@propelauth/nextjs 0.0.118 → 0.0.120
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client/index.d.ts +69 -2
- package/dist/client/index.js +142 -8
- package/dist/client/index.js.map +1 -1
- package/dist/client/index.mjs +142 -8
- package/dist/client/index.mjs.map +1 -1
- package/dist/server/app-router/index.d.ts +73 -4
- package/dist/server/app-router/index.js +266 -46
- package/dist/server/app-router/index.js.map +1 -1
- package/dist/server/app-router/index.mjs +265 -46
- package/dist/server/app-router/index.mjs.map +1 -1
- package/dist/server/index.d.ts +61 -1
- package/dist/server/index.js +38 -13
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs +38 -13
- package/dist/server/index.mjs.map +1 -1
- package/dist/server/pages/index.d.ts +61 -1
- package/dist/server/pages/index.js +53 -21
- package/dist/server/pages/index.js.map +1 -1
- package/dist/server/pages/index.mjs +53 -21
- package/dist/server/pages/index.mjs.map +1 -1
- package/package.json +1 -1
@@ -54,6 +54,7 @@ __export(app_router_index_exports, {
|
|
54
54
|
UnauthorizedException: () => UnauthorizedException,
|
55
55
|
authMiddleware: () => authMiddleware,
|
56
56
|
getAccessToken: () => getAccessToken,
|
57
|
+
getCurrentUrl: () => getCurrentUrl,
|
57
58
|
getRouteHandlers: () => getRouteHandlers,
|
58
59
|
getUser: () => getUser,
|
59
60
|
getUserOrRedirect: () => getUserOrRedirect
|
@@ -108,8 +109,9 @@ function toLoginMethod(snake_case) {
|
|
108
109
|
|
109
110
|
// src/user.ts
|
110
111
|
var UserFromToken = class {
|
111
|
-
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) {
|
112
|
+
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
|
112
113
|
this.userId = userId;
|
114
|
+
this.activeOrgId = activeOrgId;
|
113
115
|
this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
|
114
116
|
this.email = email;
|
115
117
|
this.firstName = firstName;
|
@@ -120,6 +122,15 @@ var UserFromToken = class {
|
|
120
122
|
this.properties = properties;
|
121
123
|
this.loginMethod = loginMethod;
|
122
124
|
}
|
125
|
+
getActiveOrg() {
|
126
|
+
if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
|
127
|
+
return void 0;
|
128
|
+
}
|
129
|
+
return this.orgIdToOrgMemberInfo[this.activeOrgId];
|
130
|
+
}
|
131
|
+
getActiveOrgId() {
|
132
|
+
return this.activeOrgId;
|
133
|
+
}
|
123
134
|
getOrg(orgId) {
|
124
135
|
if (!this.orgIdToOrgMemberInfo) {
|
125
136
|
return void 0;
|
@@ -164,9 +175,35 @@ var UserFromToken = class {
|
|
164
175
|
obj.legacyUserId,
|
165
176
|
obj.impersonatorUserId,
|
166
177
|
obj.properties,
|
178
|
+
obj.activeOrgId,
|
167
179
|
obj.loginMethod
|
168
180
|
);
|
169
181
|
}
|
182
|
+
static fromJwtPayload(payload) {
|
183
|
+
let activeOrgId;
|
184
|
+
let orgIdToOrgMemberInfo;
|
185
|
+
if (payload.org_member_info) {
|
186
|
+
activeOrgId = payload.org_member_info.org_id;
|
187
|
+
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
|
188
|
+
} else {
|
189
|
+
activeOrgId = void 0;
|
190
|
+
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
|
191
|
+
}
|
192
|
+
const loginMethod = toLoginMethod(payload.login_method);
|
193
|
+
return new UserFromToken(
|
194
|
+
payload.user_id,
|
195
|
+
payload.email,
|
196
|
+
orgIdToOrgMemberInfo,
|
197
|
+
payload.first_name,
|
198
|
+
payload.last_name,
|
199
|
+
payload.username,
|
200
|
+
payload.legacy_user_id,
|
201
|
+
payload.impersonatorUserId,
|
202
|
+
payload.properties,
|
203
|
+
activeOrgId,
|
204
|
+
loginMethod
|
205
|
+
);
|
206
|
+
}
|
170
207
|
};
|
171
208
|
var OrgMemberInfo = class {
|
172
209
|
constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
|
@@ -215,18 +252,7 @@ var OrgMemberInfo = class {
|
|
215
252
|
}
|
216
253
|
};
|
217
254
|
function toUser(snake_case) {
|
218
|
-
return
|
219
|
-
snake_case.user_id,
|
220
|
-
snake_case.email,
|
221
|
