@smg-automotive/auth 7.0.0 → 7.1.0-always-mount-auth-under-proxy-segment.1

package/dist/esm/server/middleware/login.js

@@ -0,0 +1,34 @@
+const addLoginParamsFromCookies = ({ request, auth0Config: { selectedSellerIdCookie, impersonatedSellerIdCookie, loginEndpoint, }, }) => {
+    if (request.nextUrl.pathname !== loginEndpoint)
+        return;
+    const searchParams = new URLSearchParams(request.nextUrl.search);
+    const hasSellerId = searchParams.has('seller_id');
+    if (!hasSellerId) {
+        const sellerId = request.cookies.get(selectedSellerIdCookie.name)?.value;
+        if (sellerId) {
+            searchParams.set('seller_id', sellerId);
+        }
+    }
+    const hasImpersonateSellerId = searchParams.has('impersonate_seller_id');
+    if (!hasImpersonateSellerId) {
+        const impersonatedSellerId = request.cookies.get(impersonatedSellerIdCookie.name)?.value;
+        if (impersonatedSellerId) {
+            searchParams.set('impersonate_seller_id', impersonatedSellerId);
+        }
+    }
+    request.nextUrl.search = searchParams.toString();
+};
+const setLoginRelatedCookies = ({ request, response, auth0Config: { selectedSellerIdCookie, impersonatedSellerIdCookie, loginEndpoint, }, }) => {
+    if (request.nextUrl.pathname !== loginEndpoint)
+        return;
+    const searchParams = new URLSearchParams(request.nextUrl.search);
+    if (searchParams.has('seller_id')) {
+        response.cookies.set(selectedSellerIdCookie.name, searchParams.get('seller_id'), selectedSellerIdCookie);
+    }
+    if (searchParams.has('impersonate_seller_id')) {
+        response.cookies.set(impersonatedSellerIdCookie.name, searchParams.get('impersonate_seller_id'), impersonatedSellerIdCookie);
+    }
+};
+
+export { addLoginParamsFromCookies, setLoginRelatedCookies };
+//# sourceMappingURL=login.js.map

package/dist/esm/server/middleware/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sources":["../../../../../src/server/middleware/login.ts"],"sourcesContent":[null],"names":[],"mappings":"AAIO,MAAM,yBAAyB,GAAG,CAAC,EACxC,OAAO,EACP,WAAW,EAAE,EACX,sBAAsB,EACtB,0BAA0B,EAC1B,aAAa,GACd,GAIF,KAAI;AACH,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,aAAa;QAAE;IAEhD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAChE,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC;IACjD,IAAI,CAAC,WAAW,EAAE;AAChB,QAAA,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,KAAK;QACxE,IAAI,QAAQ,EAAE;AACZ,YAAA,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC;QACzC;IACF;IAEA,MAAM,sBAAsB,GAAG,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACxE,IAAI,CAAC,sBAAsB,EAAE;AAC3B,QAAA,MAAM,oBAAoB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAC9C,0BAA0B,CAAC,IAAI,CAChC,EAAE,KAAK;QAER,IAAI,oBAAoB,EAAE;AACxB,YAAA,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC;QACjE;IACF;IAEA,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;AAClD;MAEa,sBAAsB,GAAG,CAAC,EACrC,OAAO,EACP,QAAQ,EACR,WAAW,EAAE,EACX,sBAAsB,EACtB,0BAA0B,EAC1B,aAAa,GACd,GAKF,KAAI;AACH,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,aAAa;QAAE;IAEhD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;AAChE,IAAA,IAAI,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;AACjC,QAAA,QAAQ,CAAC,OAAO,CAAC,GAAG,CAClB,sBAAsB,CAAC,IAAI,EAC3B,YAAY,CAAC,GAAG,CAAC,WAAW,CAAE,EAC9B,sBAAsB,CACvB;IACH;AAEA,IAAA,IAAI,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,EAAE;AAC7C,QAAA,QAAQ,CAAC,OAAO,CAAC,GAAG,CAClB,0BAA0B,CAAC,IAAI,EAC/B,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAE,EAC1C,0BAA0B,CAC3B;IACH;AACF;;;;"}

