@propelauth/nextjs 0.0.118 → 0.0.120

Sign up to get free protection for your applications and to get access to all the features.
Files changed (21) hide show
  1. package/dist/client/index.d.ts +69 -2
  2. package/dist/client/index.js +142 -8
  3. package/dist/client/index.js.map +1 -1
  4. package/dist/client/index.mjs +142 -8
  5. package/dist/client/index.mjs.map +1 -1
  6. package/dist/server/app-router/index.d.ts +73 -4
  7. package/dist/server/app-router/index.js +266 -46
  8. package/dist/server/app-router/index.js.map +1 -1
  9. package/dist/server/app-router/index.mjs +265 -46
  10. package/dist/server/app-router/index.mjs.map +1 -1
  11. package/dist/server/index.d.ts +61 -1
  12. package/dist/server/index.js +38 -13
  13. package/dist/server/index.js.map +1 -1
  14. package/dist/server/index.mjs +38 -13
  15. package/dist/server/index.mjs.map +1 -1
  16. package/dist/server/pages/index.d.ts +61 -1
  17. package/dist/server/pages/index.js +53 -21
  18. package/dist/server/pages/index.js.map +1 -1
  19. package/dist/server/pages/index.mjs +53 -21
  20. package/dist/server/pages/index.mjs.map +1 -1
  21. package/package.json +1 -1
package/dist/server/app-router/index.js CHANGED
@@ -54,6 +54,7 @@ __export(app_router_index_exports, {
54
54
  UnauthorizedException: () => UnauthorizedException,
55
55
  authMiddleware: () => authMiddleware,
56
56
  getAccessToken: () => getAccessToken,
57
+ getCurrentUrl: () => getCurrentUrl,
57
58
  getRouteHandlers: () => getRouteHandlers,
58
59
  getUser: () => getUser,
59
60
  getUserOrRedirect: () => getUserOrRedirect
@@ -108,8 +109,9 @@ function toLoginMethod(snake_case) {
108
109
 
109
110
  // src/user.ts
110
111
  var UserFromToken = class {
111
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) {
112
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
112
113
  this.userId = userId;
114
+ this.activeOrgId = activeOrgId;
113
115
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
114
116
  this.email = email;
115
117
  this.firstName = firstName;
@@ -120,6 +122,15 @@ var UserFromToken = class {
120
122
  this.properties = properties;
121
123
  this.loginMethod = loginMethod;
122
124
  }
125
+ getActiveOrg() {
126
+ if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
127
+ return void 0;
128
+ }
129
+ return this.orgIdToOrgMemberInfo[this.activeOrgId];
130
+ }
131
+ getActiveOrgId() {
132
+ return this.activeOrgId;
133
+ }
123
134
  getOrg(orgId) {
124
135
  if (!this.orgIdToOrgMemberInfo) {
125
136
  return void 0;
@@ -164,9 +175,35 @@ var UserFromToken = class {
164
175
  obj.legacyUserId,
165
176
  obj.impersonatorUserId,
166
177
  obj.properties,
178
+ obj.activeOrgId,
167
179
  obj.loginMethod
168
180
  );
169
181
  }
182
+ static fromJwtPayload(payload) {
183
+ let activeOrgId;
184
+ let orgIdToOrgMemberInfo;
185
+ if (payload.org_member_info) {
186
+ activeOrgId = payload.org_member_info.org_id;
187
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
188
+ } else {
189
+ activeOrgId = void 0;
190
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
191
+ }
192
+ const loginMethod = toLoginMethod(payload.login_method);
193
+ return new UserFromToken(
194
+ payload.user_id,
195
+ payload.email,
196
+ orgIdToOrgMemberInfo,
197
+ payload.first_name,
198
+ payload.last_name,
199
+ payload.username,
200
+ payload.legacy_user_id,
201
+ payload.impersonatorUserId,
202
+ payload.properties,
203
+ activeOrgId,
204
+ loginMethod
205
+ );
206
+ }
170
207
  };
171
208
  var OrgMemberInfo = class {
172
209
  constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -215,18 +252,7 @@ var OrgMemberInfo = class {
215
252
  }
216
253
  };
217
254
  function toUser(snake_case) {
218
- return new UserFromToken(
219
- snake_case.user_id,
220
- snake_case.email,
221
- toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
222
- snake_case.first_name,
223
- snake_case.last_name,
224
- snake_case.username,
225
- snake_case.legacy_user_id,
226
- snake_case.impersonatorUserId,
227
- snake_case.properties,
228
- toLoginMethod(snake_case.login_method)
229
- );
255
+ return UserFromToken.fromJwtPayload(snake_case);
230
256
  }
231
257
  function toOrgIdToOrgMemberInfo(snake_case) {
232
258
  if (snake_case === void 0) {
@@ -260,6 +286,7 @@ var ACCESS_TOKEN_COOKIE_NAME = "__pa_at";
260
286
  var REFRESH_TOKEN_COOKIE_NAME = "__pa_rt";
