@propelauth/nextjs 0.0.118 → 0.0.120

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -54,6 +54,7 @@ __export(app_router_index_exports, {
54
54
  UnauthorizedException: () => UnauthorizedException,
55
55
  authMiddleware: () => authMiddleware,
56
56
  getAccessToken: () => getAccessToken,
57
+ getCurrentUrl: () => getCurrentUrl,
57
58
  getRouteHandlers: () => getRouteHandlers,
58
59
  getUser: () => getUser,
59
60
  getUserOrRedirect: () => getUserOrRedirect
@@ -108,8 +109,9 @@ function toLoginMethod(snake_case) {
108
109
 
109
110
  // src/user.ts
110
111
  var UserFromToken = class {
111
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) {
112
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
112
113
  this.userId = userId;
114
+ this.activeOrgId = activeOrgId;
113
115
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
114
116
  this.email = email;
115
117
  this.firstName = firstName;
@@ -120,6 +122,15 @@ var UserFromToken = class {
120
122
  this.properties = properties;
121
123
  this.loginMethod = loginMethod;
122
124
  }
125
+ getActiveOrg() {
126
+ if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
127
+ return void 0;
128
+ }
129
+ return this.orgIdToOrgMemberInfo[this.activeOrgId];
130
+ }
131
+ getActiveOrgId() {
132
+ return this.activeOrgId;
133
+ }
123
134
  getOrg(orgId) {
124
135
  if (!this.orgIdToOrgMemberInfo) {
125
136
  return void 0;
@@ -164,9 +175,35 @@ var UserFromToken = class {
164
175
  obj.legacyUserId,
165
176
  obj.impersonatorUserId,
166
177
  obj.properties,
178
+ obj.activeOrgId,
167
179
  obj.loginMethod
168
180
  );
169
181
  }
182
+ static fromJwtPayload(payload) {
183
+ let activeOrgId;
184
+ let orgIdToOrgMemberInfo;
185
+ if (payload.org_member_info) {
186
+ activeOrgId = payload.org_member_info.org_id;
187
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
188
+ } else {
189
+ activeOrgId = void 0;
190
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
191
+ }
192
+ const loginMethod = toLoginMethod(payload.login_method);
193
+ return new UserFromToken(
194
+ payload.user_id,
195
+ payload.email,
196
+ orgIdToOrgMemberInfo,
197
+ payload.first_name,
198
+ payload.last_name,
199
+ payload.username,
200
+ payload.legacy_user_id,
201
+ payload.impersonatorUserId,
202
+ payload.properties,
203
+ activeOrgId,
204
+ loginMethod
205
+ );
206
+ }
170
207
  };
171
208
  var OrgMemberInfo = class {
172
209
  constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -215,18 +252,7 @@ var OrgMemberInfo = class {
215
252
  }
216
253
  };
217
254
  function toUser(snake_case) {
218
- return new UserFromToken(
219
- snake_case.user_id,
220
- snake_case.email,
221
- toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
222
- snake_case.first_name,
223
- snake_case.last_name,
224
- snake_case.username,
225
- snake_case.legacy_user_id,
226
- snake_case.impersonatorUserId,
227
- snake_case.properties,
228
- toLoginMethod(snake_case.login_method)
229
- );
255
+ return UserFromToken.fromJwtPayload(snake_case);
230
256
  }
231
257
  function toOrgIdToOrgMemberInfo(snake_case) {
232
258
  if (snake_case === void 0) {
@@ -260,6 +286,7 @@ var ACCESS_TOKEN_COOKIE_NAME = "__pa_at";
260
286
  var REFRESH_TOKEN_COOKIE_NAME = "__pa_rt";
261
287
  var STATE_COOKIE_NAME = "__pa_state";
262
288
  var CUSTOM_HEADER_FOR_ACCESS_TOKEN = "x-propelauth-access-token";
289
+ var CUSTOM_HEADER_FOR_URL = "x-propelauth-current-url";
263
290
  var RETURN_TO_PATH_COOKIE_NAME = "__pa_return_to_path";
264
291
  var COOKIE_OPTIONS = {
265
292
  httpOnly: true,
@@ -298,12 +325,17 @@ function getVerifierKey() {
298
325
  }
299
326
  return verifierKey.replace(/\\n/g, "\n");
300
327
  }
301
- function refreshTokenWithAccessAndRefreshToken(refreshToken) {
328
+ function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
302
329
  return __async(this, null, function* () {
303
330
  const body = {
304
331
  refresh_token: refreshToken
305
332
  };
306
- const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
333
+ const queryParams = new URLSearchParams();
334
+ if (activeOrgId) {
335
+ queryParams.set("with_active_org_support", "true");
