@propelauth/nextjs 0.0.63 → 0.0.68
Sign up to get free protection for your applications and to get access to all the features.
- package/README.md +32 -37
- package/dist/server/app-router/index.d.ts +75 -0
- package/dist/server/app-router/index.js +624 -0
- package/dist/server/app-router/index.js.map +1 -0
- package/dist/server/app-router/index.mjs +583 -0
- package/dist/server/app-router/index.mjs.map +1 -0
- package/dist/server/index.d.ts +4 -43
- package/dist/server/index.js +56 -423
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs +54 -422
- package/dist/server/index.mjs.map +1 -1
- package/dist/server/pages/index.d.ts +47 -0
- package/dist/server/pages/index.js +356 -0
- package/dist/server/pages/index.js.map +1 -0
- package/dist/server/pages/index.mjs +320 -0
- package/dist/server/pages/index.mjs.map +1 -0
- package/package.json +18 -1
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"sources":["../../src/user.ts","../../src/server/exceptions.ts","../../src/server/server-actions.ts","../../src/server/validators.ts","../../src/server/auth.ts"],"sourcesContent":["export class User {\n public userId: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string\n ) {\n this.userId = userId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, \"-\")\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): User {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(\n JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])\n )\n }\n return new User(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n\n private userAssignedRole: string\n private userInheritedRolesPlusCurrentRole: string[]\n private userPermissions: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n return this.userAssignedRole === role\n }\n\n public isAtLeastRole(role: string): boolean {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n return this.userInheritedRolesPlusCurrentRole\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n}\nexport type InternalUser = {\n user_id: string\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): User {\n return new User(\n snake_case.user_id,\n snake_case.email,\n toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),\n snake_case.first_name,\n snake_case.last_name,\n snake_case.username,\n snake_case.legacy_user_id,\n snake_case.impersonatorUserId\n )\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions\n )\n }\n }\n\n return camelCase\n}\n","export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import * as jose from \"jose\"\nimport {cookies, headers} from \"next/headers\"\nimport {redirect} from \"next/navigation\"\nimport {ConfigurationException, UnauthorizedException} from \"./exceptions\"\nimport {InternalUser, OrgMemberInfo, toOrgIdToOrgMemberInfo, toUser, User} from \"../user\"\nimport {NextRequest, NextResponse} from \"next/server\";\nimport {ResponseCookie} from \"next/dist/compiled/@edge-runtime/cookies\";\nimport {GetServerSidePropsContext} from \"next\";\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: \"none\"\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: \"unauthorized\"\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: \"unexpected\"\n}\n\ntype RefreshTokenResponse = RefreshAndAccessTokens | RefreshAndAccessTokensUnauthorizedError | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = \"/api/auth/login\"\nexport const CALLBACK_PATH = \"/api/auth/callback\"\nexport const USERINFO_PATH= \"/api/auth/userinfo\"\nexport const LOGOUT_PATH = \"/api/auth/logout\"\nexport const ACCESS_TOKEN_COOKIE_NAME = \"__pa_at\"\nexport const REFRESH_TOKEN_COOKIE_NAME = \"__pa_rt\"\nexport const STATE_COOKIE_NAME = \"__pa_state\"\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = \"x-propelauth-access-token\"\n\nconst COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: \"lax\",\n secure: true,\n path: \"/\",\n}\n\nexport type ServerActionArgs = {\n authUrlOrigin: string\n redirectUri: string\n integrationApiKey: string\n verifierKey: string\n postLoginPathFn: (user: User) => string\n}\n\n\nexport type ServerActions = {\n getUser: () => Promise<User | undefined>\n getUserOrRedirect: () => Promise<User>\n getUserFromServerSideProps: (context: GetServerSidePropsContext) => Promise<User | undefined>\n validateAccessToken: (accessToken: string) => Promise<User>\n validateAccessTokenOrUndefined: (accessToken: string) => Promise<User | undefined>\n getRouteHandler: (req: NextRequest, { params }: { params: { slug: string } }) => Response | Promise<Response>\n postRouteHandler: (req: NextRequest, { params }: { params: { slug: string } }) => Response | Promise<Response>\n authMiddleware: (req: NextRequest) => Promise<Response>\n}\n\nexport function getServerActions({\n authUrlOrigin,\n postLoginPathFn,\n verifierKey,\n integrationApiKey,\n redirectUri,\n}: ServerActionArgs): ServerActions {\n const publicKeyPromise = jose.importSPKI(verifierKey, \"RS256\")\n async function getUserOrRedirect(): Promise<User> {\n const user = await getUser()\n if (user) {\n return user\n } else {\n redirect(LOGIN_PATH)\n throw new Error(\"Redirecting to login\")\n }\n }\n\n async function getUser(): Promise<User | undefined> {\n const accessToken = headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || cookies().get(ACCESS_TOKEN_COOKIE_NAME)?.value\n if (accessToken) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return user\n }\n }\n return undefined\n }\n\n // Purpose of this middleware is just to keep the access token cookie alive\n // In an ideal world, this could be done in `getUser`, however, you can't\n // set a cookie in a server component.\n // There also doesn't seem to be any way right now to set a cookie in a\n // middleware and pass it forward (you can only set them on the response).\n // You CAN, however, pass in custom headers,\n // so we'll use CUSTOM_HEADER_FOR_ACCESS_TOKEN as a workaround\n async function authMiddleware(req: NextRequest): Promise<Response> {\n if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {\n throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`)\n } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH) {\n // Don't do anything for the callback or logout paths, as they will modify the cookies themselves\n return NextResponse.next()\n }\n\n const accessToken = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)?.value\n const refreshToken = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)?.value\n\n // For the userinfo endpoint, we want to get the most up-to-date info, so we'll refresh the access token\n if (req.nextUrl.pathname === USERINFO_PATH && refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken)\n if (response.error === \"unexpected\") {\n throw new Error(\"Unexpected error while refreshing access token\")\n } else if (response.error === \"unauthorized\") {\n const headers = new Headers()\n headers.append(\"Set-Cookie\", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n headers.append(\"Set-Cookie\", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n return new Response(\"Unauthorized\", {status: 401, headers})\n } else {\n const headers = new Headers(req.headers)\n // Pass along the new access token in a header since cookies don't work\n headers.append(CUSTOM_HEADER_FOR_ACCESS_TOKEN, response.accessToken)\n const nextResponse = NextResponse.next({\n request: {\n headers\n }\n })\n nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS)\n nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS)\n return nextResponse\n }\n }\n\n // If we are authenticated, we can continue\n if (accessToken) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return NextResponse.next()\n }\n }\n\n // Otherwise, we need to refresh the access token\n if (refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken)\n if (response.error === \"unexpected\") {\n throw new Error(\"Unexpected error while refreshing access token\")\n } else if (response.error === \"unauthorized\") {\n const response = NextResponse.next()\n response.cookies.delete(ACCESS_TOKEN_COOKIE_NAME)\n response.cookies.delete(REFRESH_TOKEN_COOKIE_NAME)\n return response\n } else {\n const headers = new Headers(req.headers)\n // Pass along the new access token in a header since cookies don't work\n headers.append(CUSTOM_HEADER_FOR_ACCESS_TOKEN, response.accessToken)\n const nextResponse = NextResponse.next({\n request: {\n headers\n }\n })\n nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS)\n nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS)\n return nextResponse\n }\n }\n\n return NextResponse.next()\n }\n\n function getRouteHandler(req: NextRequest, { params }: { params: { slug: string } }) {\n if (params.slug === \"login\") {\n return loginGetHandler()\n } else if (params.slug === \"signup\") {\n return signupGetHandler()\n } else if (params.slug === \"callback\") {\n return callbackGetHandler(req)\n } else if (params.slug === \"userinfo\") {\n return userinfoGetHandler(req)\n } else {\n return new Response(\"\", { status: 404 })\n }\n }\n\n function postRouteHandler(req: NextRequest, { params }: { params: { slug: string } }) {\n if (params.slug === \"logout\") {\n return logoutPostHandler(req)\n } else {\n return new Response(\"\", { status: 404 })\n }\n }\n\n function loginGetHandler() {\n const state = randomState()\n const authorize_url =\n authUrlOrigin + \"/propelauth/ssr/authorize?redirect_uri=\" + redirectUri + \"&state=\" + state\n return new Response(null, {\n status: 302,\n headers: {\n Location: authorize_url,\n \"Set-Cookie\": `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n }\n })\n }\n\n function signupGetHandler() {\n const state = randomState()\n const authorize_url =\n authUrlOrigin + \"/propelauth/ssr/authorize?redirect_uri=\" + redirectUri + \"&state=\" + state + \"&signup=true\"\n return new Response(null, {\n status: 302,\n headers: {\n Location: authorize_url,\n \"Set-Cookie\": `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n }\n })\n }\n\n async function callbackGetHandler(req: NextRequest) {\n const oauthState = req.cookies.get(STATE_COOKIE_NAME)?.value\n if (!oauthState || oauthState.length !== 64) {\n console.log(\"No oauth state found\")\n return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } })\n }\n\n const queryParams = req.nextUrl.searchParams\n const state = queryParams.get(\"state\")\n const code = queryParams.get(\"code\")\n if (state !== oauthState) {\n console.log(\"Mismatch between states, redirecting to login\")\n return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } })\n }\n\n const oauth_token_body = {\n redirect_uri: redirectUri,\n code,\n }\n const url = `${authUrlOrigin}/propelauth/ssr/token`\n const response = await fetch(url, {\n method: \"POST\",\n body: JSON.stringify(oauth_token_body),\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: \"Bearer \" + integrationApiKey,\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n\n const accessToken = data.access_token\n const user = await validateAccessToken(accessToken)\n const path = postLoginPathFn(user)\n if (!path) {\n console.log(\"postLoginPathFn returned undefined\")\n return new Response(\"Unexpected error\", { status: 500 })\n }\n\n const headers = new Headers()\n headers.append(\"Location\", path)\n headers.append(\"Set-Cookie\", `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`)\n headers.append(\"Set-Cookie\", `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`)\n return new Response(null, {\n status: 302,\n headers\n })\n } else if (response.status === 401) {\n return new Response(\"Unexpected error\", { status: 500 })\n } else {\n return new Response(\"Unexpected error\", { status: 500 })\n }\n }\n\n async function userinfoGetHandler(req: NextRequest) {\n const accessToken = req.headers.get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)?.value\n if (accessToken) {\n const path = `${authUrlOrigin}/propelauth/oauth/userinfo`\n const response = await fetch(path, {\n headers: {\n \"Content-Type\": \"application/json\",\n \"Authorization\": \"Bearer \" + accessToken,\n }\n })\n if (response.ok) {\n const data = await response.json()\n\n const user = new User(\n data.user_id,\n data.email,\n toOrgIdToOrgMemberInfo(data.org_id_to_org_info),\n data.first_name,\n data.last_name,\n data.username,\n data.legacy_user_id,\n data.impersonator_user_id,\n )\n\n return new Response(JSON.stringify(user), {\n status: 200,\n headers: {\n \"Content-Type\": \"application/json\",\n }\n })\n } else if (response.status === 401) {\n return new Response(null, { status: 401 })\n } else {\n return new Response(null, { status: 500 })\n }\n }\n return new Response(null, { status: 401 })\n }\n\n async function getUserFromServerSideProps(props: GetServerSidePropsContext) {\n const accessToken = props.req.cookies[ACCESS_TOKEN_COOKIE_NAME]\n const refreshToken = props.req.cookies[REFRESH_TOKEN_COOKIE_NAME]\n\n // If we are authenticated, we can continue\n if (accessToken) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return user\n }\n }\n\n // Otherwise, we need to refresh the access token\n if (refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken)\n if (response.error === \"unexpected\") {\n throw new Error(\"Unexpected error while refreshing access token\")\n } else if (response.error === \"unauthorized\") {\n props.res.setHeader(\"Set-Cookie\", [\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n ])\n return undefined\n } else {\n const user = await validateAccessToken(response.accessToken)\n props.res.setHeader(\"Set-Cookie\", [\n `${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n `${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n ])\n return user\n }\n }\n\n return undefined\n }\n\n async function refreshTokenWithAccessAndRefreshToken(refreshToken: string): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n const url = `${authUrlOrigin}/api/backend/v1/refresh_token`\n const response = await fetch(url, {\n method: \"POST\",\n body: JSON.stringify(body),\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: \"Bearer \" + integrationApiKey,\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const {\n access_token: accessToken,\n expires_at_seconds: expiresAtSeconds,\n } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: \"none\",\n }\n } else if (response.status === 400) {\n return { error: \"unauthorized\" }\n } else {\n return { error: \"unexpected\" }\n }\n }\n\n async function logoutPostHandler(req: NextRequest) {\n const refresh_token = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)?.value\n if (!refresh_token) {\n const headers = new Headers()\n headers.append(\"Set-Cookie\", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n headers.append(\"Set-Cookie\", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n return new Response(null, { status: 200, headers })\n }\n\n const logoutBody = { refresh_token }\n const url = `${authUrlOrigin}/api/backend/v1/logout`\n const response = await fetch(url, {\n method: \"POST\",\n body: JSON.stringify(logoutBody),\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: \"Bearer \" + integrationApiKey,\n },\n })\n\n if (!response.ok) {\n console.log(\n \"Unable to logout, clearing cookies and continuing anyway\",\n response.status,\n response.statusText\n )\n }\n const headers = new Headers()\n