@smg-automotive/auth 7.0.0 → 7.1.0-auth0-update-root.1

package/dist/esm/server/middleware/index.js

@@ -0,0 +1,99 @@
+import { NextResponse } from 'next/server';
+import { getAuth0Config } from '../../config/auth0.js';
+import { getAuth0Instance } from '../getAuth0Instance.js';
+import { handleAccessTokenRequest } from './token.js';
+import { protectRoute } from './protectRoute.js';
+import { handleUserProfile } from './profile.js';
+import { handleCrossDomainLogout, deleteRelatedSessionCookies } from './logout.js';
+import { addLoginParamsFromCookies } from './login.js';
+import { combineHeaders } from './combineHeaders.js';
+
+const isAuthRoute = (pathname, auth0Config) => {
+    const { loginEndpoint, logoutEndpoint, callbackEndpoint, userProfileEndpoint, tokenEndpoint, } = auth0Config;
+    return [
+        loginEndpoint,
+        logoutEndpoint,
+        callbackEndpoint,
+        userProfileEndpoint,
+        tokenEndpoint,
+    ].includes(pathname);
+};
+const authMiddleware = async ({ request, isProtectedRoute, language, host, protocol, isProxied, onError, brand, }) => {
+    const { pathname } = request.nextUrl;
+    const auth0Instance = getAuth0Instance({ host, protocol, isProxied });
+    const auth0Config = getAuth0Config({ isProxied });
+    const isAuthErrorRoute = pathname.endsWith(auth0Config.globalAuthErrorPath);
+    const crossDomainLogoutResult = handleCrossDomainLogout({
+        host,
+        protocol,
+        request,
+        auth0Config,
+    });
+    if (crossDomainLogoutResult) {
+        return crossDomainLogoutResult;
+    }
+    const addLoginParamsFromCookiesResult = addLoginParamsFromCookies({
+        request,
+        auth0Config,
+    });
+    if (addLoginParamsFromCookiesResult) {
+        return addLoginParamsFromCookiesResult;
+    }
+    const authResponse = await auth0Instance.middleware(request);
+    const deleteRelatedSessionCookiesResult = deleteRelatedSessionCookies({
+        host,
+        request,
+        response: authResponse,
+        auth0Config,
+    });
+    if (deleteRelatedSessionCookiesResult) {
+        return deleteRelatedSessionCookiesResult;
+    }
+    const accessTokenRequestResult = await handleAccessTokenRequest({
+        request,
+        response: authResponse,
+        auth0Instance,
+        auth0Config,
+        language,
+        onError,
+    });
+    if (accessTokenRequestResult) {
+        return accessTokenRequestResult;
+    }
+    const handleUserProfileResult = await handleUserProfile({
+        request,
+        auth0Instance,
+        auth0Config,
+        brand,
+    });
+    if (handleUserProfileResult) {
+        return handleUserProfileResult;
+    }
+    if (isAuthRoute(pathname, auth0Config) || isAuthErrorRoute) {
+        return authResponse;
+    }
+    const isProtected = !isAuthErrorRoute && isProtectedRoute(pathname);
+    const protectRouteResult = await protectRoute({
+        isProtected,
+        auth0Instance,
+        auth0Config,
+        language,
+        request,
+        response: authResponse,
+        onError,
+    });
+    if (protectRouteResult) {
+        return protectRouteResult;
+    }
+    return combineHeaders({
+        middlewareResponse: NextResponse.next({
+            request: {
+                headers: request.headers,
+            },
+        }),
+        authResponse,
+    });
+};
+
+export { authMiddleware };
+//# sourceMappingURL=index.js.map