package/dist/esm/server/middleware/logout.d.ts

@@ -0,0 +1,14 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Config } from 'src/types';
+export declare const handleCrossDomainLogout: ({ host, protocol, request, auth0Config: { languageConfig, logoutEndpoint }, }: {
+    host: string;
+    protocol: string;
+    request: NextRequest;
+    auth0Config: Auth0Config;
+}) => NextResponse | void;
+export declare const deleteRelatedSessionCookies: ({ host, request, response, auth0Config: { logoutEndpoint, authCookieNames, legacyAccessTokenName, legacyRefreshTokenName, }, }: {
+    host: string;
+    request: NextRequest;
+    response: NextResponse;
+    auth0Config: Auth0Config;
+}) => void;

package/dist/esm/server/middleware/logout.js

@@ -0,0 +1,115 @@
+import { NextResponse } from 'next/server';
+
+const validateReturnTo = ({ pathOrUrl, host, protocol, otherDomainHost, crossDomainLogout, }) => {
+    if (typeof pathOrUrl !== 'string')
+        return false;
+    if (pathOrUrl.length > 2048)
+        return false;
+    try {
+        const decodedPathOrUrl = decodeURIComponent(pathOrUrl);
+        const isUrl = decodedPathOrUrl.startsWith('http');
+        const parsedUrlOrPath = new URL(isUrl ? decodedPathOrUrl : `${protocol}://${host}${decodedPathOrUrl}`);
+        const decodedPath = parsedUrlOrPath.pathname;
+        if (crossDomainLogout &&
+            isUrl &&
+            parsedUrlOrPath.host !== otherDomainHost) {
+            return false;
+        }
+        if (!crossDomainLogout && parsedUrlOrPath.host !== host) {
+            return false;
+        }
+        if (!decodedPath.startsWith('/') || decodedPath.startsWith('//')) {
+            return false;
+        }
+        // Limit chars in return to path to prevent injections
+        // eslint-disable-next-line @typescript-eslint/naming-convention
+        const SAFE_PATH_REGEX = /^\/[a-zA-Z0-9/_\-?.=]*$/;
+        return SAFE_PATH_REGEX.test(decodedPath);
+    }
+    catch (error) {
+        // eslint-disable-next-line no-console
+        console.warn('Error parsing URL or path:', error);
+        return false;
+    }
+};
+const getOtherDomainHost = (currentHost) => {
+    if (currentHost.includes('autoscout24')) {
+        return currentHost.replace('autoscout24', 'motoscout24');
+    }
+    if (currentHost.includes('motoscout24')) {
+        return currentHost.replace('motoscout24', 'autoscout24');
+    }
+    return currentHost;
+};
+const handleCrossDomainLogout = ({ host, protocol, request, auth0Config: { languageConfig, logoutEndpoint }, }) => {
+    if (request.nextUrl.pathname !== logoutEndpoint)
+        return;
+    const searchParams = new URLSearchParams(request.nextUrl.search);
+    const specifiedReturnTo = searchParams.get('returnTo') || '';
+    const crossDomainLogout = searchParams.get('crossDomain') === 'true';
+    const otherDomainHost = getOtherDomainHost(host);
+    let returnTo = `/${searchParams.get('locale') || languageConfig.default}`;
+    const isSafePath = validateReturnTo({
+        protocol,
+        host,
+        otherDomainHost,
+        pathOrUrl: specifiedReturnTo,
+        crossDomainLogout,
+    });
+    if (isSafePath) {
+        returnTo = specifiedReturnTo;
+    }
+    if (!crossDomainLogout && otherDomainHost && otherDomainHost !== host) {
+        const currentDomainUrl = `${protocol}://${host}`;
+        const backToCurrentDomainUrl = new URL(logoutEndpoint, currentDomainUrl);
+        backToCurrentDomainUrl.searchParams.set('returnTo', returnTo);
+        backToCurrentDomainUrl.searchParams.set('crossDomain', 'true');
+        const otherDomainLogoutUrl = new URL(logoutEndpoint, `${protocol}://${otherDomainHost}`);
+        otherDomainLogoutUrl.searchParams.set('crossDomain', 'true');
+        otherDomainLogoutUrl.searchParams.set('returnTo', backToCurrentDomainUrl.toString());
+        return NextResponse.redirect(otherDomainLogoutUrl, {
+            status: 302,
+        });
+    }
+    searchParams.set('returnTo', returnTo);
+    request.nextUrl.search = searchParams.toString();
+};
+const getLegacyCookieDomain = (hostname) => {
+    const parts = hostname.split('.');
+    if (parts.length < 2)
+        return `.${hostname}`;
+    const base = parts.slice(-2).join('.');
+    return `.${base}`;
+};
+const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { logoutEndpoint, authCookieNames, legacyAccessTokenName, legacyRefreshTokenName, }, }) => {
+    if (request.nextUrl.pathname !== logoutEndpoint || !response)
+        return;
+    authCookieNames.forEach((cookieName) => {
+        response.cookies.delete({
+            name: cookieName,
+            maxAge: 0,
+            path: '/',
+        });
+        response.cookies.delete({
+            name: `${cookieName}__0`,
+            maxAge: 0,
+            path: '/',
+        });
+    });
+    const legacyCookieDomain = getLegacyCookieDomain(host);
+    response.cookies.delete({
+        name: legacyAccessTokenName,
+        maxAge: 0,
+        path: '/',
+        domain: legacyCookieDomain,
+    });
+    response.cookies.delete({
+        name: legacyRefreshTokenName,
+        maxAge: 0,
+        path: '/',
+        domain: legacyCookieDomain,
+    });
+};
+
+export { deleteRelatedSessionCookies, handleCrossDomainLogout };
+//# sourceMappingURL=logout.js.map

