@smg-automotive/auth 6.8.0-auth0-update-root.7 → 6.8.0-auth0-update-access-token-endpoint.1

package/dist/esm/server/middleware/index.js

@@ -0,0 +1,89 @@
+import { NextResponse } from 'next/server';
+import { getAuth0Config } from '../../config/auth0.js';
+import { getAuth0Instance } from '../getAuth0Instance.js';
+import { handleAccessTokenRequest } from './token.js';
+import { protectRoute } from './protectRoute.js';
+import { handleCrossDomainLogout, deleteRelatedSessionCookies } from './logout.js';
+import { addLoginParamsFromCookies } from './login.js';
+import { combineHeaders } from './combineHeaders.js';
+
+const isAuthRoute = (pathname, auth0Config) => {
+    const { loginEndpoint, logoutEndpoint, callbackEndpoint, userProfileEndpoint, tokenEndpoint, } = auth0Config;
+    return [
+        loginEndpoint,
+        logoutEndpoint,
+        callbackEndpoint,
+        userProfileEndpoint,
+        tokenEndpoint,
+    ].includes(pathname);
+};
+const authMiddleware = async ({ request, isProtectedRoute, language, host, protocol, isProxied, onError, }) => {
+    const { pathname } = request.nextUrl;
+    const auth0Instance = getAuth0Instance({ host, protocol, isProxied });
+    const auth0Config = getAuth0Config({ isProxied });
+    const isAuthErrorRoute = pathname.endsWith(auth0Config.globalAuthErrorPath);
+    const crossDomainLogoutResult = handleCrossDomainLogout({
+        host,
+        protocol,
+        request,
+        auth0Config,
+    });
+    if (crossDomainLogoutResult) {
+        return crossDomainLogoutResult;
+    }
+    const addLoginParamsFromCookiesResult = addLoginParamsFromCookies({
+        request,
+        auth0Config,
+    });
+    if (addLoginParamsFromCookiesResult) {
+        return addLoginParamsFromCookiesResult;
+    }
+    const authResponse = await auth0Instance.middleware(request);
+    const deleteRelatedSessionCookiesResult = deleteRelatedSessionCookies({
+        host,
+        request,
+        response: authResponse,
+        auth0Config,
+    });
+    if (deleteRelatedSessionCookiesResult) {
+        return deleteRelatedSessionCookiesResult;
+    }
+    const switchSelectedSellerIdResult = await handleAccessTokenRequest({
+        request,
+        response: authResponse,
+        auth0Instance,
+        auth0Config,
+        language,
+        onError,
+    });
+    if (switchSelectedSellerIdResult) {
+        return switchSelectedSellerIdResult;
+    }
+    if (isAuthRoute(pathname, auth0Config) || isAuthErrorRoute) {
+        return authResponse;
+    }
+    const isProtected = !isAuthErrorRoute && isProtectedRoute(pathname);
+    const protectRouteResult = await protectRoute({
+        isProtected,
+        auth0Instance,
+        auth0Config,
+        language,
+        request,
+        response: authResponse,
+        onError,
+    });
+    if (protectRouteResult) {
+        return protectRouteResult;
+    }
+    return combineHeaders({
+        middlewareResponse: NextResponse.next({
+            request: {
+                headers: request.headers,
+            },
+        }),
+        authResponse,
+    });
+};
+
+export { authMiddleware };
+//# sourceMappingURL=index.js.map