261
287
  var STATE_COOKIE_NAME = "__pa_state";
262
288
  var CUSTOM_HEADER_FOR_ACCESS_TOKEN = "x-propelauth-access-token";
289
+ var CUSTOM_HEADER_FOR_URL = "x-propelauth-current-url";
263
290
  var RETURN_TO_PATH_COOKIE_NAME = "__pa_return_to_path";
264
291
  var COOKIE_OPTIONS = {
265
292
  httpOnly: true,
@@ -298,12 +325,17 @@ function getVerifierKey() {
298
325
  }
299
326
  return verifierKey.replace(/\\n/g, "\n");
300
327
  }
301
- function refreshTokenWithAccessAndRefreshToken(refreshToken) {
328
+ function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
302
329
  return __async(this, null, function* () {
303
330
  const body = {
304
331
  refresh_token: refreshToken
305
332
  };
306
- const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
333
+ const queryParams = new URLSearchParams();
334
+ if (activeOrgId) {
335
+ queryParams.set("with_active_org_support", "true");
336
+ queryParams.set("active_org_id", activeOrgId);
337
+ }
338
+ const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
307
339
  const response = yield fetch(url, {
308
340
  method: "POST",
309
341
  body: JSON.stringify(body),
@@ -315,10 +347,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
315
347
  if (response.ok) {
316
348
  const data = yield response.json();
317
349
  const newRefreshToken = data.refresh_token;
318
- const {
319
- access_token: accessToken,
320
- expires_at_seconds: expiresAtSeconds
321
- } = data.access_token;
350
+ const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
322
351
  return {
323
352
  refreshToken: newRefreshToken,
324
353
  accessToken,
@@ -379,22 +408,24 @@ function validateAccessToken(accessToken) {
379
408
  });
380
409
  }
381
410
 
411
+ // src/shared.ts
412
+ var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
413
+
382
414
  // src/server/app-router.ts
383
- function getUserOrRedirect() {
415
+ function getUserOrRedirect(redirectOptions) {
384
416
  return __async(this, null, function* () {
385
417
  const user = yield getUser();
386
418
  if (user) {
387
419
  return user;
388
420
  } else {
389
- (0, import_navigation.redirect)(LOGIN_PATH);
421
+ redirectToLogin(redirectOptions);
390
422
  throw new Error("Redirecting to login");
391
423
  }
392
424
  });
393
425
  }
394
426
  function getUser() {
395
427
  return __async(this, null, function* () {
396
- var _a;
397
- const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
428
+ const accessToken = getAccessToken();
398
429
  if (accessToken) {
399
430
  const user = yield validateAccessTokenOrUndefined(accessToken);
400
431
  if (user) {
@@ -405,50 +436,57 @@ function getUser() {
405
436
  });
406
437
  }
407
438
  function getAccessToken() {
408
- return __async(this, null, function* () {
409
- var _a;
410
- return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
411
- });
439
+ var _a;
440
+ return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
412
441
  }
413
442
  function authMiddleware(req) {
414
443
  return __async(this, null, function* () {
415
- var _a, _b;
444
+ var _a, _b, _c;
416
445
  if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
417
446
  throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
447
+ } else if (req.headers.has(CUSTOM_HEADER_FOR_URL)) {
448
+ throw new Error(`${CUSTOM_HEADER_FOR_URL} is set which is for internal use only`);
418
449
  } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
419
- return import_server.NextResponse.next();
450
+ return getNextResponse(req);
420
451
  }
421
452
  const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
422
453
  const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
454
+ const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
423
455
  if (accessToken) {
424
456
  const user = yield validateAccessTokenOrUndefined(accessToken);
425
457
  if (user) {
426
- return import_server.NextResponse.next();
458
+ return getNextResponse(req);
427
459
  }
428
460
  }
429
461
  if (refreshToken) {
430
- const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
462
+ const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
431
463
  if (response.error === "unexpected") {
432
464
  throw new Error("Unexpected error while refreshing access token");
433
465
  } else if (response.error === "unauthorized") {
434
- const response2 = import_server.NextResponse.next();
466