package/dist/esm/server/middleware/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.js","sources":["../../../../../src/server/middleware/logout.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAIA,MAAM,gBAAgB,GAAG,CAAC,EACxB,SAAS,EACT,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,iBAAiB,GAOlB,KAAI;IACH,IAAI,OAAO,SAAS,KAAK,QAAQ;AAAE,QAAA,OAAO,KAAK;AAC/C,IAAA,IAAI,SAAS,CAAC,MAAM,GAAG,IAAI;AAAE,QAAA,OAAO,KAAK;AAEzC,IAAA,IAAI;AACF,QAAA,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,SAAS,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,KAAK,GAAG,gBAAgB,GAAG,GAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,CAAA,EAAG,gBAAgB,CAAA,CAAE,CACtE;AACD,QAAA,MAAM,WAAW,GAAG,eAAe,CAAC,QAAQ;AAE5C,QAAA,IACE,iBAAiB;YACjB,KAAK;AACL,YAAA,eAAe,CAAC,IAAI,KAAK,eAAe,EACxC;AACA,YAAA,OAAO,KAAK;QACd;QAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,CAAC,IAAI,KAAK,IAAI,EAAE;AACvD,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;AAChE,YAAA,OAAO,KAAK;QACd;;;QAIA,MAAM,eAAe,GAAG,yBAAyB;AACjD,QAAA,OAAO,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC;IAC1C;IAAE,OAAO,KAAK,EAAE;;AAEd,QAAA,OAAO,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,CAAC;AACjD,QAAA,OAAO,KAAK;IACd;AACF,CAAC;AAED,MAAM,kBAAkB,GAAG,CAAC,WAAmB,KAAY;AACzD,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,OAAO,WAAW;AACpB,CAAC;MAEY,uBAAuB,GAAG,CAAC,EACtC,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,WAAW,EAAE,EAAE,cAAc,EAAE,cAAc,EAAE,GAMhD,KAAyB;AACxB,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc;QAAE;IAEjD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAEhE,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE;IAC5D,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,MAAM;AAEpE,IAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,CAAC;AAChD,IAAA,IAAI,QAAQ,GAAG,CAAA,CAAA,EAAI,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,OAAO,EAAE;IACzE,MAAM,UAAU,GAAG,gBAAgB,CAAC;QAClC,QAAQ;QACR,IAAI;QACJ,eAAe;AACf,QAAA,SAAS,EAAE,iBAAiB;QAC5B,iBAAiB;AAClB,KAAA,CAAC;IACF,IAAI,UAAU,EAAE;QACd,QAAQ,GAAG,iBAAiB;IAC9B;IAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,IAAI,eAAe,KAAK,IAAI,EAAE;AACrE,QAAA,MAAM,gBAAgB,GAAG,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,EAAE;QAChD,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,gBAAgB,CAAC;QACxE,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;QAC7D,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAE9D,QAAA,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAClC,cAAc,EACd,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,eAAe,CAAA,CAAE,CACnC;QACD,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAC5D,QAAA,oBAAoB,CAAC,YAAY,CAAC,GAAG,CACnC,UAAU,EACV,sBAAsB,CAAC,QAAQ,EAAE,CAClC;AAED,QAAA,OAAO,YAAY,CAAC,QAAQ,CAAC,oBAAoB,EAAE;AACjD,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CAAC;IACJ;AAEA,IAAA,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;IACtC,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;AAClD;AAEA,MAAM,qBAAqB,GAAG,CAAC,QAAgB,KAAI;IACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;AACjC,IAAA,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAE;AAE3C,IAAA,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;IACtC,OAAO,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;AACnB,CAAC;AAEM,MAAM,2BAA2B,GAAG,CAAC,EAC1C,IAAI,EACJ,OAAO,EACP,QAAQ,EACR,WAAW,EAAE,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,sBAAsB,GACvB,GAMF,KAAI;IACH,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc,IAAI,CAAC,QAAQ;QAAE;AAE9D,IAAA,eAAe,CAAC,OAAO,CAAC,CAAC,UAAU,KAAI;AACrC,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,YAAA,IAAI,EAAE,UAAU;AAChB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACF,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK;AACxB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACJ,IAAA,CAAC,CAAC;AAEF,IAAA,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,IAAI,CAAC;AACtD,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,qBAAqB;AAC3B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACF,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,sBAAsB;AAC5B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACJ;;;;"}