package/dist/esm/server/middleware/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;AAaA,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,SAAS,EACT,OAAO,GASR,KAA2B;AAC1B,IAAA,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO;AACpC,IAAA,MAAM,aAAa,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAErE,MAAM,WAAW,GAAG,cAAc,CAAC,EAAE,SAAS,EAAE,CAAC;IACjD,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAE3E,MAAM,uBAAuB,GAAG,uBAAuB,CAAC;QACtD,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;AAC3B,QAAA,OAAO,uBAAuB;IAChC;IAEA,MAAM,+BAA+B,GAAG,yBAAyB,CAAC;QAChE,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,+BAA+B,EAAE;AACnC,QAAA,OAAO,+BAA+B;IACxC;IAEA,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAE5D,MAAM,iCAAiC,GAAG,2BAA2B,CAAC;QACpE,IAAI;QACJ,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,iCAAiC,EAAE;AACrC,QAAA,OAAO,iCAAiC;IAC1C;AAEA,IAAA,MAAM,4BAA4B,GAAG,MAAM,wBAAwB,CAAC;QAClE,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,QAAQ;QACR,OAAO;AACR,KAAA,CAAC;IACF,IAAI,4BAA4B,EAAE;AAChC,QAAA,OAAO,4BAA4B;IACrC;IAEA,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,gBAAgB,EAAE;AAC1D,QAAA,OAAO,YAAY;IACrB;IAEA,MAAM,WAAW,GAAG,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,CAAC;AACnE,IAAA,MAAM,kBAAkB,GAAG,MAAM,YAAY,CAAC;QAC5C,WAAW;QACX,aAAa;QACb,WAAW;QACX,QAAQ;QACR,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,OAAO;AACR,KAAA,CAAC;IACF,IAAI,kBAAkB,EAAE;AACtB,QAAA,OAAO,kBAAkB;IAC3B;AAEA,IAAA,OAAO,cAAc,CAAC;AACpB,QAAA,kBAAkB,EAAE,YAAY,CAAC,IAAI,CAAC;AACpC,YAAA,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,aAAA;SACF,CAAC;QACF,YAAY;AACb,KAAA,CAAC;AACJ;;;;"}

package/dist/esm/server/middleware/login.d.ts

@@ -0,0 +1,6 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Config } from 'src/types';
+export declare const addLoginParamsFromCookies: ({ request, auth0Config: { selectedSellerIdCookie, impersonatedSellerIdCookie, loginEndpoint, }, }: {
+    request: NextRequest;
+    auth0Config: Auth0Config;
+}) => NextResponse | void;

package/dist/esm/server/middleware/login.js

@@ -0,0 +1,23 @@
+const addLoginParamsFromCookies = ({ request, auth0Config: { selectedSellerIdCookie, impersonatedSellerIdCookie, loginEndpoint, }, }) => {
+    if (request.nextUrl.pathname !== loginEndpoint)
+        return;
+    const searchParams = new URLSearchParams(request.nextUrl.search);
+    const hasSellerId = searchParams.has('seller_id');
+    if (!hasSellerId) {
+        const sellerId = request.cookies.get(selectedSellerIdCookie.name)?.value;
+        if (sellerId) {
+            searchParams.set('seller_id', sellerId);
+        }
+    }
+    const hasImpersonateSellerId = searchParams.has('impersonate_seller_id');
+    if (!hasImpersonateSellerId) {
+        const impersonatedSellerId = request.cookies.get(impersonatedSellerIdCookie.name)?.value;
+        if (impersonatedSellerId) {
+            searchParams.set('impersonate_seller_id', impersonatedSellerId);
+        }
+    }
+    request.nextUrl.search = searchParams.toString();
+};
+
+export { addLoginParamsFromCookies };
+//# sourceMappingURL=login.js.map

package/dist/esm/server/middleware/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sources":["../../../../../src/server/middleware/login.ts"],"sourcesContent":[null],"names":[],"mappings":"AAIO,MAAM,yBAAyB,GAAG,CAAC,EACxC,OAAO,EACP,WAAW,EAAE,EACX,sBAAsB,EACtB,0BAA0B,EAC1B,aAAa,GACd,GAIF,KAAyB;AACxB,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,aAAa;QAAE;IAEhD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAChE,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC;IACjD,IAAI,CAAC,WAAW,EAAE;AAChB,QAAA,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,KAAK;QACxE,IAAI,QAAQ,EAAE;AACZ,YAAA,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC;QACzC;IACF;IAEA,MAAM,sBAAsB,GAAG,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACxE,IAAI,CAAC,sBAAsB,EAAE;AAC3B,QAAA,MAAM,oBAAoB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAC9C,0BAA0B,CAAC,IAAI,CAChC,EAAE,KAAK;QAER,IAAI,oBAAoB,EAAE;AACxB,YAAA,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC;QACjE;IACF;IAEA,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;AAClD;;;;"}

