@propelauth/nextjs 0.0.118 → 0.0.119

Sign up to get free protection for your applications and to get access to all the features.
Files changed (21) hide show
  1. package/dist/client/index.d.ts +69 -2
  2. package/dist/client/index.js +142 -8
  3. package/dist/client/index.js.map +1 -1
  4. package/dist/client/index.mjs +142 -8
  5. package/dist/client/index.mjs.map +1 -1
  6. package/dist/server/app-router/index.d.ts +63 -2
  7. package/dist/server/app-router/index.js +203 -33
  8. package/dist/server/app-router/index.js.map +1 -1
  9. package/dist/server/app-router/index.mjs +203 -33
  10. package/dist/server/app-router/index.mjs.map +1 -1
  11. package/dist/server/index.d.ts +61 -1
  12. package/dist/server/index.js +38 -13
  13. package/dist/server/index.js.map +1 -1
  14. package/dist/server/index.mjs +38 -13
  15. package/dist/server/index.mjs.map +1 -1
  16. package/dist/server/pages/index.d.ts +61 -1
  17. package/dist/server/pages/index.js +53 -21
  18. package/dist/server/pages/index.js.map +1 -1
  19. package/dist/server/pages/index.mjs +53 -21
  20. package/dist/server/pages/index.mjs.map +1 -1
  21. package/package.json +1 -1
package/dist/server/index.mjs CHANGED
@@ -46,8 +46,9 @@ function toLoginMethod(snake_case) {
46
46
 
47
47
  // src/user.ts
48
48
  var UserFromToken = class {
49
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) {
49
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
50
50
  this.userId = userId;
51
+ this.activeOrgId = activeOrgId;
51
52
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
52
53
  this.email = email;
53
54
  this.firstName = firstName;
@@ -58,6 +59,15 @@ var UserFromToken = class {
58
59
  this.properties = properties;
59
60
  this.loginMethod = loginMethod;
60
61
  }
62
+ getActiveOrg() {
63
+ if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
64
+ return void 0;
65
+ }
66
+ return this.orgIdToOrgMemberInfo[this.activeOrgId];
67
+ }
68
+ getActiveOrgId() {
69
+ return this.activeOrgId;
70
+ }
61
71
  getOrg(orgId) {
62
72
  if (!this.orgIdToOrgMemberInfo) {
63
73
  return void 0;
@@ -102,9 +112,35 @@ var UserFromToken = class {
102
112
  obj.legacyUserId,
103
113
  obj.impersonatorUserId,
104
114
  obj.properties,
115
+ obj.activeOrgId,
105
116
  obj.loginMethod
106
117
  );
107
118
  }
119
+ static fromJwtPayload(payload) {
120
+ let activeOrgId;
121
+ let orgIdToOrgMemberInfo;
122
+ if (payload.org_member_info) {
123
+ activeOrgId = payload.org_member_info.org_id;
124
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
125
+ } else {
126
+ activeOrgId = void 0;
127
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
128
+ }
129
+ const loginMethod = toLoginMethod(payload.login_method);
130
+ return new UserFromToken(
131
+ payload.user_id,
132
+ payload.email,
133
+ orgIdToOrgMemberInfo,
134
+ payload.first_name,
135
+ payload.last_name,
136
+ payload.username,
137
+ payload.legacy_user_id,
138
+ payload.impersonatorUserId,
139
+ payload.properties,
140
+ activeOrgId,
141
+ loginMethod
142
+ );
143
+ }
108
144
  };
109
145
  var OrgMemberInfo = class {
110
146
  constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -153,18 +189,7 @@ var OrgMemberInfo = class {
153
189
  }
154
190
  };
155
191
  function toUser(snake_case) {
156
- return new UserFromToken(
157
- snake_case.user_id,
158
- snake_case.email,
159
- toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
160
- snake_case.first_name,
161
- snake_case.last_name,
162
- snake_case.username,
163
- snake_case.legacy_user_id,
164
- snake_case.impersonatorUserId,
165
- snake_case.properties,
166
- toLoginMethod(snake_case.login_method)
167
- );
192
+ return UserFromToken.fromJwtPayload(snake_case);
168
193
  }
169
194
  function toOrgIdToOrgMemberInfo(snake_case) {
170
195
  if (snake_case === void 0) {
package/dist/server/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/loginMethod.ts","../../src/user.ts","../../src/server/exceptions.ts","../../src/server/shared.ts","../../src/server/api.ts"],"sourcesContent":["export enum SocialLoginProvider {\n Google = 'Google',\n GitHub = 'GitHub',\n Microsoft = 'Microsoft',\n Slack = 'Slack',\n LinkedIn = 'LinkedIn',\n Salesforce = 'Salesforce',\n Xero = 'Xero',\n QuickBooksOnline = 'QuickBooks Online',\n}\n\nexport enum SamlLoginProvider {\n Google = 'Google',\n Rippling = 'Rippling',\n OneLogin = 'OneLogin',\n JumpCloud = 'JumpCloud',\n Okta = 'Okta',\n Azure = 'Azure',\n Duo = 'Duo',\n Generic = 'Generic',\n}\n\ntype InternalPasswordLoginMethod = {\n login_method: 'password'\n}\n\ntype InternalMagicLinkLoginMethod = {\n login_method: 'magic_link'\n}\n\ntype InternalSocialSsoLoginMethod = {\n login_method: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype InternalEmailConfirmationLinkLoginMethod = {\n login_method: 'email_confirmation_link'\n}\n\ntype InternalSamlSsoLoginMethod = {\n login_method: 'saml_sso'\n provider: SamlLoginProvider\n org_id: string\n}\n\ntype InternalImpersonationLoginMethod = {\n login_method: 'impersonation'\n}\n\ntype InternalGeneratedFromBackendApiLoginMethod = {\n login_method: 'generated_from_backend_api'\n}\n\ntype InternalUnknownLoginMethod = {\n login_method: 'unknown'\n}\n\nexport type InternalLoginMethod =\n | InternalPasswordLoginMethod\n | InternalMagicLinkLoginMethod\n | InternalSocialSsoLoginMethod\n | InternalEmailConfirmationLinkLoginMethod\n | InternalSamlSsoLoginMethod\n | InternalImpersonationLoginMethod\n | InternalGeneratedFromBackendApiLoginMethod\n | InternalUnknownLoginMethod\n\ntype PasswordLoginMethod = {\n loginMethod: 'password'\n}\n\ntype MagicLinkLoginMethod = {\n loginMethod: 'magic_link'\n}\n\ntype SocialSsoLoginMethod = {\n loginMethod: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype EmailConfirmationLinkLoginMethod = {\n loginMethod: 'email_confirmation_link'\n}\n\ntype SamlSsoLoginMethod = {\n loginMethod: 'saml_sso'\n provider: SamlLoginProvider\n orgId: string\n}\n\ntype ImpersonationLoginMethod = {\n loginMethod: 'impersonation'\n}\n\ntype GeneratedFromBackendApiLoginMethod = {\n loginMethod: 'generated_from_backend_api'\n}\n\ntype UnknownLoginMethod = {\n loginMethod: 'unknown'\n}\n\nexport type LoginMethod =\n | PasswordLoginMethod\n | MagicLinkLoginMethod\n | SocialSsoLoginMethod\n | EmailConfirmationLinkLoginMethod\n | SamlSsoLoginMethod\n | ImpersonationLoginMethod\n | GeneratedFromBackendApiLoginMethod\n | UnknownLoginMethod\n\nexport function toLoginMethod(snake_case?: InternalLoginMethod): LoginMethod {\n if (!snake_case) {\n return { loginMethod: 'unknown' }\n }\n\n switch (snake_case.login_method) {\n case 'password':\n return { loginMethod: 'password' }\n case 'magic_link':\n return { loginMethod: 'magic_link' }\n case 'social_sso':\n return { loginMethod: 'social_sso', provider: snake_case.provider }\n case 'email_confirmation_link':\n return { loginMethod: 'email_confirmation_link' }\n case 'saml_sso':\n return { loginMethod: 'saml_sso', provider: snake_case.provider, orgId: snake_case.org_id }\n case 'impersonation':\n return { loginMethod: 'impersonation' }\n case 'generated_from_backend_api':\n return { loginMethod: 'generated_from_backend_api' }\n default:\n return { loginMethod: 'unknown' }\n }\n}\n","import { InternalLoginMethod, LoginMethod, toLoginMethod } from './loginMethod'\n\nexport class UserFromToken {\n public userId: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n public loginMethod?: LoginMethod\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n loginMethod?: LoginMethod\n ) {\n this.userId = userId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n this.loginMethod = loginMethod\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, '-')\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]))\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties,\n obj.loginMethod\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n return this.userAssignedRole === role\n }\n\n public isAtLeastRole(role: string): boolean {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n return this.userInheritedRolesPlusCurrentRole\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n}\n\nexport type InternalUser = {\n user_id: string\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n login_method?: InternalLoginMethod\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return new UserFromToken(\n snake_case.user_id,\n snake_case.email,\n toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),\n snake_case.first_name,\n snake_case.last_name,\n snake_case.username,\n snake_case.legacy_user_id,\n snake_case.impersonatorUserId,\n snake_case.properties,\n toLoginMethod(snake_case.login_method)\n )\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions\n )\n }\n }\n\n return camelCase\n}\n","export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import {ResponseCookie} from \"next/dist/compiled/@edge-runtime/cookies\";\nimport {InternalUser, toUser, UserFromToken} from \"../user\";\nimport {ConfigurationException, UnauthorizedException} from \"./exceptions\";\nimport * as jose from \"jose\";\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: \"none\"\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: \"unauthorized\"\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: \"unexpected\"\n}\n\nexport type RefreshTokenResponse =\n RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = \"/api/auth/login\"\nexport const CALLBACK_PATH = \"/api/auth/callback\"\nexport const USERINFO_PATH = \"/api/auth/userinfo\"\nexport const LOGOUT_PATH = \"/api/auth/logout\"\nexport const ACCESS_TOKEN_COOKIE_NAME = \"__pa_at\"\nexport const REFRESH_TOKEN_COOKIE_NAME = \"__pa_rt\"\nexport const STATE_COOKIE_NAME = \"__pa_state\"\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = \"x-propelauth-access-token\"\nexport const RETURN_TO_PATH_COOKIE_NAME = \"__pa_return_to_path\"\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: \"lax\",\n secure: true,\n path: \"/\",\n}\n\nexport function getAuthUrlOrigin() {\n return getAuthUrl().origin\n}\n\nexport function getAuthUrl() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error(\"NEXT_PUBLIC_AUTH_URL is not set\")\n }\n return new URL(authUrl)\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.PROPELAUTH_REDIRECT_URI\n if (!redirectUri) {\n throw new Error(\"PROPELAUTH_REDIRECT_URI is not set\")\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error(\"PROPELAUTH_API_KEY is not set\")\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.PROPELAUTH_VERIFIER_KEY\n if (!verifierKey) {\n throw new Error(\"PROPELAUTH_VERIFIER_KEY is not set\")\n }\n return verifierKey.replace(/\\\\n/g, \"\\n\")\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(refreshToken: string): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`\n const response = await fetch(url, {\n method: \"POST\",\n body: JSON.stringify(body),\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: \"Bearer \" + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const {\n access_token: accessToken,\n expires_at_seconds: expiresAtSeconds,\n } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: \"none\",\n }\n } else if (response.status === 400 || response.status === 401) {\n return {error: \"unauthorized\"}\n } else {\n return {error: \"unexpected\"}\n }\n}\n\nexport async function validateAccessTokenOrUndefined(accessToken: string | undefined): Promise<UserFromToken | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.info(\"Error validating access token\", err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<UserFromToken> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), \"RS256\")\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException(\"Invalid verifier key\")\n }\n\n if (!accessToken) {\n throw new UnauthorizedException(\"No access token provided\")\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith(\"bearer \")) {\n accessTokenWithoutBearer = accessToken.substring(\"bearer \".length)\n }\n\n try {\n const {payload} = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: [\"RS256\"],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException(\"Unable to decode jwt\")\n }\n }\n}\n","import {getApis} from \"@propelauth/node-apis\";\nimport {getAuthUrl, getIntegrationApiKey} from \"./shared\";\n\nexport const getPropelAuthApis = () => {\n const authUrl = getAuthUrl()\n const integrationApiKey = getIntegrationApiKey()\n\n return getApis(authUrl, integrationApiKey)\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAgHO,SAAS,cAAc,YAA+C;AACzE,MAAI,CAAC,YAAY;AACb,WAAO,EAAE,aAAa,UAAU;AAAA,EACpC;AAEA,UAAQ,WAAW,cAAc;AAAA,IAC7B,KAAK;AACD,aAAO,EAAE,aAAa,WAAW;AAAA,IACrC,KAAK;AACD,aAAO,EAAE,aAAa,aAAa;AAAA,IACvC,KAAK;AACD,aAAO,EAAE,aAAa,cAAc,UAAU,WAAW,SAAS;AAAA,IACtE,KAAK;AACD,aAAO,EAAE,aAAa,0BAA0B;AAAA,IACpD,KAAK;AACD,aAAO,EAAE,aAAa,YAAY,UAAU,WAAW,UAAU,OAAO,WAAW,OAAO;AAAA,IAC9F,KAAK;AACD,aAAO,EAAE,aAAa,gBAAgB;AAAA,IAC1C,KAAK;AACD,aAAO,EAAE,aAAa,6BAA6B;AAAA,IACvD;AACI,aAAO,EAAE,aAAa,UAAU;AAAA,EACxC;AACJ;;;ACrIO,IAAM,gBAAN,MAAoB;AAAA,EAiBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACA,aACF;AACE,SAAK,SAAS;AACd,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAClB,SAAK,cAAc;AAAA,EACvB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc,SAAS,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC,CAAC;AAAA,IACxG;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AACJ;AAMO,IAAM,gBAAN,MAAoB;AAAA,EAUvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AAEtB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AAAA,EAC3B;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,WAAO,KAAK,qBAAqB;AAAA,EACrC;AAAA,EAEO,cAAc,MAAuB;AACxC,WAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,EAC/D;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAA0C;AAC1C,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AA8BO,SAAS,OAAO,YAAyC;AAC5D,SAAO,IAAI;AAAA,IACP,WAAW;AAAA,IACX,WAAW;AAAA,IACX,uBAAuB,WAAW,yBAAyB;AAAA,IAC3D,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,cAAc,WAAW,YAAY;AAAA,EACzC;AACJ;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;ACzPO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACjBA,YAAY,UAAU;AAsCf,SAAS,mBAAmB;AAC/B,SAAO,WAAW,EAAE;AACxB;AAEO,SAAS,aAAa;AACzB,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO;AAC1B;AAUO,SAAS,uBAAuB;AACnC,QAAM,oBAAoB,QAAQ,IAAI;AACtC,MAAI,CAAC,mBAAmB;AACpB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AACA,SAAO;AACX;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AAoCA,SAAsB,+BAA+B,aAAqE;AAAA;AACtH,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,KAAK,iCAAiC,GAAG;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAyD;AAAA;AAC/F,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAC,QAAO,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QACxE,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;;;AC9JA,SAAQ,eAAc;AAGf,IAAM,oBAAoB,MAAM;AACnC,QAAM,UAAU,WAAW;AAC3B,QAAM,oBAAoB,qBAAqB;AAE/C,SAAO,QAAQ,SAAS,iBAAiB;AAC7C;","names":[]}
1
+ {"version":3,"sources":["../../src/loginMethod.ts","../../src/user.ts","../../src/server/exceptions.ts","../../src/server/shared.ts","../../src/server/api.ts"],"sourcesContent":["export enum SocialLoginProvider {\n Google = 'Google',\n GitHub = 'GitHub',\n Microsoft = 'Microsoft',\n Slack = 'Slack',\n LinkedIn = 'LinkedIn',\n Salesforce = 'Salesforce',\n Xero = 'Xero',\n QuickBooksOnline = 'QuickBooks Online',\n}\n\nexport enum SamlLoginProvider {\n Google = 'Google',\n Rippling = 'Rippling',\n OneLogin = 'OneLogin',\n JumpCloud = 'JumpCloud',\n Okta = 'Okta',\n Azure = 'Azure',\n Duo = 'Duo',\n Generic = 'Generic',\n}\n\ntype InternalPasswordLoginMethod = {\n login_method: 'password'\n}\n\ntype InternalMagicLinkLoginMethod = {\n login_method: 'magic_link'\n}\n\ntype InternalSocialSsoLoginMethod = {\n login_method: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype InternalEmailConfirmationLinkLoginMethod = {\n login_method: 'email_confirmation_link'\n}\n\ntype InternalSamlSsoLoginMethod = {\n login_method: 'saml_sso'\n provider: SamlLoginProvider\n org_id: string\n}\n\ntype InternalImpersonationLoginMethod = {\n login_method: 'impersonation'\n}\n\ntype InternalGeneratedFromBackendApiLoginMethod = {\n login_method: 'generated_from_backend_api'\n}\n\ntype InternalUnknownLoginMethod = {\n login_method: 'unknown'\n}\n\nexport type InternalLoginMethod =\n | InternalPasswordLoginMethod\n | InternalMagicLinkLoginMethod\n | InternalSocialSsoLoginMethod\n | InternalEmailConfirmationLinkLoginMethod\n | InternalSamlSsoLoginMethod\n | InternalImpersonationLoginMethod\n | InternalGeneratedFromBackendApiLoginMethod\n | InternalUnknownLoginMethod\n\ntype PasswordLoginMethod = {\n loginMethod: 'password'\n}\n\ntype MagicLinkLoginMethod = {\n loginMethod: 'magic_link'\n}\n\ntype SocialSsoLoginMethod = {\n loginMethod: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype EmailConfirmationLinkLoginMethod = {\n loginMethod: 'email_confirmation_link'\n}\n\ntype SamlSsoLoginMethod = {\n loginMethod: 'saml_sso'\n provider: SamlLoginProvider\n orgId: string\n}\n\ntype ImpersonationLoginMethod = {\n loginMethod: 'impersonation'\n}\n\ntype GeneratedFromBackendApiLoginMethod = {\n loginMethod: 'generated_from_backend_api'\n}\n\ntype UnknownLoginMethod = {\n loginMethod: 'unknown'\n}\n\nexport type LoginMethod =\n | PasswordLoginMethod\n | MagicLinkLoginMethod\n | SocialSsoLoginMethod\n | EmailConfirmationLinkLoginMethod\n | SamlSsoLoginMethod\n | ImpersonationLoginMethod\n | GeneratedFromBackendApiLoginMethod\n | UnknownLoginMethod\n\nexport function toLoginMethod(snake_case?: InternalLoginMethod): LoginMethod {\n if (!snake_case) {\n return { loginMethod: 'unknown' }\n }\n\n switch (snake_case.login_method) {\n case 'password':\n return { loginMethod: 'password' }\n case 'magic_link':\n return { loginMethod: 'magic_link' }\n case 'social_sso':\n return { loginMethod: 'social_sso', provider: snake_case.provider }\n case 'email_confirmation_link':\n return { loginMethod: 'email_confirmation_link' }\n case 'saml_sso':\n return { loginMethod: 'saml_sso', provider: snake_case.provider, orgId: snake_case.org_id }\n case 'impersonation':\n return { loginMethod: 'impersonation' }\n case 'generated_from_backend_api':\n return { loginMethod: 'generated_from_backend_api' }\n default:\n return { loginMethod: 'unknown' }\n }\n}\n","import { InternalLoginMethod, LoginMethod, toLoginMethod } from './loginMethod'\n\nexport class UserFromToken {\n public userId: string\n\n public activeOrgId?: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n public loginMethod?: LoginMethod\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n activeOrgId?: string,\n loginMethod?: LoginMethod\n ) {\n this.userId = userId\n\n this.activeOrgId = activeOrgId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n this.loginMethod = loginMethod\n }\n\n public getActiveOrg(): OrgMemberInfo | undefined {\n if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[this.activeOrgId]\n }\n\n public getActiveOrgId(): string | undefined {\n return this.activeOrgId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, '-')\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]))\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties,\n obj.activeOrgId,\n obj.loginMethod\n )\n }\n\n public static fromJwtPayload(payload: InternalUser): UserFromToken {\n let activeOrgId: string | undefined\n let orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo | undefined\n\n if (payload.org_member_info) {\n activeOrgId = payload.org_member_info.org_id\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info })\n } else {\n activeOrgId = undefined\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info)\n }\n\n const loginMethod = toLoginMethod(payload.login_method)\n\n return new UserFromToken(\n payload.user_id,\n payload.email,\n orgIdToOrgMemberInfo,\n payload.first_name,\n payload.last_name,\n payload.username,\n payload.legacy_user_id,\n payload.impersonatorUserId,\n payload.properties,\n activeOrgId,\n loginMethod\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n return this.userAssignedRole === role\n }\n\n public isAtLeastRole(role: string): boolean {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n return this.userInheritedRolesPlusCurrentRole\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n}\n\nexport type InternalUser = {\n user_id: string\n\n org_member_info?: InternalOrgMemberInfo\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n login_method?: InternalLoginMethod\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return UserFromToken.fromJwtPayload(snake_case)\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions\n )\n }\n }\n\n return camelCase\n}\n","export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import { ResponseCookie } from 'next/dist/compiled/@edge-runtime/cookies'\nimport { InternalUser, toUser, UserFromToken } from '../user'\nimport { ConfigurationException, UnauthorizedException } from './exceptions'\nimport * as jose from 'jose'\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: 'none'\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: 'unauthorized'\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: 'unexpected'\n}\n\nexport type RefreshTokenResponse =\n | RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = '/api/auth/login'\nexport const CALLBACK_PATH = '/api/auth/callback'\nexport const USERINFO_PATH = '/api/auth/userinfo'\nexport const LOGOUT_PATH = '/api/auth/logout'\nexport const ACCESS_TOKEN_COOKIE_NAME = '__pa_at'\nexport const REFRESH_TOKEN_COOKIE_NAME = '__pa_rt'\nexport const STATE_COOKIE_NAME = '__pa_state'\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = 'x-propelauth-access-token'\nexport const RETURN_TO_PATH_COOKIE_NAME = '__pa_return_to_path'\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: 'lax',\n secure: true,\n path: '/',\n}\n\nexport function getAuthUrlOrigin() {\n return getAuthUrl().origin\n}\n\nexport function getAuthUrl() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error('NEXT_PUBLIC_AUTH_URL is not set')\n }\n return new URL(authUrl)\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.PROPELAUTH_REDIRECT_URI\n if (!redirectUri) {\n throw new Error('PROPELAUTH_REDIRECT_URI is not set')\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error('PROPELAUTH_API_KEY is not set')\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.PROPELAUTH_VERIFIER_KEY\n if (!verifierKey) {\n throw new Error('PROPELAUTH_VERIFIER_KEY is not set')\n }\n return verifierKey.replace(/\\\\n/g, '\\n')\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(\n refreshToken: string,\n activeOrgId?: string\n): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n\n const queryParams = new URLSearchParams()\n if (activeOrgId) {\n queryParams.set('with_active_org_support', 'true')\n queryParams.set('active_org_id', activeOrgId)\n }\n\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`\n const response = await fetch(url, {\n method: 'POST',\n body: JSON.stringify(body),\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: 'none',\n }\n } else if (response.status === 400 || response.status === 401) {\n return { error: 'unauthorized' }\n } else {\n return { error: 'unexpected' }\n }\n}\n\nexport async function validateAccessTokenOrUndefined(\n accessToken: string | undefined\n): Promise<UserFromToken | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.info('Error validating access token', err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<UserFromToken> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), 'RS256')\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException('Invalid verifier key')\n }\n\n if (!accessToken) {\n throw new UnauthorizedException('No access token provided')\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith('bearer ')) {\n accessTokenWithoutBearer = accessToken.substring('bearer '.length)\n }\n\n try {\n const { payload } = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: ['RS256'],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException('Unable to decode jwt')\n }\n }\n}\n","import {getApis} from \"@propelauth/node-apis\";\nimport {getAuthUrl, getIntegrationApiKey} from \"./shared\";\n\nexport const getPropelAuthApis = () => {\n const authUrl = getAuthUrl()\n const integrationApiKey = getIntegrationApiKey()\n\n return getApis(authUrl, integrationApiKey)\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAgHO,SAAS,cAAc,YAA+C;AACzE,MAAI,CAAC,YAAY;AACb,WAAO,EAAE,aAAa,UAAU;AAAA,EACpC;AAEA,UAAQ,WAAW,cAAc;AAAA,IAC7B,KAAK;AACD,aAAO,EAAE,aAAa,WAAW;AAAA,IACrC,KAAK;AACD,aAAO,EAAE,aAAa,aAAa;AAAA,IACvC,KAAK;AACD,aAAO,EAAE,aAAa,cAAc,UAAU,WAAW,SAAS;AAAA,IACtE,KAAK;AACD,aAAO,EAAE,aAAa,0BAA0B;AAAA,IACpD,KAAK;AACD,aAAO,EAAE,aAAa,YAAY,UAAU,WAAW,UAAU,OAAO,WAAW,OAAO;AAAA,IAC9F,KAAK;AACD,aAAO,EAAE,aAAa,gBAAgB;AAAA,IAC1C,KAAK;AACD,aAAO,EAAE,aAAa,6BAA6B;AAAA,IACvD;AACI,aAAO,EAAE,aAAa,UAAU;AAAA,EACxC;AACJ;;;ACrIO,IAAM,gBAAN,MAAoB;AAAA,EAmBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACA,aACA,aACF;AACE,SAAK,SAAS;AAEd,SAAK,cAAc;AACnB,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAClB,SAAK,cAAc;AAAA,EACvB;AAAA,EAEO,eAA0C;AAC7C,QAAI,CAAC,KAAK,eAAe,CAAC,KAAK,sBAAsB;AACjD,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK,WAAW;AAAA,EACrD;AAAA,EAEO,iBAAqC;AACxC,WAAO,KAAK;AAAA,EAChB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc,SAAS,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC,CAAC;AAAA,IACxG;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA,EAEA,OAAc,eAAe,SAAsC;AAC/D,QAAI;AACJ,QAAI;AAEJ,QAAI,QAAQ,iBAAiB;AACzB,oBAAc,QAAQ,gBAAgB;AACtC,6BAAuB,uBAAuB,EAAE,CAAC,WAAW,GAAG,QAAQ,gBAAgB,CAAC;AAAA,IAC5F,OAAO;AACH,oBAAc;AACd,6BAAuB,uBAAuB,QAAQ,yBAAyB;AAAA,IACnF;AAEA,UAAM,cAAc,cAAc,QAAQ,YAAY;AAEtD,WAAO,IAAI;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AACJ;AAMO,IAAM,gBAAN,MAAoB;AAAA,EAUvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AAEtB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AAAA,EAC3B;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,WAAO,KAAK,qBAAqB;AAAA,EACrC;AAAA,EAEO,cAAc,MAAuB;AACxC,WAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,EAC/D;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAA0C;AAC1C,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AAgCO,SAAS,OAAO,YAAyC;AAC5D,SAAO,cAAc,eAAe,UAAU;AAClD;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;AC/RO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACjBA,YAAY,UAAU;AAsCf,SAAS,mBAAmB;AAC/B,SAAO,WAAW,EAAE;AACxB;AAEO,SAAS,aAAa;AACzB,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO;AAC1B;AAUO,SAAS,uBAAuB;AACnC,QAAM,oBAAoB,QAAQ,IAAI;AACtC,MAAI,CAAC,mBAAmB;AACpB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AACA,SAAO;AACX;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AA2CA,SAAsB,+BAClB,aACkC;AAAA;AAClC,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,KAAK,iCAAiC,GAAG;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAyD;AAAA;AAC/F,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAE,QAAQ,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QAC1E,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;;;ACvKA,SAAQ,eAAc;AAGf,IAAM,oBAAoB,MAAM;AACnC,QAAM,UAAU,WAAW;AAC3B,QAAM,oBAAoB,qBAAqB;AAE/C,SAAO,QAAQ,SAAS,iBAAiB;AAC7C;","names":[]}