336
+ queryParams.set("active_org_id", activeOrgId);
337
+ }
338
+ const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
307
339
  const response = yield fetch(url, {
308
340
  method: "POST",
309
341
  body: JSON.stringify(body),
@@ -315,10 +347,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
315
347
  if (response.ok) {
316
348
  const data = yield response.json();
317
349
  const newRefreshToken = data.refresh_token;
318
- const {
319
- access_token: accessToken,
320
- expires_at_seconds: expiresAtSeconds
321
- } = data.access_token;
350
+ const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
322
351
  return {
323
352
  refreshToken: newRefreshToken,
324
353
  accessToken,
@@ -379,22 +408,24 @@ function validateAccessToken(accessToken) {
379
408
  });
380
409
  }
381
410
 
411
+ // src/shared.ts
412
+ var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
413
+
382
414
  // src/server/app-router.ts
383
- function getUserOrRedirect() {
415
+ function getUserOrRedirect(redirectOptions) {
384
416
  return __async(this, null, function* () {
385
417
  const user = yield getUser();
386
418
  if (user) {
387
419
  return user;
388
420
  } else {
389
- (0, import_navigation.redirect)(LOGIN_PATH);
421
+ redirectToLogin(redirectOptions);
390
422
  throw new Error("Redirecting to login");
391
423
  }
392
424
  });
393
425
  }
394
426
  function getUser() {
395
427
  return __async(this, null, function* () {
396
- var _a;
397
- const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
428
+ const accessToken = getAccessToken();
398
429
  if (accessToken) {
399
430
  const user = yield validateAccessTokenOrUndefined(accessToken);
400
431
  if (user) {
@@ -405,50 +436,57 @@ function getUser() {
405
436
  });
406
437
  }
407
438
  function getAccessToken() {
408
- return __async(this, null, function* () {
409
- var _a;
410
- return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
411
- });
439
+ var _a;
440
+ return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
412
441
  }
413
442
  function authMiddleware(req) {
414
443
  return __async(this, null, function* () {
415
- var _a, _b;
444
+ var _a, _b, _c;
416
445
  if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
417
446
  throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
447
+ } else if (req.headers.has(CUSTOM_HEADER_FOR_URL)) {
448
+ throw new Error(`${CUSTOM_HEADER_FOR_URL} is set which is for internal use only`);
418
449
  } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
419
- return import_server.NextResponse.next();
450
+ return getNextResponse(req);
420
451
  }
421
452
  const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
422
453
  const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
454
+ const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
423
455
  if (accessToken) {
424
456
  const user = yield validateAccessTokenOrUndefined(accessToken);
425
457
  if (user) {
426
- return import_server.NextResponse.next();
458
+ return getNextResponse(req);
427
459
  }
428
460
  }
429
461
  if (refreshToken) {
430
- const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
462
+ const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
431
463
  if (response.error === "unexpected") {
432
464
  throw new Error("Unexpected error while refreshing access token");
433
465
  } else if (response.error === "unauthorized") {
434
- const response2 = import_server.NextResponse.next();
466
+ const response2 = getNextResponse(req);
435
467
  response2.cookies.delete(ACCESS_TOKEN_COOKIE_NAME);
436
468
  response2.cookies.delete(REFRESH_TOKEN_COOKIE_NAME);
437
469
  return response2;
438
470
  } else {
439
- const headers2 = new Headers(req.headers);
440
- headers2.append(CUSTOM_HEADER_FOR_ACCESS_TOKEN, response.accessToken);
441
- const nextResponse = import_server.NextResponse.next({
442
- request: {
443
- headers: headers2
444
- }
445
- });
471
+ const nextResponse = getNextResponse(req, response.accessToken);
446
472
  nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS);
447
473
  nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS);
448