package/dist/esm/server/middleware/logout.d.ts

@@ -0,0 +1,14 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Config } from 'src/types';
+export declare const handleCrossDomainLogout: ({ host, protocol, request, auth0Config: { languageConfig, logoutEndpoint }, }: {
+    host: string;
+    protocol: string;
+    request: NextRequest;
+    auth0Config: Auth0Config;
+}) => NextResponse | void;
+export declare const deleteRelatedSessionCookies: ({ host, request, response, auth0Config: { logoutEndpoint, authCookieNames, legacyAccessTokenName, legacyRefreshTokenName, }, }: {
+    host: string;
+    request: NextRequest;
+    response: NextResponse;
+    auth0Config: Auth0Config;
+}) => NextResponse | void;

package/dist/esm/server/middleware/logout.js

@@ -0,0 +1,115 @@
+import { NextResponse } from 'next/server';
+
+const validateReturnTo = ({ pathOrUrl, host, protocol, otherDomainHost, crossDomainLogout, }) => {
+    if (typeof pathOrUrl !== 'string')
+        return false;
+    if (pathOrUrl.length > 2048)
+        return false;
+    try {
+        const decodedPathOrUrl = decodeURIComponent(pathOrUrl);
+        const isUrl = decodedPathOrUrl.startsWith('http');
+        const parsedUrlOrPath = new URL(isUrl ? decodedPathOrUrl : `${protocol}://${host}${decodedPathOrUrl}`);
+        const decodedPath = parsedUrlOrPath.pathname;
+        if (crossDomainLogout &&
+            isUrl &&
+            parsedUrlOrPath.host !== otherDomainHost) {
+            return false;
+        }
+        if (!crossDomainLogout && parsedUrlOrPath.host !== host) {
+            return false;
+        }
+        if (!decodedPath.startsWith('/') || decodedPath.startsWith('//')) {
+            return false;
+        }
+        // Limit chars in return to path to prevent injections
+        // eslint-disable-next-line @typescript-eslint/naming-convention
+        const SAFE_PATH_REGEX = /^\/[a-zA-Z0-9/_\-?.=]*$/;
+        return SAFE_PATH_REGEX.test(decodedPath);
+    }
+    catch (error) {
+        // eslint-disable-next-line no-console
+        console.warn('Error parsing URL or path:', error);
+        return false;
+    }
+};
+const getOtherDomainHost = (currentHost) => {
+    if (currentHost.includes('autoscout24')) {
+        return currentHost.replace('autoscout24', 'motoscout24');
+    }
+    if (currentHost.includes('motoscout24')) {
+        return currentHost.replace('motoscout24', 'autoscout24');
+    }
+    return currentHost;
+};
+const handleCrossDomainLogout = ({ host, protocol, request, auth0Config: { languageConfig, logoutEndpoint }, }) => {
+    if (request.nextUrl.pathname !== logoutEndpoint)
+        return;
+    const searchParams = new URLSearchParams(request.nextUrl.search);
+    const specifiedReturnTo = searchParams.get('returnTo') || '';
+    const crossDomainLogout = searchParams.get('crossDomain') === 'true';
+    const otherDomainHost = getOtherDomainHost(host);
+    let returnTo = `/${searchParams.get('locale') || languageConfig.default}`;
+    const isSafePath = validateReturnTo({
+        protocol,
+        host,
+        otherDomainHost,
+        pathOrUrl: specifiedReturnTo,
+        crossDomainLogout,
+    });
+    if (isSafePath) {
+        returnTo = specifiedReturnTo;
+    }
+    if (!crossDomainLogout && otherDomainHost && otherDomainHost !== host) {
+        const currentDomainUrl = `${protocol}://${host}`;
+        const backToCurrentDomainUrl = new URL(logoutEndpoint, currentDomainUrl);
+        backToCurrentDomainUrl.searchParams.set('returnTo', returnTo);
+        backToCurrentDomainUrl.searchParams.set('crossDomain', 'true');
+        const otherDomainLogoutUrl = new URL(logoutEndpoint, `${protocol}://${otherDomainHost}`);
+        otherDomainLogoutUrl.searchParams.set('crossDomain', 'true');
+        otherDomainLogoutUrl.searchParams.set('returnTo', backToCurrentDomainUrl.toString());
+        return NextResponse.redirect(otherDomainLogoutUrl, {
+            status: 302,
+        });
+    }
+    searchParams.set('returnTo', returnTo);
+    request.nextUrl.search = searchParams.toString();
+};
+const getLegacyCookieDomain = (hostname) => {
+    const parts = hostname.split('.');
+    if (parts.length < 2)
+        return `.${hostname}`;
+    const base = parts.slice(-2).join('.');
+    return `.${base}`;
+};
+const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { logoutEndpoint, authCookieNames, legacyAccessTokenName, legacyRefreshTokenName, }, }) => {
+    if (request.nextUrl.pathname !== logoutEndpoint || !response)
+        return;
+    authCookieNames.forEach((cookieName) => {
+        response.cookies.delete({
+            name: cookieName,
+            maxAge: 0,
+            path: '/',
+        });
+        response.cookies.delete({
+            name: `${cookieName}__0`,
+            maxAge: 0,
+            path: '/',
+        });
+    });
+    const legacyCookieDomain = getLegacyCookieDomain(host);
+    response.cookies.delete({
+        name: legacyAccessTokenName,
+        maxAge: 0,
+        path: '/',
+        domain: legacyCookieDomain,
+    });
+    response.cookies.delete({
+        name: legacyRefreshTokenName,
+        maxAge: 0,
+        path: '/',
+        domain: legacyCookieDomain,
+    });
+};
+
+export { deleteRelatedSessionCookies, handleCrossDomainLogout };
+//# sourceMappingURL=logout.js.map