package/dist/esm/server/middleware/proactivelyRefreshAccessToken.d.ts

@@ -0,0 +1,10 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+export declare const proactivelyRefreshAccessToken: ({ request, response, auth0Instance, }: {
+    request: NextRequest;
+    response: NextResponse;
+    auth0Instance: Auth0Client;
+}) => Promise<{
+    token: string;
+    expiresAt: number;
+}>;

package/dist/esm/server/middleware/proactivelyRefreshAccessToken.js

@@ -0,0 +1,10 @@
+const proactivelyRefreshAccessToken = async ({ request, response, auth0Instance, }) => {
+    const session = await auth0Instance.getSession(request);
+    const shouldRefresh = (session?.tokenSet.expiresAt || 0) < Date.now() / 1000 + 30;
+    return auth0Instance.getAccessToken(request, response, {
+        refresh: shouldRefresh,
+    });
+};
+
+export { proactivelyRefreshAccessToken };
+//# sourceMappingURL=proactivelyRefreshAccessToken.js.map

package/dist/esm/server/middleware/proactivelyRefreshAccessToken.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proactivelyRefreshAccessToken.js","sources":["../../../../../src/server/middleware/proactivelyRefreshAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":"AAGO,MAAM,6BAA6B,GAAG,OAAO,EAClD,OAAO,EACP,QAAQ,EACR,aAAa,GAKd,KAAmD;IAClD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,MAAM,aAAa,GACjB,CAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE;AAC7D,IAAA,OAAO,aAAa,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE;AACrD,QAAA,OAAO,EAAE,aAAa;AACvB,KAAA,CAAC;AACJ;;;;"}

package/dist/esm/server/middleware/profile.d.ts

@@ -0,0 +1,10 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+import { Brand } from 'src/types/brand';
+import { Auth0Config } from 'src/types';
+export declare const handleUserProfile: ({ request, auth0Instance, auth0Config, brand, }: {
+    request: NextRequest;
+    auth0Instance: Auth0Client;
+    auth0Config: Auth0Config;
+    brand: Brand;
+}) => Promise<NextResponse | void>;

package/dist/esm/server/middleware/profile.js

@@ -0,0 +1,26 @@
+import { NextResponse } from 'next/server';
+import { enrichUser } from '../../lib/enrichUser/session.js';
+import { addCachingHeaders } from './addCachingHeaders.js';
+
+const handleUserProfile = async ({ request, auth0Instance, auth0Config, brand, }) => {
+    if (request.nextUrl.pathname === auth0Config.userProfileEndpoint) {
+        const session = await auth0Instance.getSession(request);
+        if (!session) {
+            return new NextResponse(null, {
+                status: 401,
+            });
+        }
+        const user = session.user;
+        const enrichedUser = await enrichUser({
+            user,
+            accessToken: session.tokenSet.accessToken,
+            brand,
+        });
+        const userResponse = NextResponse.json(enrichedUser);
+        addCachingHeaders(userResponse);
+        return userResponse;
+    }
+};
+
+export { handleUserProfile };
+//# sourceMappingURL=profile.js.map