package/dist/server/pages/index.d.ts CHANGED
@@ -20,6 +20,34 @@ declare enum SamlLoginProvider {
20
20
  Duo = "Duo",
21
21
  Generic = "Generic"
22
22
  }
23
+ type InternalPasswordLoginMethod = {
24
+ login_method: 'password';
25
+ };
26
+ type InternalMagicLinkLoginMethod = {
27
+ login_method: 'magic_link';
28
+ };
29
+ type InternalSocialSsoLoginMethod = {
30
+ login_method: 'social_sso';
31
+ provider: SocialLoginProvider;
32
+ };
33
+ type InternalEmailConfirmationLinkLoginMethod = {
34
+ login_method: 'email_confirmation_link';
35
+ };
36
+ type InternalSamlSsoLoginMethod = {
37
+ login_method: 'saml_sso';
38
+ provider: SamlLoginProvider;
39
+ org_id: string;
40
+ };
41
+ type InternalImpersonationLoginMethod = {
42
+ login_method: 'impersonation';
43
+ };
44
+ type InternalGeneratedFromBackendApiLoginMethod = {
45
+ login_method: 'generated_from_backend_api';
46
+ };
47
+ type InternalUnknownLoginMethod = {
48
+ login_method: 'unknown';
49
+ };
50
+ type InternalLoginMethod = InternalPasswordLoginMethod | InternalMagicLinkLoginMethod | InternalSocialSsoLoginMethod | InternalEmailConfirmationLinkLoginMethod | InternalSamlSsoLoginMethod | InternalImpersonationLoginMethod | InternalGeneratedFromBackendApiLoginMethod | InternalUnknownLoginMethod;
23
51
  type PasswordLoginMethod = {
24
52
  loginMethod: 'password';
25
53
  };
@@ -51,6 +79,7 @@ type LoginMethod = PasswordLoginMethod | MagicLinkLoginMethod | SocialSsoLoginMe
51
79
 
52
80
  declare class UserFromToken {
53
81
  userId: string;
82
+ activeOrgId?: string;
54
83
  orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo;
55
84
  email: string;
56
85
  firstName?: string;
@@ -64,12 +93,15 @@ declare class UserFromToken {
64
93
  impersonatorUserId?: string;
65
94
  constructor(userId: string, email: string, orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo, firstName?: string, lastName?: string, username?: string, legacyUserId?: string, impersonatorUserId?: string, properties?: {
66
95
  [key: string]: unknown;
67
- }, loginMethod?: LoginMethod);
96
+ }, activeOrgId?: string, loginMethod?: LoginMethod);
97
+ getActiveOrg(): OrgMemberInfo | undefined;
98
+ getActiveOrgId(): string | undefined;
68
99
  getOrg(orgId: string): OrgMemberInfo | undefined;
69
100
  getOrgByName(orgName: string): OrgMemberInfo | undefined;
70
101
  getOrgs(): OrgMemberInfo[];
71
102
  isImpersonating(): boolean;
72
103
  static fromJSON(json: string): UserFromToken;
104
+ static fromJwtPayload(payload: InternalUser): UserFromToken;
73
105
  }
74
106
  type OrgIdToOrgMemberInfo = {
75
107
  [orgId: string]: OrgMemberInfo;
@@ -96,6 +128,34 @@ declare class OrgMemberInfo {
96
128
  get inheritedRolesPlusCurrentRole(): string[];
97
129
  get permissions(): string[];
98
130
  }
131
+ type InternalOrgMemberInfo = {
132
+ org_id: string;
133
+ org_name: string;
134
+ org_metadata: {
135
+ [key: string]: any;
136
+ };
137
+ url_safe_org_name: string;
138
+ user_role: string;
139
+ inherited_user_roles_plus_current_role: string[];
140
+ user_permissions: string[];
141
+ };
142
+ type InternalUser = {
143
+ user_id: string;
144
+ org_member_info?: InternalOrgMemberInfo;
145
+ org_id_to_org_member_info?: {
146
+ [org_id: string]: InternalOrgMemberInfo;
147
+ };
148
+ email: string;
149
+ first_name?: string;
150
+ last_name?: string;
151
+ username?: string;
152
+ properties?: {
153
+ [key: string]: unknown;
154
+ };
155
+ login_method?: InternalLoginMethod;
156
+ legacy_user_id?: string;
157
+ impersonatorUserId?: string;
158
+ };
99
159
 
100
160
  declare function getUserFromServerSideProps(props: GetServerSidePropsContext, forceRefresh?: boolean): Promise<UserFromToken | undefined>;
101
161
  declare function getUserFromApiRouteRequest(req: NextApiRequest, res: NextApiResponse, forceRefresh?: boolean): Promise<UserFromToken | undefined>;
package/dist/server/pages/index.js CHANGED
@@ -82,8 +82,9 @@ function toLoginMethod(snake_case) {
82
82
 
83
83
  // src/user.ts
84
84
  var UserFromToken = class {
85
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) {
85
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
86
86
  this.userId = userId;
87
+ this.activeOrgId = activeOrgId;
87
88
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
88
89
  this.email = email;
89
90
  this.firstName = firstName;
@@ -94,6 +95,15 @@ var UserFromToken = class {
94
95
  this.properties = properties;
95
96
  this.loginMethod = loginMethod;
96
97
  }
98
+ getActiveOrg() {
99
+ if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
100
+ return void 0;
101
+ }
102
+ return this.orgIdToOrgMemberInfo[this.activeOrgId];
103
+ }
104
+ getActiveOrgId() {
105
+ return this.activeOrgId;
106
+ }
97
107
  getOrg(orgId) {
98
108
  if (!this.orgIdToOrgMemberInfo) {
99
109
  return void 0;
@@ -138,9 +148,35 @@ var UserFromToken = class {
138
148
  obj.legacyUserId,
139
149
  obj.impersonatorUserId,
140
150
  obj.properties,
151
+ obj.activeOrgId,
141
152
  obj.loginMethod
142
153
  );
143
154
  }
155
+ static fromJwtPayload(payload) {
156
+ let activeOrgId;
157
+ let orgIdToOrgMemberInfo;
158
+ if (payload.org_member_info) {
159
+ activeOrgId = payload.org_member_info.org_id;
160
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
161
+ } else {
162
+ activeOrgId = void 0;
163
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
164
+ }
165
+ const loginMethod = toLoginMethod(payload.login_method);
166
+ return new UserFromToken(
167
+ payload.user_id,
168
+ payload.email,
169
+ orgIdToOrgMemberInfo,
170
+ payload.first_name,
171
+ payload.last_name,
172
+ payload.username,
173
+ payload.legacy_user_id,
174
+ payload.impersonatorUserId,
175
+ payload.properties,
176
+ activeOrgId,
177
+ loginMethod
178
+ );
179
+ }
144
180
  };
145
181
  var OrgMemberInfo = class {
146
182
  constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -189,18 +225,7 @@ var OrgMemberInfo = class {
189
225
  }
190
226
  };
191
227
  function toUser(snake_case) {
192
- return new UserFromToken(
193
- snake_case.user_id,
194
- snake_case.email,
195
- toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
196
- snake_case.first_name,
197
- snake_case.last_name,
198
- snake_case.username,
199
- snake_case.legacy_user_id,
200
- snake_case.impersonatorUserId,
201
- snake_case.properties,
202
- toLoginMethod(snake_case.login_method)
203
- );
228
+ return UserFromToken.fromJwtPayload(snake_case);
204
229
  }
205
230
  function toOrgIdToOrgMemberInfo(snake_case) {
206
231
  if (snake_case === void 0) {
@@ -268,12 +293,17 @@ function getVerifierKey() {
268
293
  }
269
294
  return verifierKey.replace(/\\n/g, "\n");
270
295
  }
271
- function refreshTokenWithAccessAndRefreshToken(refreshToken) {
296
+ function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
272
297
  return __async(this, null, function* () {
273
298
  const body = {
274
299
  refresh_token: refreshToken
275
300
  };
276
- const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
301
+ const queryParams = new URLSearchParams();
302
+ if (activeOrgId) {
303
+ queryParams.set("with_active_org_support", "true");
304
+ queryParams.set("active_org_id", activeOrgId);
305
+ }
306
+ const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
277
307
  const response = yield fetch(url, {
278
308
  method: "POST",
279
309
  body: JSON.stringify(body),
@@ -285,10 +315,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