package/dist/esm/server/middleware/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.js","sources":["../../../../../src/server/middleware/logout.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAIA,MAAM,gBAAgB,GAAG,CAAC,EACxB,SAAS,EACT,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,iBAAiB,GAOlB,KAAI;IACH,IAAI,OAAO,SAAS,KAAK,QAAQ;AAAE,QAAA,OAAO,KAAK;AAC/C,IAAA,IAAI,SAAS,CAAC,MAAM,GAAG,IAAI;AAAE,QAAA,OAAO,KAAK;AAEzC,IAAA,IAAI;AACF,QAAA,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,SAAS,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,KAAK,GAAG,gBAAgB,GAAG,GAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,CAAA,EAAG,gBAAgB,CAAA,CAAE,CACtE;AACD,QAAA,MAAM,WAAW,GAAG,eAAe,CAAC,QAAQ;AAE5C,QAAA,IACE,iBAAiB;YACjB,KAAK;AACL,YAAA,eAAe,CAAC,IAAI,KAAK,eAAe,EACxC;AACA,YAAA,OAAO,KAAK;QACd;QAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,CAAC,IAAI,KAAK,IAAI,EAAE;AACvD,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;AAChE,YAAA,OAAO,KAAK;QACd;;;QAIA,MAAM,eAAe,GAAG,yBAAyB;AACjD,QAAA,OAAO,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC;IAC1C;IAAE,OAAO,KAAK,EAAE;;AAEd,QAAA,OAAO,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,CAAC;AACjD,QAAA,OAAO,KAAK;IACd;AACF,CAAC;AAED,MAAM,kBAAkB,GAAG,CAAC,WAAmB,KAAY;AACzD,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,OAAO,WAAW;AACpB,CAAC;MAEY,uBAAuB,GAAG,CAAC,EACtC,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,WAAW,EAAE,EAAE,cAAc,EAAE,cAAc,EAAE,GAMhD,KAAyB;AACxB,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc;QAAE;IAEjD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAEhE,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE;IAC5D,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,MAAM;AAEpE,IAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,CAAC;AAChD,IAAA,IAAI,QAAQ,GAAG,CAAA,CAAA,EAAI,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,OAAO,EAAE;IACzE,MAAM,UAAU,GAAG,gBAAgB,CAAC;QAClC,QAAQ;QACR,IAAI;QACJ,eAAe;AACf,QAAA,SAAS,EAAE,iBAAiB;QAC5B,iBAAiB;AAClB,KAAA,CAAC;IACF,IAAI,UAAU,EAAE;QACd,QAAQ,GAAG,iBAAiB;IAC9B;IAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,IAAI,eAAe,KAAK,IAAI,EAAE;AACrE,QAAA,MAAM,gBAAgB,GAAG,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,EAAE;QAChD,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,gBAAgB,CAAC;QACxE,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;QAC7D,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAE9D,QAAA,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAClC,cAAc,EACd,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,eAAe,CAAA,CAAE,CACnC;QACD,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAC5D,QAAA,oBAAoB,CAAC,YAAY,CAAC,GAAG,CACnC,UAAU,EACV,sBAAsB,CAAC,QAAQ,EAAE,CAClC;AAED,QAAA,OAAO,YAAY,CAAC,QAAQ,CAAC,oBAAoB,EAAE;AACjD,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CAAC;IACJ;AAEA,IAAA,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;IACtC,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;AAClD;AAEA,MAAM,qBAAqB,GAAG,CAAC,QAAgB,KAAI;IACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;AACjC,IAAA,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAE;AAE3C,IAAA,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;IACtC,OAAO,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;AACnB,CAAC;AAEM,MAAM,2BAA2B,GAAG,CAAC,EAC1C,IAAI,EACJ,OAAO,EACP,QAAQ,EACR,WAAW,EAAE,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,sBAAsB,GACvB,GAMF,KAAyB;IACxB,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc,IAAI,CAAC,QAAQ;QAAE;AAE9D,IAAA,eAAe,CAAC,OAAO,CAAC,CAAC,UAAU,KAAI;AACrC,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,YAAA,IAAI,EAAE,UAAU;AAChB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACF,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK;AACxB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACJ,IAAA,CAAC,CAAC;AAEF,IAAA,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,IAAI,CAAC;AACtD,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,qBAAqB;AAC3B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACF,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,sBAAsB;AAC5B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACJ;;;;"}