package/dist/esm/server/middleware/profile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"profile.js","sources":["../../../../../src/server/middleware/profile.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AASO,MAAM,iBAAiB,GAAG,OAAO,EACtC,OAAO,EACP,aAAa,EACb,WAAW,EACX,KAAK,GAMN,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,mBAAmB,EAAE;QAChE,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;QAEvD,IAAI,CAAC,OAAO,EAAE;AACZ,YAAA,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE;AAC5B,gBAAA,MAAM,EAAE,GAAG;AACZ,aAAA,CAAC;QACJ;AAEA,QAAA,MAAM,IAAI,GAAG,OAAO,CAAC,IAAmB;AAExC,QAAA,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC;YACpC,IAAI;AACJ,YAAA,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,WAAW;YACzC,KAAK;AACN,SAAA,CAAC;QAEF,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;QACpD,iBAAiB,CAAC,YAAY,CAAC;AAC/B,QAAA,OAAO,YAAY;IACrB;AACF;;;;"}

package/dist/esm/server/middleware/protectRoute.d.ts

@@ -0,0 +1,13 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Language } from '@smg-automotive/i18n-pkg';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+import { Auth0Config } from 'src/types';
+export declare const protectRoute: ({ isProtected, auth0Instance, auth0Config, language, request, response, onError, }: {
+    isProtected: boolean;
+    auth0Instance: Auth0Client;
+    auth0Config: Auth0Config;
+    language: Language;
+    request: NextRequest;
+    response: NextResponse;
+    onError?: (error: Error) => void;
+}) => Promise<NextResponse | void>;

package/dist/esm/server/middleware/protectRoute.js

@@ -0,0 +1,49 @@
+import { NextResponse } from 'next/server';
+import { getLoginLink } from '../../lib/authLinks.js';
+import { proactivelyRefreshAccessToken } from './proactivelyRefreshAccessToken.js';
+
+const redirectToLogin = ({ auth0Config, language, returnTo, origin, }) => {
+    const loginUrl = getLoginLink({
+        auth0Config,
+        language,
+        returnTo,
+    });
+    return NextResponse.redirect(new URL(loginUrl, origin), {
+        status: 307,
+    });
+};
+const protectRoute = async ({ isProtected, auth0Instance, auth0Config, language, request, response, onError, }) => {
+    const session = await auth0Instance.getSession(request);
+    const { pathname, search, origin } = request.nextUrl;
+    if (!isProtected && !session?.user) {
+        return response;
+    }
+    if (!session && isProtected) {
+        return redirectToLogin({
+            auth0Config,
+            language,
+            returnTo: `${pathname}${search}`,
+            origin,
+        });
+    }
+    try {
+        await proactivelyRefreshAccessToken({
+            request,
+            response,
+            auth0Instance,
+        });
+    }
+    catch (error) {
+        const authError = error;
+        onError?.(authError);
+        return redirectToLogin({
+            auth0Config,
+            language,
+            returnTo: `${pathname}${search}`,
+            origin,
+        });
+    }
+};
+
+export { protectRoute };
+//# sourceMappingURL=protectRoute.js.map

package/dist/esm/server/middleware/protectRoute.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protectRoute.js","sources":["../../../../../src/server/middleware/protectRoute.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AAUA,MAAM,eAAe,GAAG,CAAC,EACvB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,MAAM,GAMP,KAAkB;IACjB,MAAM,QAAQ,GAAG,YAAY,CAAC;QAC5B,WAAW;QACX,QAAQ;QACR,QAAQ;AACT,KAAA,CAAC;IAEF,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE;AACtD,QAAA,MAAM,EAAE,GAAG;AACZ,KAAA,CAAC;AACJ,CAAC;MAEY,YAAY,GAAG,OAAO,EACjC,WAAW,EACX,aAAa,EACb,WAAW,EACX,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,OAAO,GASR,KAAkC;IACjC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IACvD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;IAEpD,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE;AAClC,QAAA,OAAO,QAAQ;IACjB;AAEA,IAAA,IAAI,CAAC,OAAO,IAAI,WAAW,EAAE;AAC3B,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AAEA,IAAA,IAAI;AACF,QAAA,MAAM,6BAA6B,CAAC;YAClC,OAAO;YACP,QAAQ;YACR,aAAa;AACd,SAAA,CAAC;IACJ;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;AACnC,QAAA,OAAO,GAAG,SAAS,CAAC;AAEpB,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AACF;;;;"}

package/dist/esm/server/middleware/token.d.ts

@@ -0,0 +1,10 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+import { Auth0Config } from 'src/types';
+export declare const handleAccessTokenRequest: ({ request, response, auth0Instance, auth0Config, onError, }: {
+    request: NextRequest;
+    response: NextResponse;
+    auth0Instance: Auth0Client;
+    auth0Config: Auth0Config;
+    onError?: (error: Error) => void;
+}) => Promise<NextResponse | void>;