-
toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
|
222
|
-
snake_case.first_name,
|
223
|
-
snake_case.last_name,
|
224
|
-
snake_case.username,
|
225
|
-
snake_case.legacy_user_id,
|
226
|
-
snake_case.impersonatorUserId,
|
227
|
-
snake_case.properties,
|
228
|
-
toLoginMethod(snake_case.login_method)
|
229
|
-
);
|
255
|
+
return UserFromToken.fromJwtPayload(snake_case);
|
230
256
|
}
|
231
257
|
function toOrgIdToOrgMemberInfo(snake_case) {
|
232
258
|
if (snake_case === void 0) {
|
@@ -260,6 +286,7 @@ var ACCESS_TOKEN_COOKIE_NAME = "__pa_at";
|
|
260
286
|
var REFRESH_TOKEN_COOKIE_NAME = "__pa_rt";
|
261
287
|
var STATE_COOKIE_NAME = "__pa_state";
|
262
288
|
var CUSTOM_HEADER_FOR_ACCESS_TOKEN = "x-propelauth-access-token";
|
289
|
+
var CUSTOM_HEADER_FOR_URL = "x-propelauth-current-url";
|
263
290
|
var RETURN_TO_PATH_COOKIE_NAME = "__pa_return_to_path";
|
264
291
|
var COOKIE_OPTIONS = {
|
265
292
|
httpOnly: true,
|
@@ -298,12 +325,17 @@ function getVerifierKey() {
|
|
298
325
|
}
|
299
326
|
return verifierKey.replace(/\\n/g, "\n");
|
300
327
|
}
|
301
|
-
function refreshTokenWithAccessAndRefreshToken(refreshToken) {
|
328
|
+
function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
|
302
329
|
return __async(this, null, function* () {
|
303
330
|
const body = {
|
304
331
|
refresh_token: refreshToken
|
305
332
|
};
|
306
|
-
const
|
333
|
+
const queryParams = new URLSearchParams();
|
334
|
+
if (activeOrgId) {
|
335
|
+
queryParams.set("with_active_org_support", "true");
|
336
|
+
queryParams.set("active_org_id", activeOrgId);
|
337
|
+
}
|
338
|
+
const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
|
307
339
|
const response = yield fetch(url, {
|
308
340
|
method: "POST",
|
309
341
|
body: JSON.stringify(body),
|
@@ -315,10 +347,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
|
|
315
347
|
if (response.ok) {
|
316
348
|
const data = yield response.json();
|
317
349
|
const newRefreshToken = data.refresh_token;
|
318
|
-
const {
|
319
|
-
access_token: accessToken,
|
320
|
-
expires_at_seconds: expiresAtSeconds
|
321
|
-
} = data.access_token;
|
350
|
+
const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
|
322
351
|
return {
|
323
352
|
refreshToken: newRefreshToken,
|
324
353
|
accessToken,
|
@@ -379,22 +408,24 @@ function validateAccessToken(accessToken) {
|
|
379
408
|
});
|
380
409
|
}
|
381
410
|
|
411
|
+
// src/shared.ts
|
412
|
+
var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
|
413
|
+
|
382
414
|
// src/server/app-router.ts
|
383
|
-
function getUserOrRedirect() {
|
415
|
+
function getUserOrRedirect(redirectOptions) {
|
384
416
|
return __async(this, null, function* () {
|
385
417
|
const user = yield getUser();
|
386
418
|
if (user) {
|
387
419
|
return user;
|
388
420
|
} else {
|
389
|
-
(
|
421
|
+
redirectToLogin(redirectOptions);
|
390
422
|
throw new Error("Redirecting to login");
|
391
423
|
}
|
392
424
|
});
|
393
425
|
}
|
394
426
|
function getUser() {
|
395
427
|
return __async(this, null, function* () {
|
396
|
-
|
397
|
-
const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
428
|
+
const accessToken = getAccessToken();
|
398
429
|
if (accessToken) {
|
399
430
|
const user = yield validateAccessTokenOrUndefined(accessToken);
|
400
431
|
if (user) {
|
@@ -405,50 +436,57 @@ function getUser() {
|
|
405
436
|
});
|
406
437
|
}
|
407
438
|
function getAccessToken() {
|
408
|
-
|
409
|
-
|
410
|
-
return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
411
|
-
});
|
439
|
+
var _a;
|
440
|
+
return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
412
441
|
}
|
413
442
|
function authMiddleware(req) {
|
414
443
|
return __async(this, null, function* () {
|
415
|
-
var _a, _b;
|
444
|
+
var _a, _b, _c;
|
416
445
|
if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