package/dist/esm/server/middleware/protectRoute.d.ts

@@ -0,0 +1,13 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Language } from '@smg-automotive/i18n-pkg';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+import { Auth0Config } from 'src/types';
+export declare const protectRoute: ({ isProtected, auth0Instance, auth0Config, language, request, response, onError, }: {
+    isProtected: boolean;
+    auth0Instance: Auth0Client;
+    auth0Config: Auth0Config;
+    language: Language;
+    request: NextRequest;
+    response: NextResponse;
+    onError?: (error: Error) => void;
+}) => Promise<NextResponse | void>;

package/dist/esm/server/middleware/protectRoute.js

@@ -0,0 +1,49 @@
+import { NextResponse } from 'next/server';
+import { getLoginLink } from '../../lib/authLinks.js';
+import { refreshAccessToken } from './refreshAccessToken.js';
+
+const redirectToLogin = ({ auth0Config, language, returnTo, origin, }) => {
+    const loginUrl = getLoginLink({
+        auth0Config,
+        language,
+        returnTo,
+    });
+    return NextResponse.redirect(new URL(loginUrl, origin), {
+        status: 307,
+    });
+};
+const protectRoute = async ({ isProtected, auth0Instance, auth0Config, language, request, response, onError, }) => {
+    const session = await auth0Instance.getSession(request);
+    const { pathname, search, origin } = request.nextUrl;
+    if (!isProtected && !session?.user) {
+        return response;
+    }
+    if (!session && isProtected) {
+        return redirectToLogin({
+            auth0Config,
+            language,
+            returnTo: `${pathname}${search}`,
+            origin,
+        });
+    }
+    return refreshAccessToken({
+        request,
+        response,
+        auth0Instance,
+        onFailure: (authError) => {
+            onError?.(authError);
+            if (!isProtected) {
+                return response;
+            }
+            return redirectToLogin({
+                auth0Config,
+                language,
+                returnTo: `${pathname}${search}`,
+                origin,
+            });
+        },
+    });
+};
+
+export { protectRoute };
+//# sourceMappingURL=protectRoute.js.map

package/dist/esm/server/middleware/protectRoute.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protectRoute.js","sources":["../../../../../src/server/middleware/protectRoute.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AAUA,MAAM,eAAe,GAAG,CAAC,EACvB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,MAAM,GAMP,KAAkB;IACjB,MAAM,QAAQ,GAAG,YAAY,CAAC;QAC5B,WAAW;QACX,QAAQ;QACR,QAAQ;AACT,KAAA,CAAC;IAEF,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE;AACtD,QAAA,MAAM,EAAE,GAAG;AACZ,KAAA,CAAC;AACJ,CAAC;MAEY,YAAY,GAAG,OAAO,EACjC,WAAW,EACX,aAAa,EACb,WAAW,EACX,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,OAAO,GASR,KAAkC;IACjC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IACvD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;IAEpD,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE;AAClC,QAAA,OAAO,QAAQ;IACjB;AAEA,IAAA,IAAI,CAAC,OAAO,IAAI,WAAW,EAAE;AAC3B,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AAEA,IAAA,OAAO,kBAAkB,CAAC;QACxB,OAAO;QACP,QAAQ;QACR,aAAa;AACb,QAAA,SAAS,EAAE,CAAC,SAAmB,KAAI;AACjC,YAAA,OAAO,GAAG,SAAS,CAAC;YAEpB,IAAI,CAAC,WAAW,EAAE;AAChB,gBAAA,OAAO,QAAQ;YACjB;AAEA,YAAA,OAAO,eAAe,CAAC;gBACrB,WAAW;gBACX,QAAQ;AACR,gBAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;gBAChC,MAAM;AACP,aAAA,CAAC;QACJ,CAAC;AACF,KAAA,CAAC;AACJ;;;;"}