+ const response2 = getNextResponse(req);
435
467
  response2.cookies.delete(ACCESS_TOKEN_COOKIE_NAME);
436
468
  response2.cookies.delete(REFRESH_TOKEN_COOKIE_NAME);
437
469
  return response2;
438
470
  } else {
439
- const headers2 = new Headers(req.headers);
440
- headers2.append(CUSTOM_HEADER_FOR_ACCESS_TOKEN, response.accessToken);
441
- const nextResponse = import_server.NextResponse.next({
442
- request: {
443
- headers: headers2
444
- }
445
- });
471
+ const nextResponse = getNextResponse(req, response.accessToken);
446
472
  nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS);
447
473
  nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS);
448
474
  return nextResponse;
449
475
  }
450
476
  }
451
- return import_server.NextResponse.next();
477
+ return getNextResponse(req);
478
+ });
479
+ }
480
+ function getNextResponse(request, newAccessToken) {
481
+ const headers2 = new Headers(request.headers);
482
+ headers2.set(CUSTOM_HEADER_FOR_URL, request.nextUrl.toString());
483
+ if (newAccessToken) {
484
+ headers2.set(CUSTOM_HEADER_FOR_ACCESS_TOKEN, newAccessToken);
485
+ }
486
+ return import_server.NextResponse.next({
487
+ request: {
488
+ headers: headers2
489
+ }
452
490
  });
453
491
  }
454
492
  function getRouteHandlers(args) {
@@ -488,7 +526,7 @@ function getRouteHandlers(args) {
488
526
  }
489
527
  function callbackGetHandler(req) {
490
528
  return __async(this, null, function* () {
491
- var _a, _b;
529
+ var _a, _b, _c;
492
530
  const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
493
531
  if (!oauthState || oauthState.length !== 64) {
494
532
  return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -524,6 +562,49 @@ function getRouteHandlers(args) {
524
562
  console.error("postLoginRedirectPathFn returned undefined");
525
563
  return new Response("Unexpected error", { status: 500 });
526
564
  }
565
+ const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
566
+ const user = yield validateAccessToken(accessToken);
567
+ const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
568
+ let activeOrgId = void 0;
569
+ if (isUserInCurrentActiveOrg) {
570
+ activeOrgId = currentActiveOrgId;
571
+ } else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
572
+ activeOrgId = args.getDefaultActiveOrgId(req, user);
573
+ }
574
+ if (activeOrgId) {
575
+ const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
576
+ if (response2.error === "unexpected") {
577
+ throw new Error("Unexpected error while setting active org");
578
+ } else if (response2.error === "unauthorized") {
579
+ console.error(
580
+ "Unauthorized error while setting active org. Your user may not have access to this org"
581
+ );
582
+ return new Response("Unauthorized", { status: 401 });
583
+ } else {
584
+ const headers3 = new Headers();
585
+ headers3.append("Location", returnToPath);
586
+ headers3.append(
587
+ "Set-Cookie",
588
+ `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
589
+ );
590
+ headers3.append(
591
+ "Set-Cookie",
592
+ `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
593
+ );
594
+ headers3.append(
595
+ "Set-Cookie",
596
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
597
+ );
598
+ headers3.append(
599
+ "Set-Cookie",
600
+ `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
601
+ );
602
+ return new Response(null, {
603
+ status: 302,
604
+ headers: headers3
605
+ });
606
+ }
607
+ }
527
608
  const headers2 = new Headers();
528
609
  headers2.append("Location", returnToPath);
529
610
  headers2.append(
@@ -534,6 +615,10 @@ function getRouteHandlers(args) {
534
615
  "Set-Cookie",
535
616
  `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
536
617
  );
618
+ headers2.append(
619
+ "Set-Cookie",
620
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
621
+ );
537
622
  headers2.append(
538
623
  "Set-Cookie",
539
624
  `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
@@ -554,10 +639,11 @@ function getRouteHandlers(args) {
554
639
  }
555
640
  function userinfoGetHandler(req) {
556
641
  return __async(this, null, function* () {
557
- var _a;
642
+ var _a, _b;
558
643
  const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
644
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
559
645
  if (oldRefreshToken) {
560
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
646