|
417
446
|
throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
|
447
|
+
} else if (req.headers.has(CUSTOM_HEADER_FOR_URL)) {
|
448
|
+
throw new Error(`${CUSTOM_HEADER_FOR_URL} is set which is for internal use only`);
|
418
449
|
} else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
|
419
|
-
return
|
450
|
+
return getNextResponse(req);
|
420
451
|
}
|
421
452
|
const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
422
453
|
const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
|
454
|
+
const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
|
423
455
|
if (accessToken) {
|
424
456
|
const user = yield validateAccessTokenOrUndefined(accessToken);
|
425
457
|
if (user) {
|
426
|
-
return
|
458
|
+
return getNextResponse(req);
|
427
459
|
}
|
428
460
|
}
|
429
461
|
if (refreshToken) {
|
430
|
-
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
|
462
|
+
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
|
431
463
|
if (response.error === "unexpected") {
|
432
464
|
throw new Error("Unexpected error while refreshing access token");
|
433
465
|
} else if (response.error === "unauthorized") {
|
434
|
-
const response2 =
|
466
|
+
const response2 = getNextResponse(req);
|
435
467
|
response2.cookies.delete(ACCESS_TOKEN_COOKIE_NAME);
|
436
468
|
response2.cookies.delete(REFRESH_TOKEN_COOKIE_NAME);
|
437
469
|
return response2;
|
438
470
|
} else {
|
439
|
-
const
|
440
|
-
headers2.append(CUSTOM_HEADER_FOR_ACCESS_TOKEN, response.accessToken);
|
441
|
-
const nextResponse = import_server.NextResponse.next({
|
442
|
-
request: {
|
443
|
-
headers: headers2
|
444
|
-
}
|
445
|
-
});
|
471
|
+
const nextResponse = getNextResponse(req, response.accessToken);
|
446
472
|
nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS);
|
447
473
|
nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS);
|
448
474
|
return nextResponse;
|
449
475
|
}
|
450
476
|
}
|
451
|
-
return
|
477
|
+
return getNextResponse(req);
|
478
|
+
});
|
479
|
+
}
|
480
|
+
function getNextResponse(request, newAccessToken) {
|
481
|
+
const headers2 = new Headers(request.headers);
|
482
|
+
headers2.set(CUSTOM_HEADER_FOR_URL, request.nextUrl.toString());
|
483
|
+
if (newAccessToken) {
|
484
|
+
headers2.set(CUSTOM_HEADER_FOR_ACCESS_TOKEN, newAccessToken);
|
485
|
+
}
|
486
|
+
return import_server.NextResponse.next({
|
487
|
+
request: {
|
488
|
+
headers: headers2
|
489
|
+
}
|
452
490
|
});
|
453
491
|
}
|
454
492
|
function getRouteHandlers(args) {
|
@@ -488,7 +526,7 @@ function getRouteHandlers(args) {
|
|
488
526
|
}
|
489
527
|
function callbackGetHandler(req) {
|
490
528
|
return __async(this, null, function* () {
|
491
|
-
var _a, _b;
|
529
|
+
var _a, _b, _c;
|
492
530
|
const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
|
493
531
|
if (!oauthState || oauthState.length !== 64) {
|
494
532
|
return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
|
@@ -524,6 +562,49 @@ function getRouteHandlers(args) {
|
|
524
562
|
console.error("postLoginRedirectPathFn returned undefined");
|
525
563
|
return new Response("Unexpected error", { status: 500 });
|
526
564
|
}
|
565
|
+
const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
|
566
|
+
const user = yield validateAccessToken(accessToken);
|
567
|
+
const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
|
568
|
+
let activeOrgId = void 0;
|
569
|
+
if (isUserInCurrentActiveOrg) {
|
570
|
+
activeOrgId = currentActiveOrgId;
|
571
|
+
} else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
|
572
|
+
activeOrgId = args.getDefaultActiveOrgId(req, user);
|
573
|
+
}
|
574
|
+
if (activeOrgId) {
|
575
|
+
const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
|
576
|
+
if (response2.error === "unexpected") {
|
577
|
+