package/dist/esm/server/middleware/refreshAccessToken.d.ts

@@ -0,0 +1,9 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+import { SdkError } from '@auth0/nextjs-auth0/errors';
+export declare const refreshAccessToken: ({ request, response, auth0Instance, onFailure, }: {
+    request: NextRequest;
+    response: NextResponse;
+    auth0Instance: Auth0Client;
+    onFailure?: (error: SdkError) => NextResponse;
+}) => Promise<NextResponse | void>;

package/dist/esm/server/middleware/refreshAccessToken.js

@@ -0,0 +1,15 @@
+const refreshAccessToken = async ({ request, response, auth0Instance, onFailure, }) => {
+    const session = await auth0Instance.getSession(request);
+    try {
+        const shouldRefresh = (session?.tokenSet.expiresAt || 0) < Date.now() / 1000 + 30;
+        await auth0Instance.getAccessToken(request, response, {
+            refresh: shouldRefresh,
+        });
+    }
+    catch (error) {
+        return onFailure?.(error);
+    }
+};
+
+export { refreshAccessToken };
+//# sourceMappingURL=refreshAccessToken.js.map

package/dist/esm/server/middleware/refreshAccessToken.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refreshAccessToken.js","sources":["../../../../../src/server/middleware/refreshAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":"AAIO,MAAM,kBAAkB,GAAG,OAAO,EACvC,OAAO,EACP,QAAQ,EACR,aAAa,EACb,SAAS,GAMV,KAAkC;IACjC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;AAEvD,IAAA,IAAI;QACF,MAAM,aAAa,GACjB,CAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE;AAC7D,QAAA,MAAM,aAAa,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE;AACpD,YAAA,OAAO,EAAE,aAAa;AACvB,SAAA,CAAC;IACJ;IAAE,OAAO,KAAK,EAAE;AACd,QAAA,OAAO,SAAS,GAAG,KAAiB,CAAC;IACvC;AACF;;;;"}

package/dist/esm/server/middleware/token.d.ts

@@ -0,0 +1,12 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Language } from '@smg-automotive/i18n-pkg';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+import { Auth0Config } from 'src/types';
+export declare const handleAccessTokenRequest: ({ language, request, response, auth0Instance, auth0Config, onError, }: {
+    language: Language;
+    request: NextRequest;
+    response: NextResponse;
+    auth0Instance: Auth0Client;
+    auth0Config: Auth0Config;
+    onError?: (error: Error) => void;
+}) => Promise<NextResponse | void>;

