@propelauth/nextjs 0.1.7 → 0.1.8
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/server/app-router/index.js +98 -40
- package/dist/server/app-router/index.js.map +1 -1
- package/dist/server/app-router/index.mjs +100 -40
- package/dist/server/app-router/index.mjs.map +1 -1
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs.map +1 -1
- package/dist/server/pages/index.js +26 -8
- package/dist/server/pages/index.js.map +1 -1
- package/dist/server/pages/index.mjs +26 -8
- package/dist/server/pages/index.mjs.map +1 -1
- package/package.json +1 -1
|
@@ -1,3 +1,22 @@
|
|
|
1
|
+
var __defProp = Object.defineProperty;
|
|
2
|
+
var __defProps = Object.defineProperties;
|
|
3
|
+
var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
|
|
4
|
+
var __getOwnPropSymbols = Object.getOwnPropertySymbols;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __propIsEnum = Object.prototype.propertyIsEnumerable;
|
|
7
|
+
var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
8
|
+
var __spreadValues = (a, b) => {
|
|
9
|
+
for (var prop in b || (b = {}))
|
|
10
|
+
if (__hasOwnProp.call(b, prop))
|
|
11
|
+
__defNormalProp(a, prop, b[prop]);
|
|
12
|
+
if (__getOwnPropSymbols)
|
|
13
|
+
for (var prop of __getOwnPropSymbols(b)) {
|
|
14
|
+
if (__propIsEnum.call(b, prop))
|
|
15
|
+
__defNormalProp(a, prop, b[prop]);
|
|
16
|
+
}
|
|
17
|
+
return a;
|
|
18
|
+
};
|
|
19
|
+
var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
|
|
1
20
|
var __async = (__this, __arguments, generator) => {
|
|
2
21
|
return new Promise((resolve, reject) => {
|
|
3
22
|
var fulfilled = (value) => {
|
|
@@ -274,7 +293,6 @@ var CUSTOM_HEADER_FOR_PATH = "x-propelauth-current-path";
|
|
|
274
293
|
var RETURN_TO_PATH_COOKIE_NAME = "__pa_return_to_path";
|
|
275
294
|
var COOKIE_OPTIONS = {
|
|
276
295
|
httpOnly: true,
|
|
277
|
-
sameSite: "lax",
|
|
278
296
|
secure: true,
|
|
279
297
|
path: "/"
|
|
280
298
|
};
|
|
@@ -309,6 +327,22 @@ function getVerifierKey() {
|
|
|
309
327
|
}
|
|
310
328
|
return verifierKey.replace(/\\n/g, "\n");
|
|
311
329
|
}
|
|
330
|
+
function getSameSiteCookieValue() {
|
|
331
|
+
const sameSiteOverride = process.env.PROPELAUTH_SAME_SITE_COOKIE_OVERRIDE;
|
|
332
|
+
if (sameSiteOverride === "none") {
|
|
333
|
+
return "none";
|
|
334
|
+
} else if (sameSiteOverride === "lax") {
|
|
335
|
+
return "lax";
|
|
336
|
+
} else if (sameSiteOverride === "strict") {
|
|
337
|
+
return "strict";
|
|
338
|
+
} else if (sameSiteOverride) {
|
|
339
|
+
throw new Error(
|
|
340
|
+
'Invalid value for PROPELAUTH_SAME_SITE_COOKIE_OVERRIDE, must be one of "none", "lax", or "strict"'
|
|
341
|
+
);
|
|
342
|
+
} else {
|
|
343
|
+
return "lax";
|
|
344
|
+
}
|
|
345
|
+
}
|
|
312
346
|
function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
|
|
313
347
|
return __async(this, null, function* () {
|
|
314
348
|
const body = {
|
|
@@ -448,9 +482,10 @@ function authMiddleware(req) {
|
|
|
448
482
|
response2.cookies.delete(REFRESH_TOKEN_COOKIE_NAME);
|
|
449
483
|
return response2;
|
|
450
484
|
} else {
|
|
485
|
+
const sameSite = getSameSiteCookieValue();
|
|
451
486
|
const nextResponse = getNextResponse(req, response.accessToken);
|
|
452
|
-
nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS);
|
|
453
|
-
nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS);
|
|
487
|
+
nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, __spreadProps(__spreadValues({}, COOKIE_OPTIONS), { sameSite }));
|
|
488
|
+
nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, __spreadProps(__spreadValues({}, COOKIE_OPTIONS), { sameSite }));
|
|
454
489
|
return nextResponse;
|
|
455
490
|
}
|
|
456
491
|
}
|
|
@@ -481,6 +516,7 @@ function getRouteHandlers(args) {
|
|
|
481
516
|
const returnToPath = req.nextUrl.searchParams.get("return_to_path");
|
|
482
517
|
const state = randomState();
|
|
483
518
|
const redirectUri = getRedirectUri();
|
|
519
|
+
const sameSite = getSameSiteCookieValue();
|
|
484
520
|
const authorizeUrlSearchParams = new URLSearchParams({
|
|
485
521
|
redirect_uri: redirectUri,
|
|
486
522
|
state,
|
|