285
315
  if (response.ok) {
286
316
  const data = yield response.json();
287
317
  const newRefreshToken = data.refresh_token;
288
- const {
289
- access_token: accessToken,
290
- expires_at_seconds: expiresAtSeconds
291
- } = data.access_token;
318
+ const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
292
319
  return {
293
320
  refreshToken: newRefreshToken,
294
321
  accessToken,
@@ -349,11 +376,15 @@ function validateAccessToken(accessToken) {
349
376
  });
350
377
  }
351
378
 
379
+ // src/shared.ts
380
+ var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
381
+
352
382
  // src/server/pages.ts
353
383
  function getUserFromServerSideProps(props, forceRefresh = false) {
354
384
  return __async(this, null, function* () {
355
385
  const accessToken = props.req.cookies[ACCESS_TOKEN_COOKIE_NAME];
356
386
  const refreshToken = props.req.cookies[REFRESH_TOKEN_COOKIE_NAME];
387
+ const activeOrgId = props.req.cookies[ACTIVE_ORG_ID_COOKIE_NAME];
357
388
  if (accessToken && !forceRefresh) {
358
389
  const user = yield validateAccessTokenOrUndefined(accessToken);
359
390
  if (user) {
@@ -361,7 +392,7 @@ function getUserFromServerSideProps(props, forceRefresh = false) {
361
392
  }
362
393
  }
363
394
  if (refreshToken) {
364
- const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
395
+ const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
365
396
  if (response.error === "unexpected") {
366
397
  throw new Error("Unexpected error while refreshing access token");
367
398
  } else if (response.error === "unauthorized") {
@@ -386,6 +417,7 @@ function getUserFromApiRouteRequest(req, res, forceRefresh = false) {
386
417
  return __async(this, null, function* () {
387
418
  const accessToken = req.cookies[ACCESS_TOKEN_COOKIE_NAME];
388
419
  const refreshToken = req.cookies[REFRESH_TOKEN_COOKIE_NAME];
420
+ const activeOrgId = req.cookies[ACTIVE_ORG_ID_COOKIE_NAME];
389
421
  if (accessToken && !forceRefresh) {
390
422
  const user = yield validateAccessTokenOrUndefined(accessToken);
391
423
  if (user) {
@@ -393,7 +425,7 @@ function getUserFromApiRouteRequest(req, res, forceRefresh = false) {
393
425
  }
394
426
  }
395
427
  if (refreshToken) {
396
- const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
428
+ const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
397
429
  if (response.error === "unexpected") {
398
430
  throw new Error("Unexpected error while refreshing access token");
399
431
  } else if (response.error === "unauthorized") {
package/dist/server/pages/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/server/pages-index.ts","../../../src/loginMethod.ts","../../../src/user.ts","../../../src/server/exceptions.ts","../../../src/server/shared.ts","../../../src/server/pages.ts"],"sourcesContent":["export {getUserFromServerSideProps, getUserFromApiRouteRequest} from \"./pages\"","export enum SocialLoginProvider {\n Google = 'Google',\n GitHub = 'GitHub',\n Microsoft = 'Microsoft',\n Slack = 'Slack',\n LinkedIn = 'LinkedIn',\n Salesforce = 'Salesforce',\n Xero = 'Xero',\n QuickBooksOnline = 'QuickBooks Online',\n}\n\nexport enum SamlLoginProvider {\n Google = 'Google',\n Rippling = 'Rippling',\n OneLogin = 'OneLogin',\n JumpCloud = 'JumpCloud',\n Okta = 'Okta',\n Azure = 'Azure',\n Duo = 'Duo',\n Generic = 'Generic',\n}\n\ntype InternalPasswordLoginMethod = {\n login_method: 'password'\n}\n\ntype InternalMagicLinkLoginMethod = {\n login_method: 'magic_link'\n}\n\ntype InternalSocialSsoLoginMethod = {\n login_method: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype InternalEmailConfirmationLinkLoginMethod = {\n login_method: 'email_confirmation_link'\n}\n\ntype InternalSamlSsoLoginMethod = {\n login_method: 'saml_sso'\n provider: SamlLoginProvider\n org_id: string\n}\n\ntype InternalImpersonationLoginMethod = {\n login_method: 'impersonation'\n}\n\ntype InternalGeneratedFromBackendApiLoginMethod = {\n login_method: 'generated_from_backend_api'\n}\n\ntype InternalUnknownLoginMethod = {\n login_method: 'unknown'\n}\n\nexport type InternalLoginMethod =\n | InternalPasswordLoginMethod\n | InternalMagicLinkLoginMethod\n | InternalSocialSsoLoginMethod\n | InternalEmailConfirmationLinkLoginMethod\n | InternalSamlSsoLoginMethod\n | InternalImpersonationLoginMethod\n | InternalGeneratedFromBackendApiLoginMethod\n | InternalUnknownLoginMethod\n\ntype PasswordLoginMethod = {\n loginMethod: 'password'\n}\n\ntype MagicLinkLoginMethod = {\n loginMethod: 'magic_link'\n}\n\ntype SocialSsoLoginMethod = {\n loginMethod: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype EmailConfirmationLinkLoginMethod = {\n loginMethod: 'email_confirmation_link'\n}\n\ntype SamlSsoLoginMethod = {\n loginMethod: 'saml_sso'\n provider: SamlLoginProvider\n orgId: string\n}\n\ntype ImpersonationLoginMethod = {\n loginMethod: 'impersonation'\n}\n\ntype GeneratedFromBackendApiLoginMethod = {\n loginMethod: 'generated_from_backend_api'\n}\n\ntype UnknownLoginMethod = {\n loginMethod: 'unknown'\n}\n\nexport type LoginMethod =\n | PasswordLoginMethod\n | MagicLinkLoginMethod\n | SocialSsoLoginMethod\n | EmailConfirmationLinkLoginMethod\n | SamlSsoLoginMethod\n | ImpersonationLoginMethod\n | GeneratedFromBackendApiLoginMethod\n | UnknownLoginMethod\n\nexport function toLoginMethod(snake_case?: InternalLoginMethod): LoginMethod {\n if (!snake_case) {\n return { loginMethod: 'unknown' }\n }\n\n switch (snake_case.login_method) {\n case 'password':\n return { loginMethod: 'password' }\n case 'magic_link':\n return { loginMethod: 'magic_link' }\n case 'social_sso':\n return { loginMethod: 'social_sso', provider: snake_case.provider }\n case 'email_confirmation_link':\n return { loginMethod: 'email_confirmation_link' }\n case 'saml_sso':\n return { loginMethod: 'saml_sso', provider: snake_case.provider, orgId: snake_case.org_id }\n case 'impersonation':\n return { loginMethod: 'impersonation' }\n case 'generated_from_backend_api':\n return { loginMethod: 'generated_from_backend_api' }\n default:\n return { loginMethod: 'unknown' }\n }\n}\n","import { InternalLoginMethod, LoginMethod, toLoginMethod } from './loginMethod'\n\nexport class UserFromToken {\n public userId: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n public loginMethod?: LoginMethod\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n loginMethod?: LoginMethod\n ) {\n this.userId = userId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n this.loginMethod = loginMethod\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, '-')\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]))\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties,\n obj.loginMethod\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n return this.userAssignedRole === role\n }\n\n public isAtLeastRole(role: string): boolean {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n return this.userInheritedRolesPlusCurrentRole\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n}\n\nexport type InternalUser = {\n user_id: string\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n login_method?: InternalLoginMethod\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return new UserFromToken(\n snake_case.user_id,\n snake_case.email,\n toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),\n snake_case.first_name,\n snake_case.last_name,\n snake_case.username,\n snake_case.legacy_user_id,\n snake_case.impersonatorUserId,\n snake_case.properties,\n toLoginMethod(snake_case.login_method)\n )\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions\n )\n }\n }\n\n return camelCase\n}\n","export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import {ResponseCookie} from \"next/dist/compiled/@edge-runtime/cookies\";\nimport {InternalUser, toUser, UserFromToken} from \"../user\";\nimport {ConfigurationException, UnauthorizedException} from \"./exceptions\";\nimport * as jose from \"jose\";\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: \"none\"\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: \"unauthorized\"\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: \"unexpected\"\n}\n\nexport type RefreshTokenResponse =\n RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = \"/api/auth/login\"\nexport const CALLBACK_PATH = \"/api/auth/callback\"\nexport const USERINFO_PATH = \"/api/auth/userinfo\"\nexport const LOGOUT_PATH = \"/api/auth/logout\"\nexport const ACCESS_TOKEN_COOKIE_NAME = \"__pa_at\"\nexport const REFRESH_TOKEN_COOKIE_NAME = \"__pa_rt\"\nexport const STATE_COOKIE_NAME = \"__pa_state\"\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = \"x-propelauth-access-token\"\nexport