package/dist/esm/server/middleware/token.js

@@ -0,0 +1,65 @@
+import { NextResponse } from 'next/server';
+import { AccessTokenErrorCode } from '@auth0/nextjs-auth0/errors';
+import { getLoginLink } from '../../lib/authLinks.js';
+import { combineHeaders } from './combineHeaders.js';
+
+const handleAccessTokenRequest = async ({ language, request, response, auth0Instance, auth0Config, onError, }) => {
+    if (request.nextUrl.pathname !== auth0Config.tokenEndpoint)
+        return;
+    const searchParams = new URLSearchParams(request.nextUrl.search);
+    const sellerId = searchParams.get('seller_id');
+    const session = await auth0Instance.getSession(request);
+    if (!session) {
+        return NextResponse.json({
+            error: {
+                message: 'The user does not have an active session.',
+                code: AccessTokenErrorCode.MISSING_SESSION,
+            },
+        }, {
+            status: 401,
+        });
+    }
+    if (sellerId && session?.user) {
+        const loginUrl = getLoginLink({
+            auth0Config,
+            language,
+            returnTo: auth0Config.tokenEndpoint,
+            selectedSellerId: sellerId,
+        });
+        return NextResponse.redirect(new URL(loginUrl, request.nextUrl.origin), {
+            status: 302,
+        });
+    }
+    try {
+        const shouldRefresh = (session?.tokenSet.expiresAt || 0) < Date.now() / 1000 + 30;
+        const { token, expiresAt } = await auth0Instance.getAccessToken(request, response, {
+            refresh: shouldRefresh,
+        });
+        const tokenResponse = combineHeaders({
+            middlewareResponse: NextResponse.json({
+                token,
+                expiresAt,
+            }, {
+                headers: request.headers,
+            }),
+            authResponse: response,
+        });
+        tokenResponse.headers.set('Cache-Control', 'private, no-cache, no-store, must-revalidate, max-age=0');
+        tokenResponse.headers.set('Pragma', 'no-cache');
+        tokenResponse.headers.set('Expires', '0');
+        return tokenResponse;
+    }
+    catch (error) {
+        const authError = error;
+        onError?.(authError);
+        return NextResponse.json({
+            error: {
+                message: authError.message,
+                code: authError.code,
+            },
+        }, { status: 401 });
+    }
+};
+
+export { handleAccessTokenRequest };
+//# sourceMappingURL=token.js.map

package/dist/esm/server/middleware/token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.js","sources":["../../../../../src/server/middleware/token.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;MAWa,wBAAwB,GAAG,OAAO,EAC7C,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,EACX,OAAO,GAQR,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,aAAa;QAAE;IAE5D,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAEhE,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC;IAC9C,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,IAAI,CAAC,OAAO,EAAE;QACZ,OAAO,YAAY,CAAC,IAAI,CACtB;AACE,YAAA,KAAK,EAAE;AACL,gBAAA,OAAO,EAAE,2CAA2C;gBACpD,IAAI,EAAE,oBAAoB,CAAC,eAAe;AAC3C,aAAA;SACF,EACD;AACE,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CACF;IACH;AAEA,IAAA,IAAI,QAAQ,IAAI,OAAO,EAAE,IAAI,EAAE;QAC7B,MAAM,QAAQ,GAAG,YAAY,CAAC;YAC5B,WAAW;YACX,QAAQ;YACR,QAAQ,EAAE,WAAW,CAAC,aAAa;AACnC,YAAA,gBAAgB,EAAE,QAAQ;AAC3B,SAAA,CAAC;AACF,QAAA,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;AACtE,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CAAC;IACJ;AAEA,IAAA,IAAI;QACF,MAAM,aAAa,GACjB,CAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE;AAC7D,QAAA,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,aAAa,CAAC,cAAc,CAC7D,OAAO,EACP,QAAQ,EACR;AACE,YAAA,OAAO,EAAE,aAAa;AACvB,SAAA,CACF;QAED,MAAM,aAAa,GAAG,cAAc,CAAC;AACnC,YAAA,kBAAkB,EAAE,YAAY,CAAC,IAAI,CACnC;gBACE,KAAK;gBACL,SAAS;aACV,EACD;gBACE,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CACF;AACD,YAAA,YAAY,EAAE,QAAQ;AACvB,SAAA,CAAC;QACF,aAAa,CAAC,OAAO,CAAC,GAAG,CACvB,eAAe,EACf,yDAAyD,CAC1D;QACD,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC;QAC/C,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC;AAEzC,QAAA,OAAO,aAAa;IACtB;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;AACnC,QAAA,OAAO,GAAG,SAAS,CAAC;QAEpB,OAAO,YAAY,CAAC,IAAI,CACtB;AACE,YAAA,KAAK,EAAE;gBACL,OAAO,EAAE,SAAS,CAAC,OAAO;gBAC1B,IAAI,EAAE,SAAS,CAAC,IAAI;AACrB,aAAA;AACF,SAAA,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB;IACH;AACF;;;;"}

package/dist/esm/server.js

@@ -1,2 +1,2 @@
-export { authMiddleware } from './server/middleware.js';
+export { authMiddleware } from './server/middleware/index.js';
 //# sourceMappingURL=server.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smg-automotive/auth",
-  "version": "6.8.0-auth0-update-root.7",
+  "version": "6.8.0-auth0-update-access-token-endpoint.1",
   "description": "SMG Automotive auth package",
   "exports": {
     ".": {