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
561
647
  if (refreshResponse.error === "unexpected") {
562
648
  throw new Error("Unexpected error while refreshing access token");
563
649
  } else if (refreshResponse.error === "unauthorized") {
@@ -570,6 +656,10 @@ function getRouteHandlers(args) {
570
656
  "Set-Cookie",
571
657
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
572
658
  );
659
+ headers3.append(
660
+ "Set-Cookie",
661
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
662
+ );
573
663
  return new Response("Unauthorized", { status: 401, headers: headers3 });
574
664
  }
575
665
  const refreshToken = refreshResponse.refreshToken;
@@ -588,7 +678,8 @@ function getRouteHandlers(args) {
588
678
  const jsonResponse = {
589
679
  userinfo: data,
590
680
  accessToken,
591
- impersonatorUserId: userFromToken.impersonatorUserId
681
+ impersonatorUserId: userFromToken.impersonatorUserId,
682
+ activeOrgId
592
683
  };
593
684
  const headers3 = new Headers();
594
685
  headers3.append(
@@ -614,6 +705,10 @@ function getRouteHandlers(args) {
614
705
  "Set-Cookie",
615
706
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
616
707
  );
708
+ headers3.append(
709
+ "Set-Cookie",
710
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
711
+ );
617
712
  return new Response(null, {
618
713
  status: 401,
619
714
  headers: headers3
@@ -625,12 +720,13 @@ function getRouteHandlers(args) {
625
720
  const headers2 = new Headers();
626
721
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
627
722
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
723
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
628
724
  return new Response(null, { status: 401 });
629
725
  });
630
726
  }
631
727
  function logoutGetHandler(req) {
632
728
  return __async(this, null, function* () {
633
- var _a;
729
+ var _a, _b;
634
730
  const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
635
731
  if (!path) {
636
732
  console.error("postLoginPathFn returned undefined");
@@ -648,12 +744,17 @@ function getRouteHandlers(args) {
648
744
  "Set-Cookie",
649
745
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
650
746
  );
747
+ headers2.append(
748
+ "Set-Cookie",
749
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
750
+ );
651
751
  return new Response(null, {
652
752
  status: 302,
653
753
  headers: headers2
654
754
  });
655
755
  }
656
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
756
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
757
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
657
758
  if (refreshResponse.error === "unexpected") {
658
759
  console.error("Unexpected error while refreshing access token");
659
760
  return new Response("Unexpected error", { status: 500 });
@@ -668,6 +769,10 @@ function getRouteHandlers(args) {
668
769
  "Set-Cookie",
669
770
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
670
771
  );
772
+ headers2.append(
773
+ "Set-Cookie",
774
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
775
+ );
671
776
  return new Response(null, {
672
777
  status: 302,
673
778
  headers: headers2
@@ -696,6 +801,10 @@ function getRouteHandlers(args) {
696
801
  "Set-Cookie",
697
802
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
698
803
  );
804
+ headers3.append(
805
+ "Set-Cookie",
806
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
807
+ );
699
808
  return new Response(null, { status: 200, headers: headers3 });
700
809
  }
701
810
  const authUrlOrigin = getAuthUrlOrigin();
@@ -720,9 +829,78 @@ function getRouteHandlers(args) {
720
829
  const headers2 = new Headers();
721
830
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
722
831
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
832
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
723
833
  return new Response(null, { status: 200, headers: headers2 });
724
834
  });
725
835
  }
836
+ function setActiveOrgHandler(req) {
837
+ return __async(this, null, function* () {
838
+ var _a;
839
+ const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
840
+ const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
841
+ if (!oldRefreshToken) {
842
+ const headers2 = new Headers();
843
+ headers2.append(
844
+ "Set-Cookie",
845
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
846
+ );
847
+ return new Response(null, { status: 401, headers: headers2 });
