673
768
|
headers: headers2
|
@@ -696,6 +791,10 @@ function getRouteHandlers(args) {
|
|
696
791
|
"Set-Cookie",
|
697
792
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
698
793
|
);
|
794
|
+
headers3.append(
|
795
|
+
"Set-Cookie",
|
796
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
797
|
+
);
|
699
798
|
return new Response(null, { status: 200, headers: headers3 });
|
700
799
|
}
|
701
800
|
const authUrlOrigin = getAuthUrlOrigin();
|
@@ -720,9 +819,78 @@ function getRouteHandlers(args) {
|
|
720
819
|
const headers2 = new Headers();
|
721
820
|
headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
722
821
|
headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
822
|
+
headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
723
823
|
return new Response(null, { status: 200, headers: headers2 });
|
724
824
|
});
|
725
825
|
}
|
826
|
+
function setActiveOrgHandler(req) {
|
827
|
+
return __async(this, null, function* () {
|
828
|
+
var _a;
|
829
|
+
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
830
|
+
const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
|
831
|
+
if (!oldRefreshToken) {
|
832
|
+
const headers2 = new Headers();
|
833
|
+
headers2.append(
|
834
|
+
"Set-Cookie",
|
835
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
836
|
+
);
|
837
|
+
return new Response(null, { status: 401, headers: headers2 });
|
838
|
+
}
|
839
|
+
if (!activeOrgId) {
|
840
|
+
return new Response(null, { status: 400 });
|
841
|
+
}
|
842
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
|
843
|
+
if (refreshResponse.error === "unexpected") {
|
844
|
+
throw new Error("Unexpected error while setting active org id");
|
845
|
+
} else if (refreshResponse.error === "unauthorized") {
|
846
|
+
return new Response("Unauthorized", { status: 401 });
|
847
|
+
}
|
848
|
+
const refreshToken = refreshResponse.refreshToken;
|
849
|
+
const accessToken = refreshResponse.accessToken;
|
850
|
+
const authUrlOrigin = getAuthUrlOrigin();
|
851
|
+
const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
|
852
|
+
const response = yield fetch(path, {
|
853
|
+
headers: {
|
854
|
+
"Content-Type": "application/json",
|
855
|
+
Authorization: "Bearer " + accessToken
|
856
|
+
}
|
857
|
+
});
|
858
|
+
if (response.ok) {
|
859
|
+
const userFromToken = yield validateAccessToken(accessToken);
|
860
|
+
const data = yield response.json();
|
861
|
+
const jsonResponse = {
|
862
|
+
userinfo: data,
|
863
|
+
accessToken,
|
864
|
+
impersonatorUserId: userFromToken.impersonatorUserId,
|
865
|
+
activeOrgId
|
866
|
+
};
|
867
|
+
const headers2 = new Headers();
|
868
|
+
headers2.append(
|
869
|
+
"Set-Cookie",
|
870
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
871
|
+
);
|
872
|
+
headers2.append(
|
873
|
+
"Set-Cookie",
|
874
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
875
|
+
);
|
876
|
+
headers2.append(
|
877
|
+
"Set-Cookie",
|
878
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
879
|
+
);
|
880
|
+
headers2.append("Content-Type", "application/json");
|
881
|
+
return new Response(JSON.stringify(jsonResponse), {
|
882
|
+
status: 200,
|
883
|
+
headers: headers2
|
884
|
+
});
|
885
|
+
} else if (response.status === 401) {
|
886
|
+
return new Response(null, {
|
887
|
+
status: 401
|
888
|
+
});
|
889
|
+
} else {
|
890
|
+
return new Response(null, { status: 500 });
|
891
|
+
}
|
892
|
+
});
|
893
|
+
}
|
726
894
|
function getRouteHandler(req, { params }) {
|
727
895
|
if (params.slug === "login") {
|
728
896
|
return loginGetHandler(req);
|
@@ -741,6 +909,8 @@ function getRouteHandlers(args) {
|
|
741
909
|
function postRouteHandler(req, { params }) {
|
742
910
|
if (params.slug === "logout") {
|
743
911
|
return logoutPostHandler(req);
|
912
|
+
} else if (params.slug === "set-active-org") {
|
913
|
+
return setActiveOrgHandler(req);
|
744
914
|
} else {
|
745
915
|
return new Response("", { status: 404 });
|
746
916
|
}
|