package/dist/esm/server/middleware/token.js

@@ -0,0 +1,41 @@
+import { NextResponse } from 'next/server';
+import { AccessTokenErrorCode } from '@auth0/nextjs-auth0/errors';
+import { proactivelyRefreshAccessToken } from './proactivelyRefreshAccessToken.js';
+import { addCachingHeaders } from './addCachingHeaders.js';
+
+const handleAccessTokenRequest = async ({ request, response, auth0Instance, auth0Config, onError, }) => {
+    if (request.nextUrl.pathname !== auth0Config.tokenEndpoint)
+        return;
+    const session = await auth0Instance.getSession(request);
+    if (!session) {
+        return NextResponse.json({
+            error: {
+                message: 'The user does not have an active session.',
+                code: AccessTokenErrorCode.MISSING_SESSION,
+            },
+        }, {
+            status: 401,
+        });
+    }
+    try {
+        const { token, expiresAt } = await proactivelyRefreshAccessToken({
+            request,
+            response,
+            auth0Instance,
+        });
+        const tokenResponse = NextResponse.json({
+            token,
+            expiresAt,
+        });
+        addCachingHeaders(tokenResponse);
+        return tokenResponse;
+    }
+    catch (error) {
+        const authError = error;
+        onError?.(authError);
+        return NextResponse.json({ error: { message: authError.message, code: authError.code } }, { status: 401 });
+    }
+};
+
+export { handleAccessTokenRequest };
+//# sourceMappingURL=token.js.map

package/dist/esm/server/middleware/token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.js","sources":["../../../../../src/server/middleware/token.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;AASO,MAAM,wBAAwB,GAAG,OAAO,EAC7C,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,EACX,OAAO,GAOR,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,aAAa;QAAE;IAE5D,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,IAAI,CAAC,OAAO,EAAE;QACZ,OAAO,YAAY,CAAC,IAAI,CACtB;AACE,YAAA,KAAK,EAAE;AACL,gBAAA,OAAO,EAAE,2CAA2C;gBACpD,IAAI,EAAE,oBAAoB,CAAC,eAAe;AAC3C,aAAA;SACF,EACD;AACE,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CACF;IACH;AAEA,IAAA,IAAI;QACF,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,6BAA6B,CAAC;YAC/D,OAAO;YACP,QAAQ;YACR,aAAa;AACd,SAAA,CAAC;AACF,QAAA,MAAM,aAAa,GAAG,YAAY,CAAC,IAAI,CAAC;YACtC,KAAK;YACL,SAAS;AACV,SAAA,CAAC;QACF,iBAAiB,CAAC,aAAa,CAAC;AAChC,QAAA,OAAO,aAAa;IACtB;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;AACnC,QAAA,OAAO,GAAG,SAAS,CAAC;AACpB,QAAA,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,EAAE,EAC/D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB;IACH;AACF;;;;"}

package/dist/esm/server/redisSessionStore.d.ts

@@ -0,0 +1,15 @@
+import { SessionData, SessionDataStore } from '@auth0/nextjs-auth0/types';
+type RedisSessionStoreOptions = {
+    prefix: string;
+    ttlSeconds: number;
+    redisUrl: string;
+};
+export declare class RedisSessionStore implements SessionDataStore {
+    #private;
+    constructor(options: RedisSessionStoreOptions);
+    private key;
+    get(id: string): Promise<SessionData | null>;
+    set(id: string, session: SessionData): Promise<void>;
+    delete(id: string): Promise<void>;
+}
+export {};

package/dist/esm/server.d.ts

@@ -1,4 +1,2 @@
-export * from './getServerAuthProps';
-export * from './apiRoutes';
-export * from './lib/request/getUserAndAccessToken';
-export * from './lib/request/isLoggedIn';
+export * from './server/middleware';
+export * from './server/helpers';