headers.append(\"Set-Cookie\", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n headers.append(\"Set-Cookie\", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`)\n return new Response(null, { status: 200, headers })\n }\n\n async function validateAccessTokenOrUndefined(accessToken: string | undefined): Promise<User | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.log(\"Error validating access token\", err)\n return undefined\n }\n }\n }\n\n async function validateAccessToken(accessToken: string | undefined): Promise<User> {\n let publicKey\n try {\n publicKey = await publicKeyPromise\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException(\"Invalid verifier key\")\n }\n\n if (!accessToken) {\n throw new UnauthorizedException(\"No access token provided\")\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith(\"bearer \")) {\n accessTokenWithoutBearer = accessToken.substring(\"bearer \".length)\n }\n\n try {\n const { payload } = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: authUrlOrigin,\n algorithms: [\"RS256\"],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException(\"Unable to decode jwt\")\n }\n }\n }\n\n return {\n getUser,\n getUserOrRedirect,\n getUserFromServerSideProps,\n validateAccessToken,\n validateAccessTokenOrUndefined,\n getRouteHandler,\n postRouteHandler,\n authMiddleware,\n }\n}\n\nfunction randomState(): string {\n const randomBytes = crypto.getRandomValues(new Uint8Array(32))\n return Array.from(randomBytes)\n .map((b) => b.toString(16).padStart(2, \"0\"))\n .join(\"\")\n}","export function validateAuthUrl(authUrl: string): URL {\n try {\n return new URL(authUrl)\n } catch (e) {\n console.error(\"Invalid authUrl\", e)\n throw new Error(\"Unable to initialize auth client\")\n }\n}\n","import { getServerActions } from \"./server-actions\"\nimport { User } from \"../user\"\nimport { validateAuthUrl } from \"./validators\"\n\nexport type InitializeAuthOptions = {\n authUrl: string\n redirectUri: string\n integrationApiKey: string\n verifierKey: string\n postLoginRedirectPathFn?: (user: User) => string\n}\n\nexport function initializeAuth(opts: InitializeAuthOptions) {\n const authUrl = validateAuthUrl(opts.authUrl).origin\n const postLoginPathFn =\n opts.postLoginRedirectPathFn ||\n function () {\n return \"/\"\n }\n\n return getServerActions({\n authUrlOrigin: authUrl,\n verifierKey: opts.verifierKey,\n redirectUri: opts.redirectUri,\n integrationApiKey: opts.integrationApiKey,\n postLoginPathFn,\n })\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAO,IAAM,OAAN,MAAW;AAAA,EAed,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACF;AACE,SAAK,SAAS;AACd,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAAA,EAC9B;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAAoB;AACvC,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc;AAAA,QACxC,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC;AAAA,MAClD;AAAA,IACJ;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AACJ;AAMO,IAAM,gBAAN,MAAoB;AAAA,EAUvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AAEtB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AAAA,EAC3B;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,WAAO,KAAK,qBAAqB;AAAA,EACrC;AAAA,EAEO,cAAc,MAAuB;AACxC,WAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,EAC/D;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAA0C;AAC1C,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AA2BO,SAAS,OAAO,YAAgC;AACnD,SAAO,IAAI;AAAA,IACP,WAAW;AAAA,IACX,WAAW;AAAA,IACX,uBAAuB,WAAW,yBAAyB;AAAA,IAC3D,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,EACf;AACJ;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;AC3OO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACpBA,YAAY,UAAU;AACtB,SAAQ,SAAS,eAAc;AAC/B,SAAQ,gBAAe;AAGvB,SAAqB,oBAAmB;AAoBjC,IAAM,aAAa;AACnB,IAAM,gBAAgB;AACtB,IAAM,gBAAe;AACrB,IAAM,cAAc;AACpB,IAAM,2BAA2B;AACjC,IAAM,4BAA4B;AAClC,IAAM,oBAAoB;AAC1B,IAAM,iCAAiC;AAE9C,IAAM,iBAA0C;AAAA,EAC5C,UAAU;AAAA,EACV,UAAU;AAAA,EACV,QAAQ;AAAA,EACR,MAAM;AACV;AAsBO,SAAS,iBAAiB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACJ,GAAoC;AAChC,QAAM,mBAAwB,gBAAW,aAAa,OAAO;AAC7D,WAAe,oBAAmC;AAAA;AAC9C,YAAM,OAAO,MAAM,QAAQ;AAC3B,UAAI,MAAM;AACN,eAAO;AAAA,MACX,OAAO;AACH,iBAAS,UAAU;AACnB,cAAM,IAAI,MAAM,sBAAsB;AAAA,MAC1C;AAAA,IACJ;AAAA;AAEA,WAAe,UAAqC;AAAA;AA/ExD;AAgFQ,YAAM,cAAc,QAAQ,EAAE,IAAI,8BAA8B,OAAK,aAAQ,EAAE,IAAI,wBAAwB,MAAtC,mBAAyC;AAC9G,UAAI,aAAa;AACb,cAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,YAAI,MAAM;AACN,iBAAO;AAAA,QACX;AAAA,MACJ;AACA,aAAO;AAAA,IACX;AAAA;AASA,WAAe,eAAe,KAAqC;AAAA;AAjGvE;AAkGQ,UAAI,IAAI,QAAQ,IAAI,8BAA8B,GAAG;AACjD,cAAM,IAAI,MAAM,GAAG,sEAAsE;AAAA,MAC7F,WAAW,IAAI,QAAQ,aAAa,iBAAiB,IAAI,QAAQ,aAAa,aAAa;AAEvF,eAAO,aAAa,KAAK;AAAA,MAC7B;AAEA,YAAM,eAAc,SAAI,QAAQ,IAAI,wBAAwB,MAAxC,mBAA2C;AAC/D,YAAM,gBAAe,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AAGjE,UAAI,IAAI,QAAQ,aAAa,iBAAiB,cAAc;AACxD,cAAM,WAAW,MAAM,sCAAsC,YAAY;AACzE,YAAI,SAAS,UAAU,cAAc;AACjC,gBAAM,IAAI,MAAM,gDAAgD;AAAA,QACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,gBAAMA,WAAU,IAAI,QAAQ;AAC5B,UAAAA,SAAQ,OAAO,cAAc,GAAG,8EAA8E;AAC9G,UAAAA,SAAQ,OAAO,cAAc,GAAG,+EAA+E;AAC/G,iBAAO,IAAI,SAAS,gBAAgB,EAAC,QAAQ,KAAK,SAAAA,SAAO,CAAC;AAAA,QAC9D,OAAO;AACH,gBAAMA,WAAU,IAAI,QAAQ,IAAI,OAAO;AAEvC,UAAAA,SAAQ,OAAO,gCAAgC,SAAS,WAAW;AACnE,gBAAM,eAAe,aAAa,KAAK;AAAA,YACnC,SAAS;AAAA,cACL,SAAAA;AAAA,YACJ;AAAA,UACJ,CAAC;AACD,uBAAa,QAAQ,IAAI,0BAA0B,SAAS,aAAa,cAAc;AACvF,uBAAa,QAAQ,IAAI,2BAA2B,SAAS,cAAc,cAAc;AACzF,iBAAO;AAAA,QACX;AAAA,MACJ;AAGA,UAAI,aAAa;AACb,cAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,YAAI,MAAM;AACN,iBAAO,aAAa,KAAK;AAAA,QAC7B;AAAA,MACJ;AAGA,UAAI,cAAc;AACd,cAAM,WAAW,MAAM,sCAAsC,YAAY;AACzE,YAAI,SAAS,UAAU,cAAc;AACjC,gBAAM,IAAI,MAAM,gDAAgD;AAAA,QACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,gBAAMC,YAAW,aAAa,KAAK;AACnC,UAAAA,UAAS,QAAQ,OAAO,wBAAwB;AAChD,UAAAA,UAAS,QAAQ,OAAO,yBAAyB;AACjD,iBAAOA;AAAA,QACX,OAAO;AACH,gBAAMD,WAAU,IAAI,QAAQ,IAAI,OAAO;AAEvC,UAAAA,SAAQ,OAAO,gCAAgC,SAAS,WAAW;AACnE,gBAAM,eAAe,aAAa,KAAK;AAAA,YACnC,SAAS;AAAA,cACL,SAAAA;AAAA,YACJ;AAAA,UACJ,CAAC;AACD,uBAAa,QAAQ,IAAI,0BAA0B,SAAS,aAAa,cAAc;AACvF,uBAAa,QAAQ,IAAI,2BAA2B,SAAS,cAAc,cAAc;AACzF,iBAAO;AAAA,QACX;AAAA,MACJ;AAEA,aAAO,aAAa,KAAK;AAAA,IAC7B;AAAA;AAEA,WAAS,gBAAgB,KAAkB,EAAE,OAAO,GAAiC;AACjF,QAAI,OAAO,SAAS,SAAS;AACzB,aAAO,gBAAgB;AAAA,IAC3B,WAAW,OAAO,SAAS,UAAU;AACjC,aAAO,iBAAiB;AAAA,IAC5B,WAAW,OAAO,SAAS,YAAY;AACnC,aAAO,mBAAmB,GAAG;AAAA,IACjC,WAAW,OAAO,SAAS,YAAY;AACnC,aAAO,mBAAmB,GAAG;AAAA,IACjC,OAAO;AACH,aAAO,IAAI,SAAS,IAAI,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC3C;AAAA,EACJ;AAEA,WAAS,iBAAiB,KAAkB,EAAE,OAAO,GAAiC;AAClF,QAAI,OAAO,SAAS,UAAU;AAC1B,aAAO,kBAAkB,GAAG;AAAA,IAChC,OAAO;AACH,aAAO,IAAI,SAAS,IAAI,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC3C;AAAA,EACJ;AAEA,WAAS,kBAAkB;AACvB,UAAM,QAAQ,YAAY;AAC1B,UAAM,gBACF,gBAAgB,4CAA4C,cAAc,YAAY;AAC1F,WAAO,IAAI,SAAS,MAAM;AAAA,MACtB,QAAQ;AAAA,MACR,SAAS;AAAA,QACL,UAAU;AAAA,QACV,cAAc,GAAG,qBAAqB;AAAA,MAC1C;AAAA,IACJ,CAAC;AAAA,EACL;AAEA,WAAS,mBAAmB;AACxB,UAAM,QAAQ,YAAY;AAC1B,UAAM,gBACF,gBAAgB,4CAA4C,cAAc,YAAY,QAAQ;AAClG,WAAO,IAAI,SAAS,MAAM;AAAA,MACtB,QAAQ;AAAA,MACR,SAAS;AAAA,QACL,UAAU;AAAA,QACV,cAAc,GAAG,qBAAqB;AAAA,MAC1C;AAAA,IACJ,CAAC;AAAA,EACL;AAEA,WAAe,mBAAmB,KAAkB;AAAA;AAzNxD;AA0NQ,YAAM,cAAa,SAAI,QAAQ,IAAI,iBAAiB,MAAjC,mBAAoC;AACvD,UAAI,CAAC,cAAc,WAAW,WAAW,IAAI;AACzC,gBAAQ,IAAI,sBAAsB;AAClC,eAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAS,EAAE,UAAU,WAAW,EAAE,CAAC;AAAA,MAChF;AAEA,YAAM,cAAc,IAAI,QAAQ;AAChC,YAAM,QAAQ,YAAY,IAAI,OAAO;AACrC,YAAM,OAAO,YAAY,IAAI,MAAM;AACnC,UAAI,UAAU,YAAY;AACtB,gBAAQ,IAAI,+CAA+C;AAC3D,eAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAS,EAAE,UAAU,WAAW,EAAE,CAAC;AAAA,MAChF;AAEA,YAAM,mBAAmB;AAAA,QACrB,cAAc;AAAA,QACd;AAAA,MACJ;AACA,YAAM,MAAM,GAAG;AACf,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAC9B,QAAQ;AAAA,QACR,MAAM,KAAK,UAAU,gBAAgB;AAAA,QACrC,SAAS;AAAA,UACL,gBAAgB;AAAA,UAChB,eAAe,YAAY;AAAA,QAC/B;AAAA,MACJ,CAAC;AAED,UAAI,SAAS,IAAI;AACb,cAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,cAAM,cAAc,KAAK;AACzB,cAAM,OAAO,MAAM,oBAAoB,WAAW;AAClD,cAAM,OAAO,gBAAgB,IAAI;AACjC,YAAI,CAAC,MAAM;AACP,kBAAQ,IAAI,oCAAoC;AAChD,iBAAO,IAAI,SAAS,oBAAoB,EAAE,QAAQ,IAAI,CAAC;AAAA,QAC3D;AAEA,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ,OAAO,YAAY,IAAI;AAC/B,QAAAA,SAAQ,OAAO,cAAc,GAAG,4BAA4B,qDAAqD;AACjH,QAAAA,SAAQ,OAAO,cAAc,GAAG,6BAA6B,KAAK,uDAAuD;AACzH,eAAO,IAAI,SAAS,MAAM;AAAA,UACtB,QAAQ;AAAA,UACR,SAAAA;AAAA,QACJ,CAAC;AAAA,MACL,WAAW,SAAS,WAAW,KAAK;AAChC,eAAO,IAAI,SAAS,oBAAoB,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC3D,OAAO;AACH,eAAO,IAAI,SAAS,oBAAoB,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC3D;AAAA,IACJ;AAAA;AAEA,WAAe,mBAAmB,KAAkB;AAAA;AAhRxD;AAiRQ,YAAM,cAAc,IAAI,QAAQ,IAAI,8BAA8B,OAAK,SAAI,QAAQ,IAAI,wBAAwB,MAAxC,mBAA2C;AAClH,UAAI,aAAa;AACb,cAAM,OAAO,GAAG;AAChB,cAAM,WAAW,MAAM,MAAM,MAAM;AAAA,UAC/B,SAAS;AAAA,YACL,gBAAgB;AAAA,YAChB,iBAAiB,YAAY;AAAA,UACjC;AAAA,QACJ,CAAC;AACD,YAAI,SAAS,IAAI;AACb,gBAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,gBAAM,OAAO,IAAI;AAAA,YACb,KAAK;AAAA,YACL,KAAK;AAAA,YACL,uBAAuB,KAAK,kBAAkB;AAAA,YAC9C,KAAK;AAAA,YACL,KAAK;AAAA,YACL,KAAK;AAAA,YACL,KAAK;AAAA,YACL,KAAK;AAAA,UACT;AAEA,iBAAO,IAAI,SAAS,KAAK,UAAU,IAAI,GAAG;AAAA,YACtC,QAAQ;AAAA,YACR,SAAS;AAAA,cACL,gBAAgB;AAAA,YACpB;AAAA,UACJ,CAAC;AAAA,QACL,WAAW,SAAS,WAAW,KAAK;AAChC,iBAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,IAAI,CAAC;AAAA,QAC7C,OAAO;AACH,iBAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,IAAI,CAAC;AAAA,QAC7C;AAAA,MACJ;AACA,aAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC7C;AAAA;AAEA,WAAe,2BAA2B,OAAkC;AAAA;AACxE,YAAM,cAAc,MAAM,IAAI,QAAQ,wBAAwB;AAC9D,YAAM,eAAe,MAAM,IAAI,QAAQ,yBAAyB;AAGhE,UAAI,aAAa;AACb,cAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,YAAI,MAAM;AACN,iBAAO;AAAA,QACX;AAAA,MACJ;AAGA,UAAI,cAAc;AACd,cAAM,WAAW,MAAM,sCAAsC,YAAY;AACzE,YAAI,SAAS,UAAU,cAAc;AACjC,gBAAM,IAAI,MAAM,gDAAgD;AAAA,QACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,gBAAM,IAAI,UAAU,cAAc;AAAA,YAC9B,GAAG;AAAA,YACH,GAAG;AAAA,UACP,CAAC;AACD,iBAAO;AAAA,QACX,OAAO;AACH,gBAAM,OAAO,MAAM,oBAAoB,SAAS,WAAW;AAC3D,gBAAM,IAAI,UAAU,cAAc;AAAA,YAC9B,GAAG,4BAA4B,SAAS;AAAA,YACxC,GAAG,6BAA6B,SAAS;AAAA,UAC7C,CAAC;AACD,iBAAO;AAAA,QACX;AAAA,MACJ;AAEA,aAAO;AAAA,IACX;AAAA;AAEA,WAAe,sCAAsC,cAAqD;AAAA;AACtG,YAAM,OAAO;AAAA,QACT,eAAe;AAAA,MACnB;AACA,YAAM,MAAM,GAAG;AACf,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAC9B,QAAQ;AAAA,QACR,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,SAAS;AAAA,UACL,gBAAgB;AAAA,UAChB,eAAe,YAAY;AAAA,QAC/B;AAAA,MACJ,CAAC;AAED,UAAI,SAAS,IAAI;AACb,cAAM,OAAO,MAAM,SAAS,KAAK;AACjC,cAAM,kBAAkB,KAAK;AAC7B,cAAM;AAAA,UACF,cAAc;AAAA,UACd,oBAAoB;AAAA,QACxB,IAAI,KAAK;AAET,eAAO;AAAA,UACH,cAAc;AAAA,UACd;AAAA,UACA,OAAO;AAAA,QACX;AAAA,MACJ,WAAW,SAAS,WAAW,KAAK;AAChC,eAAO,EAAE,OAAO,eAAe;AAAA,MACnC,OAAO;AACH,eAAO,EAAE,OAAO,aAAa;AAAA,MACjC;AAAA,IACJ;AAAA;AAEA,WAAe,kBAAkB,KAAkB;AAAA;AA7XvD;AA8XQ,YAAM,iBAAgB,SAAI,QAAQ,IAAI,yBAAyB,MAAzC,mBAA4C;AAClE,UAAI,CAAC,eAAe;AAChB,cAAMA,WAAU,IAAI,QAAQ;AAC5B,QAAAA,SAAQ,OAAO,cAAc,GAAG,8EAA8E;AAC9G,QAAAA,SAAQ,OAAO,cAAc,GAAG,+EAA+E;AAC/G,eAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAAA,SAAQ,CAAC;AAAA,MACtD;AAEA,YAAM,aAAa,EAAE,cAAc;AACnC,YAAM,MAAM,GAAG;AACf,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAC9B,QAAQ;AAAA,QACR,MAAM,KAAK,UAAU,UAAU;AAAA,QAC/B,SAAS;AAAA,UACL,gBAAgB;AAAA,UAChB,eAAe,YAAY;AAAA,QAC/B;AAAA,MACJ,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AACd,gBAAQ;AAAA,UACJ;AAAA,UACA,SAAS;AAAA,UACT,SAAS;AAAA,QACb;AAAA,MACJ;AACA,YAAMA,WAAU,IAAI,QAAQ;AAC5B,MAAAA,SAAQ,OAAO,cAAc,GAAG,8EAA8E;AAC9G,MAAAA,SAAQ,OAAO,cAAc,GAAG,+EAA+E;AAC/G,aAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAAA,SAAQ,CAAC;AAAA,IACtD;AAAA;AAEA,WAAe,+BAA+B,aAA4D;AAAA;AACtG,UAAI;AACA,eAAO,MAAM,oBAAoB,WAAW;AAAA,MAChD,SAAS,KAAP;AACE,YAAI,eAAe,wBAAwB;AACvC,gBAAM;AAAA,QACV,WAAW,eAAe,uBAAuB;AAC7C,iBAAO;AAAA,QACX,OAAO;AACH,kBAAQ,IAAI,iCAAiC,GAAG;AAChD,iBAAO;AAAA,QACX;AAAA,MACJ;AAAA,IACJ;AAAA;AAEA,WAAe,oBAAoB,aAAgD;AAAA;AAC/E,UAAI;AACJ,UAAI;AACA,oBAAY,MAAM;AAAA,MACtB,SAAS,KAAP;AACE,gBAAQ,MAAM,wFAAwF,GAAG;AACzG,cAAM,IAAI,uBAAuB,sBAAsB;AAAA,MAC3D;AAEA,UAAI,CAAC,aAAa;AACd,cAAM,IAAI,sBAAsB,0BAA0B;AAAA,MAC9D;AAEA,UAAI,2BAA2B;AAC/B,UAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,mCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,MACrE;AAEA,UAAI;AACA,cAAM,EAAE,QAAQ,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,UAC1E,QAAQ;AAAA,UACR,YAAY,CAAC,OAAO;AAAA,QACxB,CAAC;AAED,eAAO,OAAqB,OAAO;AAAA,MACvC,SAAS,GAAP;AACE,YAAI,aAAa,OAAO;AACpB,gBAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,QAC7C,OAAO;AACH,gBAAM,IAAI,sBAAsB,sBAAsB;AAAA,QAC1D;AAAA,MACJ;AAAA,IACJ;AAAA;AAEA,SAAO;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACJ;AAEA,SAAS,cAAsB;AAC3B,QAAM,cAAc,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC;AAC7D,SAAO,MAAM,KAAK,WAAW,EACxB,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AAChB;;;ACheO,SAAS,gBAAgB,SAAsB;AAClD,MAAI;AACA,WAAO,IAAI,IAAI,OAAO;AAAA,EAC1B,SAAS,GAAP;AACE,YAAQ,MAAM,mBAAmB,CAAC;AAClC,UAAM,IAAI,MAAM,kCAAkC;AAAA,EACtD;AACJ;;;ACKO,SAAS,eAAe,MAA6B;AACxD,QAAM,UAAU,gBAAgB,KAAK,OAAO,EAAE;AAC9C,QAAM,kBACF,KAAK,2BACL,WAAY;AACR,WAAO;AAAA,EACX;AAEJ,SAAO,iBAAiB;AAAA,IACpB,eAAe;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,aAAa,KAAK;AAAA,IAClB,mBAAmB,KAAK;AAAA,IACxB;AAAA,EACJ,CAAC;AACL;","names":["headers","response"]}
|
1
|
+
{"version":3,"sources":["../../src/user.ts","../../src/server/exceptions.ts","../../src/server/shared.ts"],"sourcesContent":["export class User {\n public userId: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string\n ) {\n this.userId = userId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, \"-\")\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): User {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(\n JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])\n )\n }\n return new User(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n\n private userAssignedRole: string\n private userInheritedRolesPlusCurrentRole: string[]\n private userPermissions: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n return this.userAssignedRole === role\n }\n\n public isAtLeastRole(role: string): boolean {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n return this.userInheritedRolesPlusCurrentRole\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n}\nexport type InternalUser = {\n user_id: string\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): User {\n return new User(\n snake_case.user_id,\n snake_case.email,\n toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),\n snake_case.first_name,\n snake_case.last_name,\n snake_case.username,\n snake_case.legacy_user_id,\n snake_case.impersonatorUserId\n )\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions\n )\n }\n }\n\n return camelCase\n}\n","export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import {ResponseCookie} from \"next/dist/compiled/@edge-runtime/cookies\";\nimport {InternalUser, toUser, User} from \"../user\";\nimport {ConfigurationException, UnauthorizedException} from \"./exceptions\";\nimport * as jose from \"jose\";\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: \"none\"\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: \"unauthorized\"\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: \"unexpected\"\n}\n\nexport type RefreshTokenResponse =\n RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = \"/api/auth/login\"\nexport const CALLBACK_PATH = \"/api/auth/callback\"\nexport const USERINFO_PATH = \"/api/auth/userinfo\"\nexport const LOGOUT_PATH = \"/api/auth/logout\"\nexport const ACCESS_TOKEN_COOKIE_NAME = \"__pa_at\"\nexport const REFRESH_TOKEN_COOKIE_NAME = \"__pa_rt\"\nexport const STATE_COOKIE_NAME = \"__pa_state\"\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = \"x-propelauth-access-token\"\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: \"lax\",\n secure: true,\n path: \"/\",\n}\n\nexport function getAuthUrlOrigin() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error(\"NEXT_PUBLIC_AUTH_URL is not set\")\n }\n return new URL(authUrl).origin\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.REDIRECT_URI\n if (!redirectUri) {\n throw new Error(\"REDIRECT_URI is not set\")\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error(\"PROPELAUTH_API_KEY is not set\")\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.VERIFIER_KEY\n if (!verifierKey) {\n throw new Error(\"VERIFIER_KEY is not set\")\n }\n return verifierKey.replace(/\\\\n/g, \"\\n\")\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(refreshToken: string): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`\n const response = await fetch(url, {\n method: \"POST\",\n body: JSON.stringify(body),\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: \"Bearer \" + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const {\n access_token: accessToken,\n expires_at_seconds: expiresAtSeconds,\n } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: \"none\",\n }\n } else if (response.status === 400) {\n return {error: \"unauthorized\"}\n } else {\n return {error: \"unexpected\"}\n }\n}\n\nexport async function validateAccessTokenOrUndefined(accessToken: string | undefined): Promise<User | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.log(\"Error validating access token\", err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<User> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), \"RS256\")\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException(\"Invalid verifier key\")\n }\n\n if (!accessToken) {\n throw new UnauthorizedException(\"No access token provided\")\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith(\"bearer \")) {\n accessTokenWithoutBearer = accessToken.substring(\"bearer \".length)\n }\n\n try {\n const {payload} = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: [\"RS256\"],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException(\"Unable to decode jwt\")\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAO,IAAM,OAAN,MAAW;AAAA,EAed,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACF;AACE,SAAK,SAAS;AACd,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAAA,EAC9B;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAAoB;AACvC,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc;AAAA,QACxC,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC;AAAA,MAClD;AAAA,IACJ;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AACJ;AAMO,IAAM,gBAAN,MAAoB;AAAA,EAUvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AAEtB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AAAA,EAC3B;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,WAAO,KAAK,qBAAqB;AAAA,EACrC;AAAA,EAEO,cAAc,MAAuB;AACxC,WAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,EAC/D;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAA0C;AAC1C,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AA2BO,SAAS,OAAO,YAAgC;AACnD,SAAO,IAAI;AAAA,IACP,WAAW;AAAA,IACX,WAAW;AAAA,IACX,uBAAuB,WAAW,yBAAyB;AAAA,IAC3D,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,EACf;AACJ;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;AC3OO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACjBA,YAAY,UAAU;AAqCf,SAAS,mBAAmB;AAC/B,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO,EAAE;AAC5B;AAkBO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC7C;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AAoCA,SAAsB,+BAA+B,aAA4D;AAAA;AAC7G,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,IAAI,iCAAiC,GAAG;AAChD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAgD;AAAA;AACtF,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAC,QAAO,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QACxE,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;","names":[]}
|
@@ -0,0 +1,47 @@
|
|
1
|
+
import { GetServerSidePropsContext } from 'next';
|
2
|
+
|
3
|
+
declare class User {
|
4
|
+
userId: string;
|
5
|
+
orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo;
|
6
|
+
email: string;
|
7
|
+
firstName?: string;
|
8
|
+
lastName?: string;
|
9
|
+
username?: string;
|
10
|
+
legacyUserId?: string;
|
11
|
+
impersonatorUserId?: string;
|
12
|
+
constructor(userId: string, email: string, orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo, firstName?: string, lastName?: string, username?: string, legacyUserId?: string, impersonatorUserId?: string);
|
13
|
+
getOrg(orgId: string): OrgMemberInfo | undefined;
|
14
|
+
getOrgByName(orgName: string): OrgMemberInfo | undefined;
|
15
|
+
getOrgs(): OrgMemberInfo[];
|
16
|
+
isImpersonating(): boolean;
|
17
|
+
static fromJSON(json: string): User;
|
18
|
+
}
|
19
|
+
type OrgIdToOrgMemberInfo = {
|
20
|
+
[orgId: string]: OrgMemberInfo;
|
21
|
+
};
|
22
|
+
declare class OrgMemberInfo {
|
23
|
+
orgId: string;
|
24
|
+
orgName: string;
|
25
|
+
orgMetadata: {
|
26
|
+
[key: string]: any;
|
27
|
+
};
|
28
|
+
urlSafeOrgName: string;
|
29
|
+
private userAssignedRole;
|
30
|
+
private userInheritedRolesPlusCurrentRole;
|
31
|
+
private userPermissions;
|
32
|
+
constructor(orgId: string, orgName: string, orgMetadata: {
|
33
|
+
[key: string]: any;
|
34
|
+
}, urlSafeOrgName: string, userAssignedRole: string, userInheritedRolesPlusCurrentRole: string[], userPermissions: string[]);
|
35
|
+
isRole(role: string): boolean;
|
36
|
+
isAtLeastRole(role: string): boolean;
|
37
|
+
hasPermission(permission: string): boolean;
|
38
|
+
hasAllPermissions(permissions: string[]): boolean;
|
39
|
+
static fromJSON(json: string): OrgMemberInfo;
|
40
|
+
get assignedRole(): string;
|
41
|
+
get inheritedRolesPlusCurrentRole(): string[];
|
42
|
+
get permissions(): string[];
|
43
|
+
}
|
44
|
+
|
45
|
+
declare function getUserFromServerSideProps(props: GetServerSidePropsContext): Promise<User | undefined>;
|
46
|
+
|
47
|
+
export { getUserFromServerSideProps };
|
@@ -0,0 +1,356 @@
|
|
1
|
+
"use strict";
|
2
|
+
var __create = Object.create;
|
3
|
+
var __defProp = Object.defineProperty;
|
4
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
5
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
6
|
+
var __getProtoOf = Object.getPrototypeOf;
|
7
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
8
|
+
var __export = (target, all) => {
|
9
|
+
for (var name in all)
|
10
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
11
|
+
};
|
12
|
+
var __copyProps = (to, from, except, desc) => {
|
13
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
14
|
+
for (let key of __getOwnPropNames(from))
|
15
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
16
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
17
|
+
}
|
18
|
+
return to;
|
19
|
+
};
|
20
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
21
|
+
// If the importer is in node compatibility mode or this is not an ESM
|
22
|
+
// file that has been converted to a CommonJS file using a Babel-
|
23
|
+
// compatible transform (i.e. "__esModule" has not been set), then set
|
24
|
+
// "default" to the CommonJS "module.exports" for node compatibility.