474
  return nextResponse;
449
475
  }
450
476
  }
451
- return import_server.NextResponse.next();
477
+ return getNextResponse(req);
478
+ });
479
+ }
480
+ function getNextResponse(request, newAccessToken) {
481
+ const headers2 = new Headers(request.headers);
482
+ headers2.set(CUSTOM_HEADER_FOR_URL, request.nextUrl.toString());
483
+ if (newAccessToken) {
484
+ headers2.set(CUSTOM_HEADER_FOR_ACCESS_TOKEN, newAccessToken);
485
+ }
486
+ return import_server.NextResponse.next({
487
+ request: {
488
+ headers: headers2
489
+ }
452
490
  });
453
491
  }
454
492
  function getRouteHandlers(args) {
@@ -488,7 +526,7 @@ function getRouteHandlers(args) {
488
526
  }
489
527
  function callbackGetHandler(req) {
490
528
  return __async(this, null, function* () {
491
- var _a, _b;
529
+ var _a, _b, _c;
492
530
  const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
493
531
  if (!oauthState || oauthState.length !== 64) {
494
532
  return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -524,6 +562,49 @@ function getRouteHandlers(args) {
524
562
  console.error("postLoginRedirectPathFn returned undefined");
525
563
  return new Response("Unexpected error", { status: 500 });
526
564
  }
565
+ const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
566
+ const user = yield validateAccessToken(accessToken);
567
+ const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
568
+ let activeOrgId = void 0;
569
+ if (isUserInCurrentActiveOrg) {
570
+ activeOrgId = currentActiveOrgId;
571
+ } else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
572
+ activeOrgId = args.getDefaultActiveOrgId(req, user);
573
+ }
574
+ if (activeOrgId) {
575
+ const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
576
+ if (response2.error === "unexpected") {
577
+ throw new Error("Unexpected error while setting active org");
578
+ } else if (response2.error === "unauthorized") {
579
+ console.error(
580
+ "Unauthorized error while setting active org. Your user may not have access to this org"
581
+ );
582
+ return new Response("Unauthorized", { status: 401 });
583
+ } else {
584
+ const headers3 = new Headers();
585
+ headers3.append("Location", returnToPath);
586
+ headers3.append(
587
+ "Set-Cookie",
588
+ `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
589
+ );
590
+ headers3.append(
591
+ "Set-Cookie",
592
+ `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
593
+ );
594
+ headers3.append(
595
+ "Set-Cookie",
596
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
597
+ );
598
+ headers3.append(
599
+ "Set-Cookie",
600
+ `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
601
+ );
602
+ return new Response(null, {
603
+ status: 302,
604
+ headers: headers3
605
+ });
606
+ }
607
+ }
527
608
  const headers2 = new Headers();
528
609
  headers2.append("Location", returnToPath);
529
610
  headers2.append(
@@ -534,6 +615,10 @@ function getRouteHandlers(args) {
534
615
  "Set-Cookie",
535
616
  `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
536
617
  );
618
+ headers2.append(
619
+ "Set-Cookie",
620
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
621
+ );
537
622
  headers2.append(
538
623
  "Set-Cookie",
539
624
  `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
@@ -554,10 +639,11 @@ function getRouteHandlers(args) {
554
639
  }
555
640
  function userinfoGetHandler(req) {
556
641
  return __async(this, null, function* () {
557
- var _a;
642
+ var _a, _b;
558
643
  const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
644
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
559
645
  if (oldRefreshToken) {
560
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
646
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
561
647
  if (refreshResponse.error === "unexpected") {
562
648
  throw new Error("Unexpected error while refreshing access token");
563
649
  } else if (refreshResponse.error === "unauthorized") {
@@ -570,6 +656,10 @@ function getRouteHandlers(args) {
570
656
  "Set-Cookie",
571
657
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
572
658
  );
659
+ headers3.append(
660
+ "Set-Cookie",
661