848
+ }
849
+ if (!activeOrgId) {
850
+ return new Response(null, { status: 400 });
851
+ }
852
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
853
+ if (refreshResponse.error === "unexpected") {
854
+ throw new Error("Unexpected error while setting active org id");
855
+ } else if (refreshResponse.error === "unauthorized") {
856
+ return new Response("Unauthorized", { status: 401 });
857
+ }
858
+ const refreshToken = refreshResponse.refreshToken;
859
+ const accessToken = refreshResponse.accessToken;
860
+ const authUrlOrigin = getAuthUrlOrigin();
861
+ const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
862
+ const response = yield fetch(path, {
863
+ headers: {
864
+ "Content-Type": "application/json",
865
+ Authorization: "Bearer " + accessToken
866
+ }
867
+ });
868
+ if (response.ok) {
869
+ const userFromToken = yield validateAccessToken(accessToken);
870
+ const data = yield response.json();
871
+ const jsonResponse = {
872
+ userinfo: data,
873
+ accessToken,
874
+ impersonatorUserId: userFromToken.impersonatorUserId,
875
+ activeOrgId
876
+ };
877
+ const headers2 = new Headers();
878
+ headers2.append(
879
+ "Set-Cookie",
880
+ `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
881
+ );
882
+ headers2.append(
883
+ "Set-Cookie",
884
+ `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
885
+ );
886
+ headers2.append(
887
+ "Set-Cookie",
888
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
889
+ );
890
+ headers2.append("Content-Type", "application/json");
891
+ return new Response(JSON.stringify(jsonResponse), {
892
+ status: 200,
893
+ headers: headers2
894
+ });
895
+ } else if (response.status === 401) {
896
+ return new Response(null, {
897
+ status: 401
898
+ });
899
+ } else {
900
+ return new Response(null, { status: 500 });
901
+ }
902
+ });
903
+ }
726
904
  function getRouteHandler(req, { params }) {
727
905
  if (params.slug === "login") {
728
906
  return loginGetHandler(req);
@@ -741,6 +919,8 @@ function getRouteHandlers(args) {
741
919
  function postRouteHandler(req, { params }) {
742
920
  if (params.slug === "logout") {
743
921
  return logoutPostHandler(req);
922
+ } else if (params.slug === "set-active-org") {
923
+ return setActiveOrgHandler(req);
744
924
  } else {
745
925
  return new Response("", { status: 404 });
746
926
  }
@@ -754,12 +934,52 @@ function randomState() {
754
934
  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
755
935
  return Array.from(randomBytes).map((b) => b.toString(16).padStart(2, "0")).join("");
756
936
  }
937
+ function redirectToLogin(redirectOptions) {
938
+ if (!redirectOptions) {
939
+ (0, import_navigation.redirect)(LOGIN_PATH);
940
+ } else if (redirectOptions.returnToPath) {
941
+ const loginPath = LOGIN_PATH + "?return_to_path=" + encodeURI(redirectOptions.returnToPath);
942
+ (0, import_navigation.redirect)(loginPath);
943
+ } else if (redirectOptions.returnToCurrentPath) {
944
+ const encodedPath = getUrlEncodedRedirectPathForCurrentUrl();
945
+ if (encodedPath) {
946
+ const loginPath = LOGIN_PATH + "?return_to_path=" + encodedPath;
947
+ (0, import_navigation.redirect)(loginPath);
948
+ } else {
949
+ console.warn("Could not get current URL to redirect to");
950
+ (0, import_navigation.redirect)(LOGIN_PATH);
951
+ }
952
+ }
953
+ }
954
+ function getUrlEncodedRedirectPathForCurrentUrl() {
955
+ const url = getCurrentUrl();
956
+ if (!url) {
957
+ return void 0;
958
+ }
959
+ try {
960
+ const urlObj = new URL(url);
961
+ return encodeURIComponent(urlObj.pathname + urlObj.search);
962
+ } catch (e) {
963
+ console.warn("Current URL is not a valid URL");
964
+ return void 0;
965
+ }
966
+ }
967
+ function getCurrentUrl() {
968
+ const url = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_URL);
969
+ if (!url) {
970
+ console.warn("Attempting to redirect to the current URL, but we could not find the current URL in the headers. Is the middleware set up?");
971
+ return void 0;
972
+ } else {
973
+ return url;
974
+ }
975
+ }
757
976
  // Annotate the CommonJS export names for ESM import in node:
758
977
  0 && (module.exports = {
759
978
  ConfigurationException,
760
979
  UnauthorizedException,
761
980
  authMiddleware,
762
981
  getAccessToken,
982
+ getCurrentUrl,
763
983
  getRouteHandlers,
764
984
  getUser,
765
985
  getUserOrRedirect