@@ -489,12 +525,12 @@ function getRouteHandlers(args) {
|
|
|
489
525
|
const authorize_url = getAuthUrlOrigin() + "/propelauth/ssr/authorize?" + authorizeUrlSearchParams.toString();
|
|
490
526
|
const headers2 = new Headers();
|
|
491
527
|
headers2.append("Location", authorize_url);
|
|
492
|
-
headers2.append("Set-Cookie", `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite
|
|
528
|
+
headers2.append("Set-Cookie", `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`);
|
|
493
529
|
if (returnToPath) {
|
|
494
530
|
if (returnToPath.startsWith("/")) {
|
|
495
531
|
headers2.append(
|
|
496
532
|
"Set-Cookie",
|
|
497
|
-
`${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite
|
|
533
|
+
`${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=600`
|
|
498
534
|
);
|
|
499
535
|
} else {
|
|
500
536
|
console.warn("return_to_path must start with /");
|
|
@@ -508,6 +544,7 @@ function getRouteHandlers(args) {
|
|
|
508
544
|
function callbackGetHandler(req) {
|
|
509
545
|
return __async(this, null, function* () {
|
|
510
546
|
var _a, _b, _c;
|
|
547
|
+
const sameSite = getSameSiteCookieValue();
|
|
511
548
|
const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
512
549
|
if (!oauthState || oauthState.length !== 64) {
|
|
513
550
|
return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
|
|
@@ -566,15 +603,15 @@ function getRouteHandlers(args) {
|
|
|
566
603
|
headers3.append("Location", returnToPath);
|
|
567
604
|
headers3.append(
|
|
568
605
|
"Set-Cookie",
|
|
569
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite
|
|
606
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
570
607
|
);
|
|
571
608
|
headers3.append(
|
|
572
609
|
"Set-Cookie",
|
|
573
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite
|
|
610
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
574
611
|
);
|
|
575
612
|
headers3.append(
|
|
576
613
|
"Set-Cookie",
|
|
577
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite
|
|
614
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
578
615
|
);
|
|
579
616
|
headers3.append("Set-Cookie", getCookieForReturnToPathInCallback(returnToPathFromCookie));
|
|
580
617
|
return new Response(null, {
|
|
@@ -587,15 +624,15 @@ function getRouteHandlers(args) {
|
|
|
587
624
|
headers2.append("Location", returnToPath);
|
|
588
625
|
headers2.append(
|
|
589
626
|
"Set-Cookie",
|
|
590
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite
|
|
627
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
591
628
|
);
|
|
592
629
|
headers2.append(
|
|
593
630
|
"Set-Cookie",
|
|
594
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite
|
|
631
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
595
632
|
);
|
|
596
633
|
headers2.append(
|
|
597
634
|
"Set-Cookie",
|
|
598
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
635
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
599
636
|
);
|
|
600
637
|
headers2.append("Set-Cookie", getCookieForReturnToPathInCallback(returnToPathFromCookie));
|
|
601
638
|
return new Response(null, {
|
|
@@ -617,6 +654,7 @@ function getRouteHandlers(args) {
|
|
|
617
654
|
var _a, _b;
|
|
618
655
|
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
619
656
|
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
|
|
657
|
+
const sameSite = getSameSiteCookieValue();
|
|
620
658
|
if (oldRefreshToken) {
|
|
621
659
|
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
|
|
622
660
|
if (refreshResponse.error === "unexpected") {
|
|
@@ -625,15 +663,15 @@ function getRouteHandlers(args) {
|
|
|
625
663
|
const headers3 = new Headers();
|
|
626
664
|
headers3.append(
|
|
627
665
|
"Set-Cookie",
|
|
628
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
666
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
629
667
|
);
|
|
630
668
|
headers3.append(
|
|
631
669
|
"Set-Cookie",
|
|
632
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
670
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
633
671
|
);
|
|
634
672
|
headers3.append(
|
|
635
673
|
"Set-Cookie",
|
|
636
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