throw new Error("Unexpected error while setting active org");
|
578
|
+
} else if (response2.error === "unauthorized") {
|
579
|
+
console.error(
|
580
|
+
"Unauthorized error while setting active org. Your user may not have access to this org"
|
581
|
+
);
|
582
|
+
return new Response("Unauthorized", { status: 401 });
|
583
|
+
} else {
|
584
|
+
const headers3 = new Headers();
|
585
|
+
headers3.append("Location", returnToPath);
|
586
|
+
headers3.append(
|
587
|
+
"Set-Cookie",
|
588
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
589
|
+
);
|
590
|
+
headers3.append(
|
591
|
+
"Set-Cookie",
|
592
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
593
|
+
);
|
594
|
+
headers3.append(
|
595
|
+
"Set-Cookie",
|
596
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
597
|
+
);
|
598
|
+
headers3.append(
|
599
|
+
"Set-Cookie",
|
600
|
+
`${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
601
|
+
);
|
602
|
+
return new Response(null, {
|
603
|
+
status: 302,
|
604
|
+
headers: headers3
|
605
|
+
});
|
606
|
+
}
|
607
|
+
}
|
527
608
|
const headers2 = new Headers();
|
528
609
|
headers2.append("Location", returnToPath);
|
529
610
|
headers2.append(
|
@@ -534,6 +615,10 @@ function getRouteHandlers(args) {
|
|
534
615
|
"Set-Cookie",
|
535
616
|
`${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
536
617
|
);
|
618
|
+
headers2.append(
|
619
|
+
"Set-Cookie",
|
620
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
621
|
+
);
|
537
622
|
headers2.append(
|
538
623
|
"Set-Cookie",
|
539
624
|
`${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
@@ -554,10 +639,11 @@ function getRouteHandlers(args) {
|
|
554
639
|
}
|
555
640
|
function userinfoGetHandler(req) {
|
556
641
|
return __async(this, null, function* () {
|
557
|
-
var _a;
|
642
|
+
var _a, _b;
|
558
643
|
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
644
|
+
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
|
559
645
|
if (oldRefreshToken) {
|
560
|
-
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
|
646
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
|
561
647
|
if (refreshResponse.error === "unexpected") {
|
562
648
|
throw new Error("Unexpected error while refreshing access token");
|
563
649
|
} else if (refreshResponse.error === "unauthorized") {
|
@@ -570,6 +656,10 @@ function getRouteHandlers(args) {
|
|
570
656
|
"Set-Cookie",
|
571
657
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
572
658
|
);
|
659
|
+
headers3.append(
|
660
|
+
"Set-Cookie",
|
661
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
662
|
+
);
|
573
663
|
return new Response("Unauthorized", { status: 401, headers: headers3 });
|
574
664
|
}
|
575
665
|
const refreshToken = refreshResponse.refreshToken;
|
@@ -588,7 +678,8 @@ function getRouteHandlers(args) {
|
|
588
678
|
const jsonResponse = {
|
589
679
|
userinfo: data,
|
590
680
|
accessToken,
|
591
|
-
impersonatorUserId: userFromToken.impersonatorUserId
|
681
|
+
impersonatorUserId: userFromToken.impersonatorUserId,
|
682
|
+
activeOrgId
|
592
683
|
};
|
593
684
|
const headers3 = new Headers();
|
594
685
|
headers3.append(
|
@@ -614,6 +705,10 @@ function getRouteHandlers(args) {
|
|
614
705
|
"Set-Cookie",
|
615
706
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
616
707
|
);
|
708
|
+
headers3.append(
|
709
|
+
"Set-Cookie",
|
710
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
711
|
+
);
|
617
712
|
return new Response(null, {
|
618
713
|
status: 401,
|
619
714
|
headers: headers3
|
@@ -625,12 +720,13 @@ function getRouteHandlers(args) {
|
|
625
720
|
const headers2 = new Headers();
|
626
721
|
headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
627
722
|
headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
723
|
+
headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
628
724
|