const RETURN_TO_PATH_COOKIE_NAME = \"__pa_return_to_path\"\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: \"lax\",\n secure: true,\n path: \"/\",\n}\n\nexport function getAuthUrlOrigin() {\n return getAuthUrl().origin\n}\n\nexport function getAuthUrl() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error(\"NEXT_PUBLIC_AUTH_URL is not set\")\n }\n return new URL(authUrl)\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.PROPELAUTH_REDIRECT_URI\n if (!redirectUri) {\n throw new Error(\"PROPELAUTH_REDIRECT_URI is not set\")\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error(\"PROPELAUTH_API_KEY is not set\")\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.PROPELAUTH_VERIFIER_KEY\n if (!verifierKey) {\n throw new Error(\"PROPELAUTH_VERIFIER_KEY is not set\")\n }\n return verifierKey.replace(/\\\\n/g, \"\\n\")\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(refreshToken: string): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`\n const response = await fetch(url, {\n method: \"POST\",\n body: JSON.stringify(body),\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: \"Bearer \" + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const {\n access_token: accessToken,\n expires_at_seconds: expiresAtSeconds,\n } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: \"none\",\n }\n } else if (response.status === 400 || response.status === 401) {\n return {error: \"unauthorized\"}\n } else {\n return {error: \"unexpected\"}\n }\n}\n\nexport async function validateAccessTokenOrUndefined(accessToken: string | undefined): Promise<UserFromToken | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.info(\"Error validating access token\", err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<UserFromToken> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), \"RS256\")\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException(\"Invalid verifier key\")\n }\n\n if (!accessToken) {\n throw new UnauthorizedException(\"No access token provided\")\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith(\"bearer \")) {\n accessTokenWithoutBearer = accessToken.substring(\"bearer \".length)\n }\n\n try {\n const {payload} = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: [\"RS256\"],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException(\"Unable to decode jwt\")\n }\n }\n}\n","import { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next'\nimport {\n ACCESS_TOKEN_COOKIE_NAME,\n REFRESH_TOKEN_COOKIE_NAME,\n refreshTokenWithAccessAndRefreshToken,\n validateAccessToken,\n validateAccessTokenOrUndefined,\n} from './shared'\n\nexport async function getUserFromServerSideProps(props: GetServerSidePropsContext, forceRefresh: boolean = false) {\n const accessToken = props.req.cookies[ACCESS_TOKEN_COOKIE_NAME]\n const refreshToken = props.req.cookies[REFRESH_TOKEN_COOKIE_NAME]\n\n // If we are authenticated, we can continue\n if (accessToken && !forceRefresh) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return user\n }\n }\n\n // Otherwise, we need to refresh the access token\n if (refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken)\n if (response.error === 'unexpected') {\n throw new Error('Unexpected error while refreshing access token')\n } else if (response.error === 'unauthorized') {\n props.res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n ])\n return undefined\n } else {\n const user = await validateAccessToken(response.accessToken)\n props.res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n `${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n ])\n return user\n }\n }\n\n return undefined\n}\n\nexport async function getUserFromApiRouteRequest(\n req: NextApiRequest,\n res: NextApiResponse,\n forceRefresh: boolean = false\n) {\n const accessToken = req.cookies[ACCESS_TOKEN_COOKIE_NAME]\n const refreshToken = req.cookies[REFRESH_TOKEN_COOKIE_NAME]\n\n // If we are authenticated, we can continue\n if (accessToken && !forceRefresh) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return user\n }\n }\n\n // Otherwise, we need to refresh the access token\n if (refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken)\n if (response.error === 'unexpected') {\n throw new Error('Unexpected error while refreshing access token')\n } else if (response.error === 'unauthorized') {\n res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n ])\n return undefined\n } else {\n const user = await validateAccessToken(response.accessToken)\n res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n `${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n ])\n return user\n }\n }\n\n return undefined\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACgHO,SAAS,cAAc,YAA+C;AACzE,MAAI,CAAC,YAAY;AACb,WAAO,EAAE,aAAa,UAAU;AAAA,EACpC;AAEA,UAAQ,WAAW,cAAc;AAAA,IAC7B,KAAK;AACD,aAAO,EAAE,aAAa,WAAW;AAAA,IACrC,KAAK;AACD,aAAO,EAAE,aAAa,aAAa;AAAA,IACvC,KAAK;AACD,aAAO,EAAE,aAAa,cAAc,UAAU,WAAW,SAAS;AAAA,IACtE,KAAK;AACD,aAAO,EAAE,aAAa,0BAA0B;AAAA,IACpD,KAAK;AACD,aAAO,EAAE,aAAa,YAAY,UAAU,WAAW,UAAU,OAAO,WAAW,OAAO;AAAA,IAC9F,KAAK;AACD,aAAO,EAAE,aAAa,gBAAgB;AAAA,IAC1C,KAAK;AACD,aAAO,EAAE,aAAa,6BAA6B;AAAA,IACvD;AACI,aAAO,EAAE,aAAa,UAAU;AAAA,EACxC;AACJ;;;ACrIO,IAAM,gBAAN,MAAoB;AAAA,EAiBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACA,aACF;AACE,SAAK,SAAS;AACd,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAClB,SAAK,cAAc;AAAA,EACvB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc,SAAS,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC,CAAC;AAAA,IACxG;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AACJ;AAMO,IAAM,gBAAN,MAAoB;AAAA,EAUvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AAEtB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AAAA,EAC3B;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,WAAO,KAAK,qBAAqB;AAAA,EACrC;AAAA,EAEO,cAAc,MAAuB;AACxC,WAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,EAC/D;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAA0C;AAC1C,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AA8BO,SAAS,OAAO,YAAyC;AAC5D,SAAO,IAAI;AAAA,IACP,WAAW;AAAA,IACX,WAAW;AAAA,IACX,uBAAuB,WAAW,yBAAyB;AAAA,IAC3D,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,cAAc,WAAW,YAAY;AAAA,EACzC;AACJ;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;ACzPO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACjBA,WAAsB;AAyBf,IAAM,2BAA2B;AACjC,IAAM,4BAA4B;AAYlC,SAAS,mBAAmB;AAC/B,SAAO,WAAW,EAAE;AACxB;AAEO,SAAS,aAAa;AACzB,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO;AAC1B;AAUO,SAAS,uBAAuB;AACnC,QAAM,oBAAoB,QAAQ,IAAI;AACtC,MAAI,CAAC,mBAAmB;AACpB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AACA,SAAO;AACX;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AAEA,SAAsB,sCAAsC,cAAqD;AAAA;AAC7G,UAAM,OAAO;AAAA,MACT,eAAe;AAAA,IACnB;AACA,UAAM,MAAM,GAAG,iBAAiB;AAChC,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAC9B,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,gBAAgB;AAAA,QAChB,eAAe,YAAY,qBAAqB;AAAA,MACpD;AAAA,IACJ,CAAC;AAED,QAAI,SAAS,IAAI;AACb,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,kBAAkB,KAAK;AAC7B,YAAM;AAAA,QACF,cAAc;AAAA,QACd,oBAAoB;AAAA,MACxB,IAAI,KAAK;AAET,aAAO;AAAA,QACH,cAAc;AAAA,QACd;AAAA,QACA,OAAO;AAAA,MACX;AAAA,IACJ,WAAW,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AAC3D,aAAO,EAAC,OAAO,eAAc;AAAA,IACjC,OAAO;AACH,aAAO,EAAC,OAAO,aAAY;AAAA,IAC/B;AAAA,EACJ;AAAA;AAEA,SAAsB,+BAA+B,aAAqE;AAAA;AACtH,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,KAAK,iCAAiC,GAAG;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAyD;AAAA;AAC/F,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAC,QAAO,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QACxE,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;;;ACrJA,SAAsB,2BAA2B,OAAkC,eAAwB,OAAO;AAAA;AAC9G,UAAM,cAAc,MAAM,IAAI,QAAQ,wBAAwB;AAC9D,UAAM,eAAe,MAAM,IAAI,QAAQ,yBAAyB;AAGhE,QAAI,eAAe,CAAC,cAAc;AAC9B,YAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,UAAI,MAAM;AACN,eAAO;AAAA,MACX;AAAA,IACJ;AAGA,QAAI,cAAc;AACd,YAAM,WAAW,MAAM,sCAAsC,YAAY;AACzE,UAAI,SAAS,UAAU,cAAc;AACjC,cAAM,IAAI,MAAM,gDAAgD;AAAA,MACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,cAAM,IAAI,UAAU,cAAc;AAAA,UAC9B,GAAG;AAAA,UACH,GAAG;AAAA,QACP,CAAC;AACD,eAAO;AAAA,MACX,OAAO;AACH,cAAM,OAAO,MAAM,oBAAoB,SAAS,WAAW;AAC3D,cAAM,IAAI,UAAU,cAAc;AAAA,UAC9B,GAAG,4BAA4B,SAAS;AAAA,UACxC,GAAG,6BAA6B,SAAS;AAAA,QAC7C,CAAC;AACD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA;AAEA,SAAsB,2BAClB,KACA,KACA,eAAwB,OAC1B;AAAA;AACE,UAAM,cAAc,IAAI,QAAQ,wBAAwB;AACxD,UAAM,eAAe,IAAI,QAAQ,yBAAyB;AAG1D,QAAI,eAAe,CAAC,cAAc;AAC9B,YAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,UAAI,MAAM;AACN,eAAO;AAAA,MACX;AAAA,IACJ;AAGA,QAAI,cAAc;AACd,YAAM,WAAW,MAAM,sCAAsC,YAAY;AACzE,UAAI,SAAS,UAAU,cAAc;AACjC,cAAM,IAAI,MAAM,gDAAgD;AAAA,MACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,YAAI,UAAU,cAAc;AAAA,UACxB,GAAG;AAAA,UACH,GAAG;AAAA,QACP,CAAC;AACD,eAAO;AAAA,MACX,OAAO;AACH,cAAM,OAAO,MAAM,oBAAoB,SAAS,WAAW;AAC3D,YAAI,UAAU,cAAc;AAAA,UACxB,GAAG,4BAA4B,SAAS;AAAA,UACxC,GAAG,6BAA6B,SAAS;AAAA,QAC7C,CAAC;AACD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA;","names":[]}