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
662
+ );
573
663
  return new Response("Unauthorized", { status: 401, headers: headers3 });
574
664
  }
575
665
  const refreshToken = refreshResponse.refreshToken;
@@ -588,7 +678,8 @@ function getRouteHandlers(args) {
588
678
  const jsonResponse = {
589
679
  userinfo: data,
590
680
  accessToken,
591
- impersonatorUserId: userFromToken.impersonatorUserId
681
+ impersonatorUserId: userFromToken.impersonatorUserId,
682
+ activeOrgId
592
683
  };
593
684
  const headers3 = new Headers();
594
685
  headers3.append(
@@ -614,6 +705,10 @@ function getRouteHandlers(args) {
614
705
  "Set-Cookie",
615
706
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
616
707
  );
708
+ headers3.append(
709
+ "Set-Cookie",
710
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
711
+ );
617
712
  return new Response(null, {
618
713
  status: 401,
619
714
  headers: headers3
@@ -625,12 +720,13 @@ function getRouteHandlers(args) {
625
720
  const headers2 = new Headers();
626
721
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
627
722
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
723
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
628
724
  return new Response(null, { status: 401 });
629
725
  });
630
726
  }
631
727
  function logoutGetHandler(req) {
632
728
  return __async(this, null, function* () {
633
- var _a;
729
+ var _a, _b;
634
730
  const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
635
731
  if (!path) {
636
732
  console.error("postLoginPathFn returned undefined");
@@ -648,12 +744,17 @@ function getRouteHandlers(args) {
648
744
  "Set-Cookie",
649
745
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
650
746
  );
747
+ headers2.append(
748
+ "Set-Cookie",
749
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
750
+ );
651
751
  return new Response(null, {
652
752
  status: 302,
653
753
  headers: headers2
654
754
  });
655
755
  }
656
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
756
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
757
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
657
758
  if (refreshResponse.error === "unexpected") {
658
759
  console.error("Unexpected error while refreshing access token");
659
760
  return new Response("Unexpected error", { status: 500 });
@@ -668,6 +769,10 @@ function getRouteHandlers(args) {
668
769
  "Set-Cookie",
669
770
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
670
771
  );
772
+ headers2.append(
773
+ "Set-Cookie",
774
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
775
+ );
671
776
  return new Response(null, {
672
777
  status: 302,
673
778
  headers: headers2
@@ -696,6 +801,10 @@ function getRouteHandlers(args) {
696
801
  "Set-Cookie",
697
802
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
698
803
  );
804
+ headers3.append(
805
+ "Set-Cookie",
806
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
807
+ );
699
808
  return new Response(null, { status: 200, headers: headers3 });
700
809
  }
701
810
  const authUrlOrigin = getAuthUrlOrigin();
@@ -720,9 +829,78 @@ function getRouteHandlers(args) {
720
829
  const headers2 = new Headers();
721
830
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
722
831
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
832
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
723
833
  return new Response(null, { status: 200, headers: headers2 });
724
834
  });
725
835
  }
836
+ function setActiveOrgHandler(req) {
837
+ return __async(this, null, function* () {
838
+ var _a;
839
+ const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
840
+ const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
841
+ if (!oldRefreshToken) {
842
+ const headers2 = new Headers();
843
+ headers2.append(
844
+ "Set-Cookie",
845
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
846
+ );
847
+ return new Response(null, { status: 401, headers: headers2 });
848
+ }
849
+ if (!activeOrgId) {
850
+ return new Response(null, { status: 400 });
851
+ }
852
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
853
+ if (refreshResponse.error === "unexpected") {