|
25
|
+
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
26
|
+
mod
|
27
|
+
));
|
28
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
29
|
+
var __async = (__this, __arguments, generator) => {
|
30
|
+
return new Promise((resolve, reject) => {
|
31
|
+
var fulfilled = (value) => {
|
32
|
+
try {
|
33
|
+
step(generator.next(value));
|
34
|
+
} catch (e) {
|
35
|
+
reject(e);
|
36
|
+
}
|
37
|
+
};
|
38
|
+
var rejected = (value) => {
|
39
|
+
try {
|
40
|
+
step(generator.throw(value));
|
41
|
+
} catch (e) {
|
42
|
+
reject(e);
|
43
|
+
}
|
44
|
+
};
|
45
|
+
var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
|
46
|
+
step((generator = generator.apply(__this, __arguments)).next());
|
47
|
+
});
|
48
|
+
};
|
49
|
+
|
50
|
+
// src/server/pages-index.ts
|
51
|
+
var pages_index_exports = {};
|
52
|
+
__export(pages_index_exports, {
|
53
|
+
getUserFromServerSideProps: () => getUserFromServerSideProps
|
54
|
+
});
|
55
|
+
module.exports = __toCommonJS(pages_index_exports);
|
56
|
+
|
57
|
+
// src/user.ts
|
58
|
+
var User = class {
|
59
|
+
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId) {
|
60
|
+
this.userId = userId;
|
61
|
+
this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
|
62
|
+
this.email = email;
|
63
|
+
this.firstName = firstName;
|
64
|
+
this.lastName = lastName;
|
65
|
+
this.username = username;
|
66
|
+
this.legacyUserId = legacyUserId;
|
67
|
+
this.impersonatorUserId = impersonatorUserId;
|
68
|
+
}
|
69
|
+
getOrg(orgId) {
|
70
|
+
if (!this.orgIdToOrgMemberInfo) {
|
71
|
+
return void 0;
|
72
|
+
}
|
73
|
+
return this.orgIdToOrgMemberInfo[orgId];
|
74
|
+
}
|
75
|
+
getOrgByName(orgName) {
|
76
|
+
if (!this.orgIdToOrgMemberInfo) {
|
77
|
+
return void 0;
|
78
|
+
}
|
79
|
+
const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, "-");
|
80
|
+
for (const orgId in this.orgIdToOrgMemberInfo) {
|
81
|
+
const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId];
|
82
|
+
if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {
|
83
|
+
return orgMemberInfo;
|
84
|
+
}
|
85
|
+
}
|
86
|
+
return void 0;
|
87
|
+
}
|
88
|
+
getOrgs() {
|
89
|
+
if (!this.orgIdToOrgMemberInfo) {
|
90
|
+
return [];
|
91
|
+
}
|
92
|
+
return Object.values(this.orgIdToOrgMemberInfo);
|
93
|
+
}
|
94
|
+
isImpersonating() {
|
95
|
+
return !!this.impersonatorUserId;
|
96
|
+
}
|
97
|
+
static fromJSON(json) {
|
98
|
+
const obj = JSON.parse(json);
|
99
|
+
const orgIdToOrgMemberInfo = {};
|
100
|
+
for (const orgId in obj.orgIdToOrgMemberInfo) {
|
101
|
+
orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
|
102
|
+
JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
|
103
|
+
);
|
104
|
+
}
|
105
|
+
return new User(
|
106
|
+
obj.userId,
|
107
|
+
obj.email,
|
108
|
+
orgIdToOrgMemberInfo,
|
109
|
+
obj.firstName,
|
110
|
+
obj.lastName,
|
111
|
+
obj.username,
|
112
|
+
obj.legacyUserId,
|
113
|
+
obj.impersonatorUserId
|
114
|
+
);
|
115
|
+
}
|
116
|
+
};
|
117
|
+
var OrgMemberInfo = class {
|
118
|
+
constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
|
119
|
+
this.orgId = orgId;
|
120
|
+
this.orgName = orgName;
|
121
|
+
this.orgMetadata = orgMetadata;
|
122
|
+
this.urlSafeOrgName = urlSafeOrgName;
|
123
|
+
this.userAssignedRole = userAssignedRole;
|
124
|
+
this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole;
|
125
|
+
this.userPermissions = userPermissions;
|
126
|
+
}
|
127
|
+
// validation methods
|
128
|
+
isRole(role) {
|
129
|
+
return this.userAssignedRole === role;
|
130
|
+
}
|
131
|
+
isAtLeastRole(role) {
|
132
|
+
return this.userInheritedRolesPlusCurrentRole.includes(role);
|
133
|
+
}
|
134
|
+
hasPermission(permission) {
|
135
|
+
return this.userPermissions.includes(permission);
|
136
|
+
}
|
137
|
+
hasAllPermissions(permissions) {
|
138
|
+
return permissions.every((permission) => this.hasPermission(permission));
|
139
|
+
}
|
140
|
+
static fromJSON(json) {
|
141
|
+
const obj = JSON.parse(json);
|
142
|
+
return new OrgMemberInfo(
|
143
|
+
obj.orgId,
|
144
|
+
obj.orgName,
|
145
|
+
obj.orgMetadata,
|
146
|
+
obj.urlSafeOrgName,
|
147
|
+
obj.userAssignedRole,
|
148
|
+
obj.userInheritedRolesPlusCurrentRole,
|
149
|
+
obj.userPermissions
|
150
|
+
);
|
151
|
+
}
|
152
|
+
// getters for the private fields
|
153
|
+
get assignedRole() {
|
154
|
+
return this.userAssignedRole;
|
155
|
+
}
|
156
|
+
get inheritedRolesPlusCurrentRole() {
|
157
|
+
return this.userInheritedRolesPlusCurrentRole;
|
158
|
+
}
|
159
|
+
get permissions() {
|
160
|
+
return this.userPermissions;
|
161
|
+
}
|
162
|
+
};
|
163
|
+
function toUser(snake_case) {
|
164
|
+
return new User(
|
165
|
+
snake_case.user_id,
|
166
|
+
snake_case.email,
|
167
|
+
toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
|
168
|
+
snake_case.first_name,
|
169
|
+
snake_case.last_name,
|
170
|
+
snake_case.username,
|
171
|
+
snake_case.legacy_user_id,
|
172
|
+
snake_case.impersonatorUserId
|
173
|
+
);
|
174
|
+
}
|
175
|
+
function toOrgIdToOrgMemberInfo(snake_case) {
|
176
|
+
if (snake_case === void 0) {
|
177
|
+
return void 0;
|
178
|
+
}
|
179
|
+
const camelCase = {};
|
180
|
+
for (const key of Object.keys(snake_case)) {
|
181
|
+
const snakeCaseValue = snake_case[key];
|
182
|
+
if (snakeCaseValue) {
|
183
|
+
camelCase[key] = new OrgMemberInfo(
|
184
|
+
snakeCaseValue.org_id,
|
185
|
+
snakeCaseValue.org_name,
|
186
|
+
snakeCaseValue.org_metadata,
|
187
|
+
snakeCaseValue.url_safe_org_name,
|
188
|
+
snakeCaseValue.user_role,
|
189
|
+
snakeCaseValue.inherited_user_roles_plus_current_role,
|
190
|
+
snakeCaseValue.user_permissions
|
191
|
+
);
|
192
|
+
}
|
193
|
+
}
|
194
|
+
return camelCase;
|
195
|
+
}
|
196
|
+
|
197
|
+
// src/server/exceptions.ts
|
198
|
+
var UnauthorizedException = class extends Error {
|
199
|
+
constructor(message) {
|
200
|
+
super(message);
|
201
|
+
this.message = message;
|
202
|
+
this.status = 401;
|
203
|
+
}
|
204
|
+
};
|
205
|
+
var ConfigurationException = class extends Error {
|
206
|
+
constructor(message) {
|
207
|
+
super(message);
|
208
|
+
this.message = message;
|
209
|
+
this.status = 500;
|
210
|
+
}
|
211
|
+
};
|
212
|
+
|
213
|
+
// src/server/shared.ts
|
214
|
+
var jose = __toESM(require("jose"));
|
215
|
+
var ACCESS_TOKEN_COOKIE_NAME = "__pa_at";
|
216
|
+
var REFRESH_TOKEN_COOKIE_NAME = "__pa_rt";
|
217
|
+
function getAuthUrlOrigin() {
|
218
|
+
const authUrl = process.env.NEXT_PUBLIC_AUTH_URL;
|
219
|
+
if (!authUrl) {
|
220
|
+
throw new Error("NEXT_PUBLIC_AUTH_URL is not set");
|
221
|
+
}
|
222
|
+
return new URL(authUrl).origin;
|
223
|
+
}
|
224
|
+
function getIntegrationApiKey() {
|
225
|
+
const integrationApiKey = process.env.PROPELAUTH_API_KEY;
|
226
|
+
if (!integrationApiKey) {
|
227
|
+
throw new Error("PROPELAUTH_API_KEY is not set");
|
228
|
+
}
|
229
|
+
return integrationApiKey;
|
230
|
+
}
|
231
|
+
function getVerifierKey() {
|
232
|
+
const verifierKey = process.env.VERIFIER_KEY;