1
+ {"version":3,"sources":["../../../src/server/pages-index.ts","../../../src/loginMethod.ts","../../../src/user.ts","../../../src/server/exceptions.ts","../../../src/server/shared.ts","../../../src/shared.ts","../../../src/server/pages.ts"],"sourcesContent":["export {getUserFromServerSideProps, getUserFromApiRouteRequest} from \"./pages\"","export enum SocialLoginProvider {\n Google = 'Google',\n GitHub = 'GitHub',\n Microsoft = 'Microsoft',\n Slack = 'Slack',\n LinkedIn = 'LinkedIn',\n Salesforce = 'Salesforce',\n Xero = 'Xero',\n QuickBooksOnline = 'QuickBooks Online',\n}\n\nexport enum SamlLoginProvider {\n Google = 'Google',\n Rippling = 'Rippling',\n OneLogin = 'OneLogin',\n JumpCloud = 'JumpCloud',\n Okta = 'Okta',\n Azure = 'Azure',\n Duo = 'Duo',\n Generic = 'Generic',\n}\n\ntype InternalPasswordLoginMethod = {\n login_method: 'password'\n}\n\ntype InternalMagicLinkLoginMethod = {\n login_method: 'magic_link'\n}\n\ntype InternalSocialSsoLoginMethod = {\n login_method: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype InternalEmailConfirmationLinkLoginMethod = {\n login_method: 'email_confirmation_link'\n}\n\ntype InternalSamlSsoLoginMethod = {\n login_method: 'saml_sso'\n provider: SamlLoginProvider\n org_id: string\n}\n\ntype InternalImpersonationLoginMethod = {\n login_method: 'impersonation'\n}\n\ntype InternalGeneratedFromBackendApiLoginMethod = {\n login_method: 'generated_from_backend_api'\n}\n\ntype InternalUnknownLoginMethod = {\n login_method: 'unknown'\n}\n\nexport type InternalLoginMethod =\n | InternalPasswordLoginMethod\n | InternalMagicLinkLoginMethod\n | InternalSocialSsoLoginMethod\n | InternalEmailConfirmationLinkLoginMethod\n | InternalSamlSsoLoginMethod\n | InternalImpersonationLoginMethod\n | InternalGeneratedFromBackendApiLoginMethod\n | InternalUnknownLoginMethod\n\ntype PasswordLoginMethod = {\n loginMethod: 'password'\n}\n\ntype MagicLinkLoginMethod = {\n loginMethod: 'magic_link'\n}\n\ntype SocialSsoLoginMethod = {\n loginMethod: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype EmailConfirmationLinkLoginMethod = {\n loginMethod: 'email_confirmation_link'\n}\n\ntype SamlSsoLoginMethod = {\n loginMethod: 'saml_sso'\n provider: SamlLoginProvider\n orgId: string\n}\n\ntype ImpersonationLoginMethod = {\n loginMethod: 'impersonation'\n}\n\ntype GeneratedFromBackendApiLoginMethod = {\n loginMethod: 'generated_from_backend_api'\n}\n\ntype UnknownLoginMethod = {\n loginMethod: 'unknown'\n}\n\nexport type LoginMethod =\n | PasswordLoginMethod\n | MagicLinkLoginMethod\n | SocialSsoLoginMethod\n | EmailConfirmationLinkLoginMethod\n | SamlSsoLoginMethod\n | ImpersonationLoginMethod\n | GeneratedFromBackendApiLoginMethod\n | UnknownLoginMethod\n\nexport function toLoginMethod(snake_case?: InternalLoginMethod): LoginMethod {\n if (!snake_case) {\n return { loginMethod: 'unknown' }\n }\n\n switch (snake_case.login_method) {\n case 'password':\n return { loginMethod: 'password' }\n case 'magic_link':\n return { loginMethod: 'magic_link' }\n case 'social_sso':\n return { loginMethod: 'social_sso', provider: snake_case.provider }\n case 'email_confirmation_link':\n return { loginMethod: 'email_confirmation_link' }\n case 'saml_sso':\n return { loginMethod: 'saml_sso', provider: snake_case.provider, orgId: snake_case.org_id }\n case 'impersonation':\n return { loginMethod: 'impersonation' }\n case 'generated_from_backend_api':\n return { loginMethod: 'generated_from_backend_api' }\n default:\n return { loginMethod: 'unknown' }\n }\n}\n","import { InternalLoginMethod, LoginMethod, toLoginMethod } from './loginMethod'\n\nexport class UserFromToken {\n public userId: string\n\n public activeOrgId?: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n public loginMethod?: LoginMethod\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n activeOrgId?: string,\n loginMethod?: LoginMethod\n ) {\n this.userId = userId\n\n this.activeOrgId = activeOrgId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n this.loginMethod = loginMethod\n }\n\n public getActiveOrg(): OrgMemberInfo | undefined {\n if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[this.activeOrgId]\n }\n\n public getActiveOrgId(): string | undefined {\n return this.activeOrgId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, '-')\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]))\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties,\n obj.activeOrgId,\n obj.loginMethod\n )\n }\n\n public static fromJwtPayload(payload: InternalUser): UserFromToken {\n let activeOrgId: string | undefined\n let orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo | undefined\n\n if (payload.org_member_info) {\n activeOrgId = payload.org_member_info.org_id\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info })\n } else {\n activeOrgId = undefined\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info)\n }\n\n const loginMethod = toLoginMethod(payload.login_method)\n\n return new UserFromToken(\n payload.user_id,\n payload.email,\n orgIdToOrgMemberInfo,\n payload.first_name,\n payload.last_name,\n payload.username,\n payload.legacy_user_id,\n payload.impersonatorUserId,\n payload.properties,\n activeOrgId,\n loginMethod\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n return this.userAssignedRole === role\n }\n\n public isAtLeastRole(role: string): boolean {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n return this.userInheritedRolesPlusCurrentRole\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n}\n\nexport type InternalUser = {\n user_id: string\n\n org_member_info?: InternalOrgMemberInfo\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n login_method?: InternalLoginMethod\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return UserFromToken.fromJwtPayload(snake_case)\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions\n )\n }\n }\n\n return camelCase\n}\n","export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import { ResponseCookie } from 'next/dist/compiled/@edge-runtime/cookies'\nimport { InternalUser, toUser, UserFromToken } from '../user'\nimport { ConfigurationException, UnauthorizedException } from './exceptions'\nimport * as jose from 'jose'\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: 'none'\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: 'unauthorized'\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: 'unexpected'\n}\n\nexport type RefreshTokenResponse =\n | RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = '/api/auth/login'\nexport const CALLBACK_PATH = '/api/auth/callback'\nexport const USERINFO_PATH = '/api/auth/userinfo'\nexport const LOGOUT_PATH = '/api/auth/logout'\nexport const ACCESS_TOKEN_COOKIE_NAME = '__pa_at'\nexport const REFRESH_TOKEN_COOKIE_NAME = '__pa_rt'\nexport const STATE_COOKIE_NAME = '__pa_state'\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = 'x-propelauth-access-token'\nexport const RETURN_TO_PATH_COOKIE_NAME = '__pa_return_to_path'\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: 'lax',\n secure: true,\n path: '/',\n}\n\nexport function getAuthUrlOrigin() {\n return getAuthUrl().origin\n}\n\nexport function getAuthUrl() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error('NEXT_PUBLIC_AUTH_URL is not set')\n }\n return new URL(authUrl)\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.PROPELAUTH_REDIRECT_URI\n if (!redirectUri) {\n throw new Error('PROPELAUTH_REDIRECT_URI is not set')\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error('PROPELAUTH_API_KEY is not set')\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.PROPELAUTH_VERIFIER_KEY\n if (!verifierKey) {\n throw new Error('PROPELAUTH_VERIFIER_KEY is not set')\n }\n return verifierKey.replace(/\\\\n/g, '\\n')\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(\n refreshToken: string,\n activeOrgId?: string\n): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n\n const queryParams = new URLSearchParams()\n if (activeOrgId) {\n queryParams.set('with_active_org_support', 'true')\n queryParams.set('active_org_id', activeOrgId)\n }\n\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`\n const response = await fetch(url, {\n method: 'POST',\n body: JSON.stringify(body),\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: 'none',\n }\n } else if (response.status === 400 || response.status === 401) {\n return { error: 'unauthorized' }\n } else {\n return { error: 'unexpected' }\n }\n}\n\nexport async function validateAccessTokenOrUndefined(\n accessToken: string | undefined\n): Promise<UserFromToken | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.info('Error validating access token', err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<UserFromToken> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), 'RS256')\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException('Invalid verifier key')\n }\n\n if (!accessToken) {\n throw new UnauthorizedException('No access token provided')\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith('bearer ')) {\n accessTokenWithoutBearer = accessToken.substring('bearer '.length)\n }\n\n try {\n const { payload } = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: ['RS256'],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException('Unable to decode jwt')\n }\n }\n}\n","export const ACTIVE_ORG_ID_COOKIE_NAME = '__pa_org_id'\n","import { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next'\nimport {\n ACCESS_TOKEN_COOKIE_NAME,\n REFRESH_TOKEN_COOKIE_NAME,\n refreshTokenWithAccessAndRefreshToken,\n validateAccessToken,\n validateAccessTokenOrUndefined,\n} from './shared'\nimport { ACTIVE_ORG_ID_COOKIE_NAME } from '../shared'\n\nexport async function getUserFromServerSideProps(props: GetServerSidePropsContext, forceRefresh: boolean = false) {\n const accessToken = props.req.cookies[ACCESS_TOKEN_COOKIE_NAME]\n const refreshToken = props.req.cookies[REFRESH_TOKEN_COOKIE_NAME]\n const activeOrgId = props.req.cookies[ACTIVE_ORG_ID_COOKIE_NAME]\n\n // If we are authenticated, we can continue\n if (accessToken && !forceRefresh) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return user\n }\n }\n\n // Otherwise, we need to refresh the access token\n if (refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId)\n if (response.error === 'unexpected') {\n throw new Error('Unexpected error while refreshing access token')\n } else if (response.error === 'unauthorized') {\n props.res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n ])\n return undefined\n } else {\n const user = await validateAccessToken(response.accessToken)\n props.res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n `${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n ])\n return user\n }\n }\n\n return undefined\n}\n\nexport async function getUserFromApiRouteRequest(\n req: NextApiRequest,\n res: NextApiResponse,\n forceRefresh: boolean = false\n) {\n const accessToken = req.cookies[ACCESS_TOKEN_COOKIE_NAME]\n const refreshToken = req.cookies[REFRESH_TOKEN_COOKIE_NAME]\n const activeOrgId = req.cookies[ACTIVE_ORG_ID_COOKIE_NAME]\n\n // If we are authenticated, we can continue\n if (accessToken && !forceRefresh) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return user\n }\n }\n\n // Otherwise, we need to refresh the access token\n if (refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId)\n if (response.error === 'unexpected') {\n throw new Error('Unexpected error while refreshing access token')\n } else if (response.error === 'unauthorized') {\n res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n ])\n return undefined\n } else {\n const user = await validateAccessToken(response.accessToken)\n res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n `${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n ])\n return user\n }\n }\n\n return undefined\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACgHO,SAAS,cAAc,YAA+C;AACzE,MAAI,CAAC,YAAY;AACb,WAAO,EAAE,aAAa,UAAU;AAAA,EACpC;AAEA,UAAQ,WAAW,cAAc;AAAA,IAC7B,KAAK;AACD,aAAO,EAAE,aAAa,WAAW;AAAA,IACrC,KAAK;AACD,aAAO,EAAE,aAAa,aAAa;AAAA,IACvC,KAAK;AACD,aAAO,EAAE,aAAa,cAAc,UAAU,WAAW,SAAS;AAAA,IACtE,KAAK;AACD,aAAO,EAAE,aAAa,0BAA0B;AAAA,IACpD,KAAK;AACD,aAAO,EAAE,aAAa,YAAY,UAAU,WAAW,UAAU,OAAO,WAAW,OAAO;AAAA,IAC9F,KAAK;AACD,aAAO,EAAE,aAAa,gBAAgB;AAAA,IAC1C,KAAK;AACD,aAAO,EAAE,aAAa,6BAA6B;AAAA,IACvD;AACI,aAAO,EAAE,aAAa,UAAU;AAAA,EACxC;AACJ;;;ACrIO,IAAM,gBAAN,MAAoB;AAAA,EAmBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACA,aACA,aACF;AACE,SAAK,SAAS;AAEd,SAAK,cAAc;AACnB,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAClB,SAAK,cAAc;AAAA,EACvB;AAAA,EAEO,eAA0C;AAC7C,QAAI,CAAC,KAAK,eAAe,CAAC,KAAK,sBAAsB;AACjD,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK,WAAW;AAAA,EACrD;AAAA,EAEO,iBAAqC;AACxC,WAAO,KAAK;AAAA,EAChB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc,SAAS,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC,CAAC;AAAA,IACxG;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA,EAEA,OAAc,eAAe,SAAsC;AAC/D,QAAI;AACJ,QAAI;AAEJ,QAAI,QAAQ,iBAAiB;AACzB,oBAAc,QAAQ,gBAAgB;AACtC,6BAAuB,uBAAuB,EAAE,CAAC,WAAW,GAAG,QAAQ,gBAAgB,CAAC;AAAA,IAC5F,OAAO;AACH,oBAAc;AACd,6BAAuB,uBAAuB,QAAQ,yBAAyB;AAAA,IACnF;AAEA,UAAM,cAAc,cAAc,QAAQ,YAAY;AAEtD,WAAO,IAAI;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AACJ;AAMO,IAAM,gBAAN,MAAoB;AAAA,EAUvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AAEtB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AAAA,EAC3B;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,WAAO,KAAK,qBAAqB;AAAA,EACrC;AAAA,EAEO,cAAc,MAAuB;AACxC,WAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,EAC/D;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAA0C;AAC1C,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AAgCO,SAAS,OAAO,YAAyC;AAC5D,SAAO,cAAc,eAAe,UAAU;AAClD;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;AC/RO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACjBA,WAAsB;AAyBf,IAAM,2BAA2B;AACjC,IAAM,4BAA4B;AAYlC,SAAS,mBAAmB;AAC/B,SAAO,WAAW,EAAE;AACxB;AAEO,SAAS,aAAa;AACzB,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO;AAC1B;AAUO,SAAS,uBAAuB;AACnC,QAAM,oBAAoB,QAAQ,IAAI;AACtC,MAAI,CAAC,mBAAmB;AACpB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AACA,SAAO;AACX;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AAEA,SAAsB,sCAClB,cACA,aAC6B;AAAA;AAC7B,UAAM,OAAO;AAAA,MACT,eAAe;AAAA,IACnB;AAEA,UAAM,cAAc,IAAI,gBAAgB;AACxC,QAAI,aAAa;AACb,kBAAY,IAAI,2BAA2B,MAAM;AACjD,kBAAY,IAAI,iBAAiB,WAAW;AAAA,IAChD;AAEA,UAAM,MAAM,GAAG,iBAAiB,kCAAkC,YAAY,SAAS;AACvF,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAC9B,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,gBAAgB;AAAA,QAChB,eAAe,YAAY,qBAAqB;AAAA,MACpD;AAAA,IACJ,CAAC;AAED,QAAI,SAAS,IAAI;AACb,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,kBAAkB,KAAK;AAC7B,YAAM,EAAE,cAAc,aAAa,oBAAoB,iBAAiB,IAAI,KAAK;AAEjF,aAAO;AAAA,QACH,cAAc;AAAA,QACd;AAAA,QACA,OAAO;AAAA,MACX;AAAA,IACJ,WAAW,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AAC3D,aAAO,EAAE,OAAO,eAAe;AAAA,IACnC,OAAO;AACH,aAAO,EAAE,OAAO,aAAa;AAAA,IACjC;AAAA,EACJ;AAAA;AAEA,SAAsB,+BAClB,aACkC;AAAA;AAClC,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,KAAK,iCAAiC,GAAG;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAyD;AAAA;AAC/F,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAE,QAAQ,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QAC1E,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;;;ACvKO,IAAM,4BAA4B;;;ACUzC,SAAsB,2BAA2B,OAAkC,eAAwB,OAAO;AAAA;AAC9G,UAAM,cAAc,MAAM,IAAI,QAAQ,wBAAwB;AAC9D,UAAM,eAAe,MAAM,IAAI,QAAQ,yBAAyB;AAChE,UAAM,cAAc,MAAM,IAAI,QAAQ,yBAAyB;AAG/D,QAAI,eAAe,CAAC,cAAc;AAC9B,YAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,UAAI,MAAM;AACN,eAAO;AAAA,MACX;AAAA,IACJ;AAGA,QAAI,cAAc;AACd,YAAM,WAAW,MAAM,sCAAsC,cAAc,WAAW;AACtF,UAAI,SAAS,UAAU,cAAc;AACjC,cAAM,IAAI,MAAM,gDAAgD;AAAA,MACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,cAAM,IAAI,UAAU,cAAc;AAAA,UAC9B,GAAG;AAAA,UACH,GAAG;AAAA,QACP,CAAC;AACD,eAAO;AAAA,MACX,OAAO;AACH,cAAM,OAAO,MAAM,oBAAoB,SAAS,WAAW;AAC3D,cAAM,IAAI,UAAU,cAAc;AAAA,UAC9B,GAAG,4BAA4B,SAAS;AAAA,UACxC,GAAG,6BAA6B,SAAS;AAAA,QAC7C,CAAC;AACD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA;AAEA,SAAsB,2BAClB,KACA,KACA,eAAwB,OAC1B;AAAA;AACE,UAAM,cAAc,IAAI,QAAQ,wBAAwB;AACxD,UAAM,eAAe,IAAI,QAAQ,yBAAyB;AAC1D,UAAM,cAAc,IAAI,QAAQ,yBAAyB;AAGzD,QAAI,eAAe,CAAC,cAAc;AAC9B,YAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,UAAI,MAAM;AACN,eAAO;AAAA,MACX;AAAA,IACJ;AAGA,QAAI,cAAc;AACd,YAAM,WAAW,MAAM,sCAAsC,cAAc,WAAW;AACtF,UAAI,SAAS,UAAU,cAAc;AACjC,cAAM,IAAI,MAAM,gDAAgD;AAAA,MACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,YAAI,UAAU,cAAc;AAAA,UACxB,GAAG;AAAA,UACH,GAAG;AAAA,QACP,CAAC;AACD,eAAO;AAAA,MACX,OAAO;AACH,cAAM,OAAO,MAAM,oBAAoB,SAAS,WAAW;AAC3D,YAAI,UAAU,cAAc;AAAA,UACxB,GAAG,4BAA4B,SAAS;AAAA,UACxC,GAAG,6BAA6B,SAAS;AAAA,QAC7C,CAAC;AACD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA;","names":[]}