674
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
637
675
|
);
|
|
638
676
|
return new Response("Unauthorized", { status: 401, headers: headers3 });
|
|
639
677
|
}
|
|
@@ -659,11 +697,11 @@ function getRouteHandlers(args) {
|
|
|
659
697
|
const headers3 = new Headers();
|
|
660
698
|
headers3.append(
|
|
661
699
|
"Set-Cookie",
|
|
662
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite
|
|
700
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
663
701
|
);
|
|
664
702
|
headers3.append(
|
|
665
703
|
"Set-Cookie",
|
|
666
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite
|
|
704
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
667
705
|
);
|
|
668
706
|
headers3.append("Content-Type", "application/json");
|
|
669
707
|
return new Response(JSON.stringify(jsonResponse), {
|
|
@@ -674,15 +712,15 @@ function getRouteHandlers(args) {
|
|
|
674
712
|
const headers3 = new Headers();
|
|
675
713
|
headers3.append(
|
|
676
714
|
"Set-Cookie",
|
|
677
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
715
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
678
716
|
);
|
|
679
717
|
headers3.append(
|
|
680
718
|
"Set-Cookie",
|
|
681
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
719
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
682
720
|
);
|
|
683
721
|
headers3.append(
|
|
684
722
|
"Set-Cookie",
|
|
685
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
723
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
686
724
|
);
|
|
687
725
|
return new Response(null, {
|
|
688
726
|
status: 401,
|
|
@@ -693,9 +731,18 @@ function getRouteHandlers(args) {
|
|
|
693
731
|
}
|
|
694
732
|
}
|
|
695
733
|
const headers2 = new Headers();
|
|
696
|
-
headers2.append(
|
|
697
|
-
|
|
698
|
-
|
|
734
|
+
headers2.append(
|
|
735
|
+
"Set-Cookie",
|
|
736
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
737
|
+
);
|
|
738
|
+
headers2.append(
|
|
739
|
+
"Set-Cookie",
|
|
740
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
741
|
+
);
|
|
742
|
+
headers2.append(
|
|
743
|
+
"Set-Cookie",
|
|
744
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
745
|
+
);
|
|
699
746
|
return new Response(null, { status: 401 });
|
|
700
747
|
});
|
|
701
748
|
}
|
|
@@ -707,21 +754,22 @@ function getRouteHandlers(args) {
|
|
|
707
754
|
console.error("postLoginPathFn returned undefined");
|
|
708
755
|
return new Response("Unexpected error", { status: 500 });
|
|
709
756
|
}
|
|
757
|
+
const sameSite = getSameSiteCookieValue();
|
|
710
758
|
const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
711
759
|
if (!refreshToken) {
|
|
712
760
|
const headers2 = new Headers();
|
|
713
761
|
headers2.append("Location", path);
|
|
714
762
|
headers2.append(
|
|
715
763
|
"Set-Cookie",
|
|
716
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
764
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
717
765
|
);
|
|
718
766
|
headers2.append(
|
|
719
767
|
"Set-Cookie",
|
|
720
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
768
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
721
769
|
);
|
|
722
770
|
headers2.append(
|
|
723
771
|
"Set-Cookie",
|
|
724
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
772
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
725
773
|
);
|
|
726
774
|
return new Response(null, {
|
|
727
775
|
status: 302,
|
|
@@ -738,15 +786,15 @@ function getRouteHandlers(args) {
|
|
|
738
786
|
headers2.append("Location", path);
|
|
739
787
|
headers2.append(
|
|
740
788
|
"Set-Cookie",
|
|
741
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
789
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
742
790
|
);
|
|
743
791
|
headers2.append(
|
|
744
792
|
"Set-Cookie",
|
|
745
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
793
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
746
794
|
);
|
|
747
795
|
headers2.append(
|
|
748
796
|
"Set-Cookie",
|
|
749
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
797
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
750
798
|
);
|
|
751
799
|
return new Response(null, {
|
|
752
800