854
+ throw new Error("Unexpected error while setting active org id");
855
+ } else if (refreshResponse.error === "unauthorized") {
856
+ return new Response("Unauthorized", { status: 401 });
857
+ }
858
+ const refreshToken = refreshResponse.refreshToken;
859
+ const accessToken = refreshResponse.accessToken;
860
+ const authUrlOrigin = getAuthUrlOrigin();
861
+ const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
862
+ const response = yield fetch(path, {
863
+ headers: {
864
+ "Content-Type": "application/json",
865
+ Authorization: "Bearer " + accessToken
866
+ }
867
+ });
868
+ if (response.ok) {
869
+ const userFromToken = yield validateAccessToken(accessToken);
870
+ const data = yield response.json();
871
+ const jsonResponse = {
872
+ userinfo: data,
873
+ accessToken,
874
+ impersonatorUserId: userFromToken.impersonatorUserId,
875
+ activeOrgId
876
+ };
877
+ const headers2 = new Headers();
878
+ headers2.append(
879
+ "Set-Cookie",
880
+ `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
881
+ );
882
+ headers2.append(
883
+ "Set-Cookie",
884
+ `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
885
+ );
886
+ headers2.append(
887
+ "Set-Cookie",
888
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
889
+ );
890
+ headers2.append("Content-Type", "application/json");
891
+ return new Response(JSON.stringify(jsonResponse), {
892
+ status: 200,
893
+ headers: headers2
894
+ });
895
+ } else if (response.status === 401) {
896
+ return new Response(null, {
897
+ status: 401
898
+ });
899
+ } else {
900
+ return new Response(null, { status: 500 });
901
+ }
902
+ });
903
+ }
726
904
  function getRouteHandler(req, { params }) {
727
905
  if (params.slug === "login") {
728
906
  return loginGetHandler(req);
@@ -741,6 +919,8 @@ function getRouteHandlers(args) {
741
919
  function postRouteHandler(req, { params }) {
742
920
  if (params.slug === "logout") {
743
921
  return logoutPostHandler(req);
922
+ } else if (params.slug === "set-active-org") {
923
+ return setActiveOrgHandler(req);
744
924
  } else {
745
925
  return new Response("", { status: 404 });
746
926
  }
@@ -754,12 +934,52 @@ function randomState() {
754
934
  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
755
935
  return Array.from(randomBytes).map((b) => b.toString(16).padStart(2, "0")).join("");
756
936
  }
937
+ function redirectToLogin(redirectOptions) {
938
+ if (!redirectOptions) {
939
+ (0, import_navigation.redirect)(LOGIN_PATH);
940
+ } else if (redirectOptions.returnToPath) {
941
+ const loginPath = LOGIN_PATH + "?return_to_path=" + encodeURI(redirectOptions.returnToPath);
942
+ (0, import_navigation.redirect)(loginPath);
943
+ } else if (redirectOptions.returnToCurrentPath) {
944
+ const encodedPath = getUrlEncodedRedirectPathForCurrentUrl();
945
+ if (encodedPath) {
946
+ const loginPath = LOGIN_PATH + "?return_to_path=" + encodedPath;
947
+ (0, import_navigation.redirect)(loginPath);
948
+ } else {
949
+ console.warn("Could not get current URL to redirect to");
950
+ (0, import_navigation.redirect)(LOGIN_PATH);
951
+ }
952
+ }
953
+ }
954
+ function getUrlEncodedRedirectPathForCurrentUrl() {
955
+ const url = getCurrentUrl();
956
+ if (!url) {
957
+ return void 0;
958
+ }
959
+ try {
960
+ const urlObj = new URL(url);
961
+ return encodeURIComponent(urlObj.pathname + urlObj.search);
962
+ } catch (e) {
963
+ console.warn("Current URL is not a valid URL");
964
+ return void 0;
965
+ }
966
+ }
967
+ function getCurrentUrl() {
968
+ const url = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_URL);
969
+ if (!url) {
970
+ console.warn("Attempting to redirect to the current URL, but we could not find the current URL in the headers. Is the middleware set up?");
971
+ return void 0;
972
+ } else {
973
+ return url;
974
+ }
975
+ }
757
976
  // Annotate the CommonJS export names for ESM import in node:
758
977
  0 && (module.exports = {
759
978
  ConfigurationException,
760
979
  UnauthorizedException,
761
980
  authMiddleware,
762
981
  getAccessToken,
982
+ getCurrentUrl,
763
983
  getRouteHandlers,
764
984
  getUser,
765
985
  getUserOrRedirect