return new Response(null, { status: 401 });
|
629
725
|
});
|
630
726
|
}
|
631
727
|
function logoutGetHandler(req) {
|
632
728
|
return __async(this, null, function* () {
|
633
|
-
var _a;
|
729
|
+
var _a, _b;
|
634
730
|
const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
|
635
731
|
if (!path) {
|
636
732
|
console.error("postLoginPathFn returned undefined");
|
@@ -648,12 +744,17 @@ function getRouteHandlers(args) {
|
|
648
744
|
"Set-Cookie",
|
649
745
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
650
746
|
);
|
747
|
+
headers2.append(
|
748
|
+
"Set-Cookie",
|
749
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
750
|
+
);
|
651
751
|
return new Response(null, {
|
652
752
|
status: 302,
|
653
753
|
headers: headers2
|
654
754
|
});
|
655
755
|
}
|
656
|
-
const
|
756
|
+
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
|
757
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
|
657
758
|
if (refreshResponse.error === "unexpected") {
|
658
759
|
console.error("Unexpected error while refreshing access token");
|
659
760
|
return new Response("Unexpected error", { status: 500 });
|
@@ -668,6 +769,10 @@ function getRouteHandlers(args) {
|
|
668
769
|
"Set-Cookie",
|
669
770
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
670
771
|
);
|
772
|
+
headers2.append(
|
773
|
+
"Set-Cookie",
|
774
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
775
|
+
);
|
671
776
|
return new Response(null, {
|
672
777
|
status: 302,
|
673
778
|
headers: headers2
|
@@ -696,6 +801,10 @@ function getRouteHandlers(args) {
|
|
696
801
|
"Set-Cookie",
|
697
802
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
698
803
|
);
|
804
|
+
headers3.append(
|
805
|
+
"Set-Cookie",
|
806
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
807
|
+
);
|
699
808
|
return new Response(null, { status: 200, headers: headers3 });
|
700
809
|
}
|
701
810
|
const authUrlOrigin = getAuthUrlOrigin();
|
@@ -720,9 +829,78 @@ function getRouteHandlers(args) {
|
|
720
829
|
const headers2 = new Headers();
|
721
830
|
headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
722
831
|
headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
832
|
+
headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
723
833
|
return new Response(null, { status: 200, headers: headers2 });
|
724
834
|
});
|
725
835
|
}
|
836
|
+
function setActiveOrgHandler(req) {
|
837
|
+
return __async(this, null, function* () {
|
838
|
+
var _a;
|
839
|
+
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
840
|
+
const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
|
841
|
+
if (!oldRefreshToken) {
|
842
|
+
const headers2 = new Headers();
|
843
|
+
headers2.append(
|
844
|
+
"Set-Cookie",
|
845
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
846
|
+
);
|
847
|
+
return new Response(null, { status: 401, headers: headers2 });
|
848
|
+
}
|
849
|
+
if (!activeOrgId) {
|
850
|
+
return new Response(null, { status: 400 });
|
851
|
+
}
|
852
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
|
853
|
+
if (refreshResponse.error === "unexpected") {
|
854
|
+
throw new Error("Unexpected error while setting active org id");
|
855
|
+
} else if (refreshResponse.error === "unauthorized") {
|
856
|
+
return new Response("Unauthorized", { status: 401 });
|
857
|
+
}
|
858
|
+
const refreshToken = refreshResponse.refreshToken;
|
859
|
+
const accessToken = refreshResponse.accessToken;
|
860
|
+
const authUrlOrigin = getAuthUrlOrigin();
|
861
|
+
const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
|
862
|
+
const response = yield fetch(path, {
|
863
|
+
headers: {
|
864
|
+
"Content-Type": "application/json",
|
865
|
+
Authorization: "Bearer " + accessToken
|
866
|
+
}
|
867
|
+
});
|
868
|
+
if (response.ok) {
|
869
|
+
const userFromToken = yield validateAccessToken(accessToken);