package/dist/esm/server.js

@@ -1,6 +1,6 @@
-export { getServerAuthProps as getServerAuthPropsPages } from './getServerAuthProps/pages.js';
-export { getServerAuthProps as getServerAuthPropsApp } from './getServerAuthProps/app.js';
-export { apiRoutesHandler } from './apiRoutes/handlers/index.js';
-export { getUser, getUserAndAccessToken } from './lib/request/getUserAndAccessToken.js';
-export { isLoggedIn } from './lib/request/isLoggedIn.js';
+export { authMiddleware } from './server/middleware/index.js';
+export { getAccessToken } from './server/helpers/getAccessToken.js';
+export { getAuthProps } from './server/helpers/getAuthProps.js';
+export { getUser } from './server/helpers/getUser.js';
+export { isLoggedIn } from './server/helpers/isLoggedIn.js';
 //# sourceMappingURL=server.js.map

package/dist/esm/test/mocks.d.ts

@@ -0,0 +1 @@
+import 'whatwg-fetch';

package/dist/esm/test/mocks.js

@@ -0,0 +1,2 @@
+import '../node_modules/whatwg-fetch/fetch.js';
+//# sourceMappingURL=mocks.js.map

package/dist/esm/test/mocks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mocks.js","sources":[],"sourcesContent":[],"names":[],"mappings":""}

package/dist/esm/test/setup.d.ts

@@ -0,0 +1,2 @@
+import type { Config } from '@jest/types';
+export declare const transpileESMModulesForJest: (asyncConfig: () => Promise<Config.InitialProjectOptions>) => Promise<Config.InitialProjectOptions>;

package/dist/esm/test/setup.js

@@ -0,0 +1,26 @@
+const customTranspiledPackages = ['@auth0/nextjs-auth0', 'jose', '@panva/hkdf'];
+const transpileESMModulesForJest = async (asyncConfig) => {
+    const config = await asyncConfig();
+    const currentPackages = config.transformIgnorePatterns
+        ?.filter((pattern) => pattern.includes('node_modules'))
+        ?.map((pattern) => pattern
+        .replace('/node_modules/(?!.pnpm)(?!(', '')
+        .replace(')/)', '')
+        .replace('/node_modules/.pnpm/(?!(', '')
+        .replace(')@)', '')) || [];
+    const uniqueCurrentPackages = [...new Set(currentPackages)];
+    const currentNonPackages = config.transformIgnorePatterns?.filter((pattern) => !pattern.includes('node_modules')) || [];
+    const transpiledPackages = [
+        ...customTranspiledPackages,
+        ...uniqueCurrentPackages,
+    ].join('|');
+    config.transformIgnorePatterns = [
+        `/node_modules/(?!.pnpm)(?!(${transpiledPackages})/)`,
+        `/node_modules/.pnpm/(?!(${transpiledPackages.replace(/\//g, '\\+')})@)`,
+        ...currentNonPackages,
+    ];
+    return config;
+};
+
+export { transpileESMModulesForJest };
+//# sourceMappingURL=setup.js.map

package/dist/esm/test/setup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.js","sources":["../../../../src/test/setup.ts"],"sourcesContent":[null],"names":[],"mappings":"AAEA,MAAM,wBAAwB,GAAG,CAAC,qBAAqB,EAAE,MAAM,EAAE,aAAa,CAAC;MAClE,0BAA0B,GAAG,OACxC,WAAwD,KACtD;AACF,IAAA,MAAM,MAAM,GAAG,MAAM,WAAW,EAAE;AAElC,IAAA,MAAM,eAAe,GACnB,MAAM,CAAC;AACL,UAAE,MAAM,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;AACtD,UAAE,GAAG,CAAC,CAAC,OAAO,KACZ;AACG,SAAA,OAAO,CAAC,6BAA6B,EAAE,EAAE;AACzC,SAAA,OAAO,CAAC,KAAK,EAAE,EAAE;AACjB,SAAA,OAAO,CAAC,0BAA0B,EAAE,EAAE;SACtC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CACtB,IAAI,EAAE;IACX,MAAM,qBAAqB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,CAAC;IAC3D,MAAM,kBAAkB,GACtB,MAAM,CAAC,uBAAuB,EAAE,MAAM,CACpC,CAAC,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAC/C,IAAI,EAAE;AAET,IAAA,MAAM,kBAAkB,GAAG;AACzB,QAAA,GAAG,wBAAwB;AAC3B,QAAA,GAAG,qBAAqB;AACzB,KAAA,CAAC,IAAI,CAAC,GAAG,CAAC;IACX,MAAM,CAAC,uBAAuB,GAAG;AAC/B,QAAA,CAAA,2BAAA,EAA8B,kBAAkB,CAAA,GAAA,CAAK;QACrD,CAAA,wBAAA,EAA2B,kBAAkB,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA,GAAA,CAAK;AACxE,QAAA,GAAG,kBAAkB;KACtB;AACD,IAAA,OAAO,MAAM;AACf;;;;"}