|
233
|
+
if (!verifierKey) {
|
234
|
+
throw new Error("VERIFIER_KEY is not set");
|
235
|
+
}
|
236
|
+
return verifierKey.replace(/\\n/g, "\n");
|
237
|
+
}
|
238
|
+
function refreshTokenWithAccessAndRefreshToken(refreshToken) {
|
239
|
+
return __async(this, null, function* () {
|
240
|
+
const body = {
|
241
|
+
refresh_token: refreshToken
|
242
|
+
};
|
243
|
+
const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
|
244
|
+
const response = yield fetch(url, {
|
245
|
+
method: "POST",
|
246
|
+
body: JSON.stringify(body),
|
247
|
+
headers: {
|
248
|
+
"Content-Type": "application/json",
|
249
|
+
Authorization: "Bearer " + getIntegrationApiKey()
|
250
|
+
}
|
251
|
+
});
|
252
|
+
if (response.ok) {
|
253
|
+
const data = yield response.json();
|
254
|
+
const newRefreshToken = data.refresh_token;
|
255
|
+
const {
|
256
|
+
access_token: accessToken,
|
257
|
+
expires_at_seconds: expiresAtSeconds
|
258
|
+
} = data.access_token;
|
259
|
+
return {
|
260
|
+
refreshToken: newRefreshToken,
|
261
|
+
accessToken,
|
262
|
+
error: "none"
|
263
|
+
};
|
264
|
+
} else if (response.status === 400) {
|
265
|
+
return { error: "unauthorized" };
|
266
|
+
} else {
|
267
|
+
return { error: "unexpected" };
|
268
|
+
}
|
269
|
+
});
|
270
|
+
}
|
271
|
+
function validateAccessTokenOrUndefined(accessToken) {
|
272
|
+
return __async(this, null, function* () {
|
273
|
+
try {
|
274
|
+
return yield validateAccessToken(accessToken);
|
275
|
+
} catch (err) {
|
276
|
+
if (err instanceof ConfigurationException) {
|
277
|
+
throw err;
|
278
|
+
} else if (err instanceof UnauthorizedException) {
|
279
|
+
return void 0;
|
280
|
+
} else {
|
281
|
+
console.log("Error validating access token", err);
|
282
|
+
return void 0;
|
283
|
+
}
|
284
|
+
}
|
285
|
+
});
|
286
|
+
}
|
287
|
+
function validateAccessToken(accessToken) {
|
288
|
+
return __async(this, null, function* () {
|
289
|
+
let publicKey;
|
290
|
+
try {
|
291
|
+
publicKey = yield jose.importSPKI(getVerifierKey(), "RS256");
|
292
|
+
} catch (err) {
|
293
|
+
console.error("Verifier key is invalid. Make sure it's specified correctly, including the newlines.", err);
|
294
|
+
throw new ConfigurationException("Invalid verifier key");
|
295
|
+
}
|
296
|
+
if (!accessToken) {
|
297
|
+
throw new UnauthorizedException("No access token provided");
|
298
|
+
}
|
299
|
+
let accessTokenWithoutBearer = accessToken;
|
300
|
+
if (accessToken.toLowerCase().startsWith("bearer ")) {
|
301
|
+
accessTokenWithoutBearer = accessToken.substring("bearer ".length);
|
302
|
+
}
|
303
|
+
try {
|
304
|
+
const { payload } = yield jose.jwtVerify(accessTokenWithoutBearer, publicKey, {
|
305
|
+
issuer: getAuthUrlOrigin(),
|
306
|
+
algorithms: ["RS256"]
|
307
|
+
});
|
308
|
+
return toUser(payload);
|
309
|
+
} catch (e) {
|
310
|
+
if (e instanceof Error) {
|
311
|
+
throw new UnauthorizedException(e.message);
|
312
|
+
} else {
|
313
|
+
throw new UnauthorizedException("Unable to decode jwt");
|
314
|
+
}
|
315
|
+
}
|
316
|
+
});
|
317
|
+
}
|
318
|
+
|
319
|
+
// src/server/pages.ts
|
320
|
+
function getUserFromServerSideProps(props) {
|
321
|
+
return __async(this, null, function* () {
|
322
|
+
const accessToken = props.req.cookies[ACCESS_TOKEN_COOKIE_NAME];
|
323
|
+
const refreshToken = props.req.cookies[REFRESH_TOKEN_COOKIE_NAME];
|
324
|
+
if (accessToken) {
|
325
|
+
const user = yield validateAccessTokenOrUndefined(accessToken);
|
326
|
+
if (user) {
|
327
|
+
return user;
|
328
|
+
}
|
329
|
+
}
|
330
|
+
if (refreshToken) {
|
331
|
+
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
|
332
|
+
if (response.error === "unexpected") {
|
333
|
+
throw new Error("Unexpected error while refreshing access token");
|
334
|
+
} else if (response.error === "unauthorized") {
|
335
|
+
props.res.setHeader("Set-Cookie", [
|
336
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,
|
337
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
338
|
+
]);
|
339
|
+
return void 0;
|
340
|
+
} else {
|
341
|
+
const user = yield validateAccessToken(response.accessToken);
|
342
|
+
props.res.setHeader("Set-Cookie", [
|
343
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,
|
344
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
345
|
+
]);
|
346
|
+
return user;
|
347
|
+
}
|
348
|
+
}
|
349
|
+
return void 0;
|
350
|
+
});
|
351
|
+
}
|
352
|
+
// Annotate the CommonJS export names for ESM import in node:
|
353
|
+
0 && (module.exports = {
|
354
|
+
getUserFromServerSideProps
|
355
|
+
});
|
356
|
+
//# sourceMappingURL=index.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"sources":["../../../src/server/pages-index.ts","../../../src/user.ts","../../../src/server/exceptions.ts","../../../src/server/shared.ts","../../../src/server/pages.ts"],"sourcesContent":["export {getUserFromServerSideProps} from \"./pages\"","export class User {\n public userId: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string\n ) {\n this.userId = userId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, \"-\")\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): User {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(\n JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])\n )\n }\n return new User(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n\n private userAssignedRole: string\n private userInheritedRolesPlusCurrentRole: string[]\n private userPermissions: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n return this.userAssignedRole === role\n }\n\n public isAtLeastRole(role: string): boolean {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n return this.userInheritedRolesPlusCurrentRole\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n}\nexport type InternalUser = {\n user_id: string\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): User {\n return new User(\n snake_case.user_id,\n snake_case.email,\n toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),\n snake_case.first_name,\n snake_case.last_name,\n snake_case.username,\n snake_case.legacy_user_id,\n snake_case.impersonatorUserId\n )\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions\n )\n }\n }\n\n return camelCase\n}\n","export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import {ResponseCookie} from \"next/dist/compiled/@edge-runtime/cookies\";\nimport {InternalUser, toUser, User} from \"../user\";\nimport {ConfigurationException, UnauthorizedException} from \"./exceptions\";\nimport * as jose from \"jose\";\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: \"none\"\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: \"unauthorized\"\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: \"unexpected\"\n}\n\nexport type RefreshTokenResponse =\n RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = \"/api/auth/login\"\nexport const CALLBACK_PATH = \"/api/auth/callback\"\nexport const USERINFO_PATH = \"/api/auth/userinfo\"\nexport const LOGOUT_PATH = \"/api/auth/logout\"\nexport const ACCESS_TOKEN_COOKIE_NAME = \"__pa_at\"\nexport const REFRESH_TOKEN_COOKIE_NAME = \"__pa_rt\"\nexport const STATE_COOKIE_NAME = \"__pa_state\"\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = \"x-propelauth-access-token\"\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: \"lax\",\n secure: true,\n path: \"/\",\n}\n\nexport function getAuthUrlOrigin() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error(\"NEXT_PUBLIC_AUTH_URL is not set\")\n }\n return new URL(authUrl).origin\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.REDIRECT_URI\n if (!redirectUri) {\n throw new Error(\"REDIRECT_URI is not set\")\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error(\"PROPELAUTH_API_KEY is not set\")\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.VERIFIER_KEY\n if (!verifierKey) {\n throw new Error(\"VERIFIER_KEY is not set\")\n }\n return verifierKey.replace(/\\\\n/g, \"\\n\")\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(refreshToken: string): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`\n const response = await fetch(url, {\n method: \"POST\",\n body: JSON.stringify(body),\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: \"Bearer \" + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const {\n access_token: accessToken,\n expires_at_seconds: expiresAtSeconds,\n } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: \"none\",\n }\n } else if (response.status === 400) {\n return {error: \"unauthorized\"}\n } else {\n return {error: \"unexpected\"}\n }\n}\n\nexport async function validateAccessTokenOrUndefined(accessToken: string | undefined): Promise<User | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.log(\"Error validating access token\", err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<User> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), \"RS256\")\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException(\"Invalid verifier key\")\n }\n\n if (!accessToken) {\n throw new UnauthorizedException(\"No access token provided\")\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith(\"bearer \")) {\n accessTokenWithoutBearer = accessToken.substring(\"bearer \".length)\n }\n\n try {\n const {payload} = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: [\"RS256\"],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException(\"Unable to decode jwt\")\n }\n }\n}\n","import {GetServerSidePropsContext} from \"next\";\nimport {\n ACCESS_TOKEN_COOKIE_NAME,\n REFRESH_TOKEN_COOKIE_NAME,\n refreshTokenWithAccessAndRefreshToken, validateAccessToken,\n validateAccessTokenOrUndefined\n} from \"./shared\";\n\nexport async function getUserFromServerSideProps(props: GetServerSidePropsContext) {\n const accessToken = props.req.cookies[ACCESS_TOKEN_COOKIE_NAME]\n const refreshToken = props.req.cookies[REFRESH_TOKEN_COOKIE_NAME]\n\n // If we are authenticated, we can continue\n if (accessToken) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return user\n }\n }\n\n // Otherwise, we need to refresh the access token\n if (refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken)\n if (response.error === \"unexpected\") {\n throw new Error(\"Unexpected error while refreshing access token\")\n } else if (response.error === \"unauthorized\") {\n props.res.setHeader(\"Set-Cookie\", [\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n ])\n return undefined\n } else {\n const user = await validateAccessToken(response.accessToken)\n props.res.setHeader(\"Set-Cookie\", [\n `${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n `${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n ])\n return user\n }\n }\n\n return undefined\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAO,IAAM,OAAN,MAAW;AAAA,EAed,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACF;AACE,SAAK,SAAS;AACd,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAAA,EAC9B;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAAoB;AACvC,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc;AAAA,QACxC,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC;AAAA,MAClD;AAAA,IACJ;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AACJ;AAMO,IAAM,gBAAN,MAAoB;AAAA,EAUvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AAEtB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AAAA,EAC3B;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,WAAO,KAAK,qBAAqB;AAAA,EACrC;AAAA,EAEO,cAAc,MAAuB;AACxC,WAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,EAC/D;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAA0C;AAC1C,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AA2BO,SAAS,OAAO,YAAgC;AACnD,SAAO,IAAI;AAAA,IACP,WAAW;AAAA,IACX,WAAW;AAAA,IACX,uBAAuB,WAAW,yBAAyB;AAAA,IAC3D,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,EACf;AACJ;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;AC3OO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACjBA,WAAsB;AAyBf,IAAM,2BAA2B;AACjC,IAAM,4BAA4B;AAWlC,SAAS,mBAAmB;AAC/B,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO,EAAE;AAC5B;AAUO,SAAS,uBAAuB;AACnC,QAAM,oBAAoB,QAAQ,IAAI;AACtC,MAAI,CAAC,mBAAmB;AACpB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AACA,SAAO;AACX;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC7C;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AAEA,SAAsB,sCAAsC,cAAqD;AAAA;AAC7G,UAAM,OAAO;AAAA,MACT,eAAe;AAAA,IACnB;AACA,UAAM,MAAM,GAAG,iBAAiB;AAChC,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAC9B,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,gBAAgB;AAAA,QAChB,eAAe,YAAY,qBAAqB;AAAA,MACpD;AAAA,IACJ,CAAC;AAED,QAAI,SAAS,IAAI;AACb,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,kBAAkB,KAAK;AAC7B,YAAM;AAAA,QACF,cAAc;AAAA,QACd,oBAAoB;AAAA,MACxB,IAAI,KAAK;AAET,aAAO;AAAA,QACH,cAAc;AAAA,QACd;AAAA,QACA,OAAO;AAAA,MACX;AAAA,IACJ,WAAW,SAAS,WAAW,KAAK;AAChC,aAAO,EAAC,OAAO,eAAc;AAAA,IACjC,OAAO;AACH,aAAO,EAAC,OAAO,aAAY;AAAA,IAC/B;AAAA,EACJ;AAAA;AAEA,SAAsB,+BAA+B,aAA4D;AAAA;AAC7G,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,IAAI,iCAAiC,GAAG;AAChD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAgD;AAAA;AACtF,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAC,QAAO,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QACxE,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;;;ACjJA,SAAsB,2BAA2B,OAAkC;AAAA;AAC/E,UAAM,cAAc,MAAM,IAAI,QAAQ,wBAAwB;AAC9D,UAAM,eAAe,MAAM,IAAI,QAAQ,yBAAyB;AAGhE,QAAI,aAAa;AACb,YAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,UAAI,MAAM;AACN,eAAO;AAAA,MACX;AAAA,IACJ;AAGA,QAAI,cAAc;AACd,YAAM,WAAW,MAAM,sCAAsC,YAAY;AACzE,UAAI,SAAS,UAAU,cAAc;AACjC,cAAM,IAAI,MAAM,gDAAgD;AAAA,MACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,cAAM,IAAI,UAAU,cAAc;AAAA,UAC9B,GAAG;AAAA,UACH,GAAG;AAAA,QACP,CAAC;AACD,eAAO;AAAA,MACX,OAAO;AACH,cAAM,OAAO,MAAM,oBAAoB,SAAS,WAAW;AAC3D,cAAM,IAAI,UAAU,cAAc;AAAA,UAC9B,GAAG,4BAA4B,SAAS;AAAA,UACxC,GAAG,6BAA6B,SAAS;AAAA,QAC7C,CAAC;AACD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA;","names":[]}
|