|
870
|
+
const data = yield response.json();
|
871
|
+
const jsonResponse = {
|
872
|
+
userinfo: data,
|
873
|
+
accessToken,
|
874
|
+
impersonatorUserId: userFromToken.impersonatorUserId,
|
875
|
+
activeOrgId
|
876
|
+
};
|
877
|
+
const headers2 = new Headers();
|
878
|
+
headers2.append(
|
879
|
+
"Set-Cookie",
|
880
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
881
|
+
);
|
882
|
+
headers2.append(
|
883
|
+
"Set-Cookie",
|
884
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
885
|
+
);
|
886
|
+
headers2.append(
|
887
|
+
"Set-Cookie",
|
888
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
889
|
+
);
|
890
|
+
headers2.append("Content-Type", "application/json");
|
891
|
+
return new Response(JSON.stringify(jsonResponse), {
|
892
|
+
status: 200,
|
893
|
+
headers: headers2
|
894
|
+
});
|
895
|
+
} else if (response.status === 401) {
|
896
|
+
return new Response(null, {
|
897
|
+
status: 401
|
898
|
+
});
|
899
|
+
} else {
|
900
|
+
return new Response(null, { status: 500 });
|
901
|
+
}
|
902
|
+
});
|
903
|
+
}
|
726
904
|
function getRouteHandler(req, { params }) {
|
727
905
|
if (params.slug === "login") {
|
728
906
|
return loginGetHandler(req);
|
@@ -741,6 +919,8 @@ function getRouteHandlers(args) {
|
|
741
919
|
function postRouteHandler(req, { params }) {
|
742
920
|
if (params.slug === "logout") {
|
743
921
|
return logoutPostHandler(req);
|
922
|
+
} else if (params.slug === "set-active-org") {
|
923
|
+
return setActiveOrgHandler(req);
|
744
924
|
} else {
|
745
925
|
return new Response("", { status: 404 });
|
746
926
|
}
|
@@ -754,12 +934,52 @@ function randomState() {
|
|
754
934
|
const randomBytes = crypto.getRandomValues(new Uint8Array(32));
|
755
935
|
return Array.from(randomBytes).map((b) => b.toString(16).padStart(2, "0")).join("");
|
756
936
|
}
|
937
|
+
function redirectToLogin(redirectOptions) {
|
938
|
+
if (!redirectOptions) {
|
939
|
+
(0, import_navigation.redirect)(LOGIN_PATH);
|
940
|
+
} else if (redirectOptions.returnToPath) {
|
941
|
+
const loginPath = LOGIN_PATH + "?return_to_path=" + encodeURI(redirectOptions.returnToPath);
|
942
|
+
(0, import_navigation.redirect)(loginPath);
|
943
|
+
} else if (redirectOptions.returnToCurrentPath) {
|
944
|
+
const encodedPath = getUrlEncodedRedirectPathForCurrentUrl();
|
945
|
+
if (encodedPath) {
|
946
|
+
const loginPath = LOGIN_PATH + "?return_to_path=" + encodedPath;
|
947
|
+
(0, import_navigation.redirect)(loginPath);
|
948
|
+
} else {
|
949
|
+
console.warn("Could not get current URL to redirect to");
|
950
|
+
(0, import_navigation.redirect)(LOGIN_PATH);
|
951
|
+
}
|
952
|
+
}
|
953
|
+
}
|
954
|
+
function getUrlEncodedRedirectPathForCurrentUrl() {
|
955
|
+
const url = getCurrentUrl();
|
956
|
+
if (!url) {
|
957
|
+
return void 0;
|
958
|
+
}
|
959
|
+
try {
|
960
|
+
const urlObj = new URL(url);
|
961
|
+
return encodeURIComponent(urlObj.pathname + urlObj.search);
|
962
|
+
} catch (e) {
|
963
|
+
console.warn("Current URL is not a valid URL");
|
964
|
+
return void 0;
|
965
|
+
}
|
966
|
+
}
|
967
|
+
function getCurrentUrl() {
|
968
|
+
const url = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_URL);
|
969
|
+
if (!url) {
|
970
|
+
console.warn("Attempting to redirect to the current URL, but we could not find the current URL in the headers. Is the middleware set up?");
|
971
|
+
return void 0;
|
972
|
+
} else {
|
973
|
+
return url;
|
974
|
+
}
|
975
|
+
}
|
757
976
|
// Annotate the CommonJS export names for ESM import in node:
|
758
977
|
0 && (module.exports = {
|
759
978
|
ConfigurationException,
|
760
979
|
UnauthorizedException,
|
761
980
|
authMiddleware,
|
762
981
|
getAccessToken,
|
982
|
+
getCurrentUrl,
|
763
983
|
getRouteHandlers,
|
764
984
|
getUser,
|
765
985
|
getUserOrRedirect
|