package/dist/esm/types/auth0/config.d.ts

@@ -22,4 +22,7 @@ export type Auth0Config = {
     scopes: string;
     globalAuthErrorPath: string;
     authCookieNames: string[];
+    sessionCookieName: string;
+    audience: string;
+    sessionDuration: number;
 };

package/dist/esm/types/auth0/jwtPayload.d.ts

@@ -11,4 +11,6 @@ export type Auth0JWTPayload = {
     azp: string;
     user_id: string;
     permissions: string[];
+    isMultiTenantUser: boolean;
+    isImpersonated?: boolean;
 };

package/dist/esm/types/auth0/user.d.ts

@@ -6,5 +6,4 @@ export type Auth0User = {
     email: string;
     email_verified: boolean;
     sub: string;
-    sid: string;
 };

package/dist/esm/types/cookieOptions.d.ts

@@ -3,6 +3,6 @@ export type CookieOptions = {
     httpOnly: boolean;
     maxAge: number;
     secure: boolean;
-    sameSite: string;
+    sameSite: boolean | 'lax' | 'strict' | 'none' | undefined;
     path: string;
 };

package/dist/fixtures.d.ts

@@ -1,4 +1,4 @@
-import { A as Auth0Config, c as EnrichedSessionUser, E as Entitlements } from './sessionUser-DV1lFwq8.js';
+import { A as Auth0Config, E as EnrichedSessionUser, c as Entitlements } from './sessionUser-Wd3XUk39.js';
 import '@smg-automotive/i18n-pkg';
 
 declare const authConfig: (args?: Partial<Auth0Config>) => Auth0Config;

package/dist/index.d.ts

@@ -1,6 +1,6 @@
-import { A as Auth0Config } from './sessionUser-DV1lFwq8.js';
-export { b as Auth0User, a as Auth0UserType, c as EnrichedSessionUser, E as Entitlements, F as FullEntitlements, I as IncompleteSessionUser, M as ManagedSeller, S as SessionUser } from './sessionUser-DV1lFwq8.js';
-export { A as AuthProps, b as AuthProvider, a as AuthProviderProps, u as useAuthContext } from './types-QCN7bglM.js';
+export { A as AuthProvider, a as AuthProviderProps } from './Auth-KOmvnSHJ.js';
+import { A as Auth0Config, E as EnrichedSessionUser } from './sessionUser-Wd3XUk39.js';
+export { b as Auth0User, a as Auth0UserType, I as IncompleteSessionUser, S as SessionUser } from './sessionUser-Wd3XUk39.js';
 import { Language } from '@smg-automotive/i18n-pkg';
 import 'react';
 
@@ -17,18 +17,40 @@ type Auth0JWTPayload = {
     azp: string;
     user_id: string;
     permissions: string[];
+    isMultiTenantUser: boolean;
+    isImpersonated?: boolean;
 };
 
+declare const getAccessToken: ({ config }: {
+    config: Auth0Config;
+}) => Promise<any>;
+
+declare const switchSelectedTenant: ({ config, sellerId, }: {
+    config: Auth0Config;
+    sellerId: string;
+}) => Promise<void>;
+
+declare const useUser: () => {
+    user: EnrichedSessionUser | null;
+    error: Error | null;
+    isLoading: boolean;
+    invalidate: () => Promise<EnrichedSessionUser | undefined>;
+};
+
+declare const useAuthConfig: () => Auth0Config;
+
 declare const getLogoutLink: ({ returnTo, language, auth0Config, }: {
     returnTo?: string;
     language?: Language;
     auth0Config: Auth0Config | null;
 }) => string;
-declare const getLoginLink: ({ returnTo, language, auth0Config, }: {
+declare const getLoginLink: ({ returnTo, language, auth0Config, selectedSellerId, impersonateSellerId, }: {
     returnTo?: string;
     language?: Language;
     auth0Config: Auth0Config | null;
+    selectedSellerId?: string;
+    impersonateSellerId?: string;
 }) => string;
 
-export { Auth0Config, getLoginLink, getLogoutLink };
+export { Auth0Config, EnrichedSessionUser, getAccessToken, getLoginLink, getLogoutLink, switchSelectedTenant, useAuthConfig, useUser };
 export type { Auth0JWTPayload };