|
status: 302,
|
|
@@ -765,20 +813,21 @@ function getRouteHandlers(args) {
|
|
|
765
813
|
function logoutPostHandler(req) {
|
|
766
814
|
return __async(this, null, function* () {
|
|
767
815
|
var _a;
|
|
816
|
+
const sameSite = getSameSiteCookieValue();
|
|
768
817
|
const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
769
818
|
if (!refreshToken) {
|
|
770
819
|
const headers3 = new Headers();
|
|
771
820
|
headers3.append(
|
|
772
821
|
"Set-Cookie",
|
|
773
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
822
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
774
823
|
);
|
|
775
824
|
headers3.append(
|
|
776
825
|
"Set-Cookie",
|
|
777
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
826
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
778
827
|
);
|
|
779
828
|
headers3.append(
|
|
780
829
|
"Set-Cookie",
|
|
781
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
830
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
782
831
|
);
|
|
783
832
|
return new Response(null, { status: 200, headers: headers3 });
|
|
784
833
|
}
|
|
@@ -802,9 +851,18 @@ function getRouteHandlers(args) {
|
|
|
802
851
|
);
|
|
803
852
|
}
|
|
804
853
|
const headers2 = new Headers();
|
|
805
|
-
headers2.append(
|
|
806
|
-
|
|
807
|
-
|
|
854
|
+
headers2.append(
|
|
855
|
+
"Set-Cookie",
|
|
856
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
857
|
+
);
|
|
858
|
+
headers2.append(
|
|
859
|
+
"Set-Cookie",
|
|
860
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
861
|
+
);
|
|
862
|
+
headers2.append(
|
|
863
|
+
"Set-Cookie",
|
|
864
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
865
|
+
);
|
|
808
866
|
return new Response(null, { status: 200, headers: headers2 });
|
|
809
867
|
});
|
|
810
868
|
}
|
|
@@ -813,11 +871,12 @@ function getRouteHandlers(args) {
|
|
|
813
871
|
var _a;
|
|
814
872
|
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
815
873
|
const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
|
|
874
|
+
const sameSite = getSameSiteCookieValue();
|
|
816
875
|
if (!oldRefreshToken) {
|
|
817
876
|
const headers2 = new Headers();
|
|
818
877
|
headers2.append(
|
|
819
878
|
"Set-Cookie",
|
|
820
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
879
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
821
880
|
);
|
|
822
881
|
return new Response(null, { status: 401, headers: headers2 });
|
|
823
882
|
}
|
|
@@ -852,15 +911,15 @@ function getRouteHandlers(args) {
|
|
|
852
911
|
const headers2 = new Headers();
|
|
853
912
|
headers2.append(
|
|
854
913
|
"Set-Cookie",
|
|
855
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite
|
|
914
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
856
915
|
);
|
|
857
916
|
headers2.append(
|
|
858
917
|
"Set-Cookie",
|
|
859
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite
|
|
918
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
860
919
|
);
|
|
861
920
|
headers2.append(
|
|
862
921
|
"Set-Cookie",
|
|
863
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite
|
|
922
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
864
923
|
);
|
|
865
924
|
headers2.append("Content-Type", "application/json");
|
|
866
925
|
return new Response(JSON.stringify(jsonResponse), {
|
|
@@ -934,10 +993,11 @@ function getUrlEncodedRedirectPathForCurrentPath() {
|
|
|
934
993
|
return encodeURIComponent(path);
|
|
935
994
|
}
|
|
936
995
|
function getCookieForReturnToPathInCallback(returnToPathFromCookie) {
|
|
996
|
+
const sameSite = getSameSiteCookieValue();
|
|
937
997
|
if (returnToPathFromCookie) {
|
|
938
|
-
return `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPathFromCookie}; Path=/; HttpOnly; Secure; SameSite
|
|
998
|
+
return `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPathFromCookie}; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=15`;
|
|
939
999
|
} else {
|
|
940
|
-
return `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
1000
|
+
return `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`;
|
|
941
1001
|
}
|
|
942
1002
|
}
|
|
943
1003
|
function getCurrentPath() {
|