package/dist/esm/server/middleware/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;AAeA,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;AAEM,MAAM,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,SAAS,EACT,OAAO,EACP,KAAK,GAUN,KAA2B;AAC1B,IAAA,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO;AACpC,IAAA,MAAM,aAAa,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAErE,MAAM,WAAW,GAAG,cAAc,CAAC,EAAE,SAAS,EAAE,CAAC;IACjD,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAE3E,MAAM,uBAAuB,GAAG,uBAAuB,CAAC;QACtD,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;AAC3B,QAAA,OAAO,uBAAuB;IAChC;IAEA,MAAM,+BAA+B,GAAG,yBAAyB,CAAC;QAChE,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,+BAA+B,EAAE;AACnC,QAAA,OAAO,+BAA+B;IACxC;IAEA,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAE5D,MAAM,iCAAiC,GAAG,2BAA2B,CAAC;QACpE,IAAI;QACJ,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,iCAAiC,EAAE;AACrC,QAAA,OAAO,iCAAiC;IAC1C;AAEA,IAAA,MAAM,wBAAwB,GAAG,MAAM,wBAAwB,CAAC;QAC9D,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,QAAQ;QACR,OAAO;AACR,KAAA,CAAC;IACF,IAAI,wBAAwB,EAAE;AAC5B,QAAA,OAAO,wBAAwB;IACjC;AAEA,IAAA,MAAM,uBAAuB,GAAG,MAAM,iBAAiB,CAAC;QACtD,OAAO;QACP,aAAa;QACb,WAAW;QACX,KAAK;AACN,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;AAC3B,QAAA,OAAO,uBAAuB;IAChC;IAEA,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,gBAAgB,EAAE;AAC1D,QAAA,OAAO,YAAY;IACrB;IAEA,MAAM,WAAW,GAAG,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,CAAC;AACnE,IAAA,MAAM,kBAAkB,GAAG,MAAM,YAAY,CAAC;QAC5C,WAAW;QACX,aAAa;QACb,WAAW;QACX,QAAQ;QACR,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,OAAO;AACR,KAAA,CAAC;IACF,IAAI,kBAAkB,EAAE;AACtB,QAAA,OAAO,kBAAkB;IAC3B;AAEA,IAAA,OAAO,cAAc,CAAC;AACpB,QAAA,kBAAkB,EAAE,YAAY,CAAC,IAAI,CAAC;AACpC,YAAA,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,aAAA;SACF,CAAC;QACF,YAAY;AACb,KAAA,CAAC;AACJ;;;;"}

package/dist/esm/server/middleware/login.d.ts

@@ -0,0 +1,6 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Config } from 'src/types';
+export declare const addLoginParamsFromCookies: ({ request, auth0Config: { selectedSellerIdCookie, impersonatedSellerIdCookie, loginEndpoint, }, }: {
+    request: NextRequest;
+    auth0Config: Auth0Config;
+}) => NextResponse | void;

package/dist/esm/server/middleware/login.js

@@ -0,0 +1,23 @@
+const addLoginParamsFromCookies = ({ request, auth0Config: { selectedSellerIdCookie, impersonatedSellerIdCookie, loginEndpoint, }, }) => {
+    if (request.nextUrl.pathname !== loginEndpoint)
+        return;
+    const searchParams = new URLSearchParams(request.nextUrl.search);
+    const hasSellerId = searchParams.has('seller_id');
+    if (!hasSellerId) {
+        const sellerId = request.cookies.get(selectedSellerIdCookie.name)?.value;
+        if (sellerId) {
+            searchParams.set('seller_id', sellerId);
+        }
+    }
+    const hasImpersonateSellerId = searchParams.has('impersonate_seller_id');
+    if (!hasImpersonateSellerId) {
+        const impersonatedSellerId = request.cookies.get(impersonatedSellerIdCookie.name)?.value;
+        if (impersonatedSellerId) {
+            searchParams.set('impersonate_seller_id', impersonatedSellerId);
+        }
+    }
+    request.nextUrl.search = searchParams.toString();
+};
+
+export { addLoginParamsFromCookies };
+//# sourceMappingURL=login.js.map

package/dist/esm/server/middleware/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sources":["../../../../../src/server/middleware/login.ts"],"sourcesContent":[null],"names":[],"mappings":"AAIO,MAAM,yBAAyB,GAAG,CAAC,EACxC,OAAO,EACP,WAAW,EAAE,EACX,sBAAsB,EACtB,0BAA0B,EAC1B,aAAa,GACd,GAIF,KAAyB;AACxB,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,aAAa;QAAE;IAEhD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAChE,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC;IACjD,IAAI,CAAC,WAAW,EAAE;AAChB,QAAA,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,KAAK;QACxE,IAAI,QAAQ,EAAE;AACZ,YAAA,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC;QACzC;IACF;IAEA,MAAM,sBAAsB,GAAG,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACxE,IAAI,CAAC,sBAAsB,EAAE;AAC3B,QAAA,MAAM,oBAAoB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAC9C,0BAA0B,CAAC,IAAI,CAChC,EAAE,KAAK;QAER,IAAI,oBAAoB,EAAE;AACxB,YAAA,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC;QACjE;IACF;IAEA,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;AAClD;;;;"}

package/dist/esm/server/middleware/logout.d.ts

@@ -0,0 +1,14 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Config } from 'src/types';
+export declare const handleCrossDomainLogout: ({ host, protocol, request, auth0Config: { languageConfig, logoutEndpoint }, }: {
+    host: string;
+    protocol: string;
+    request: NextRequest;
+    auth0Config: Auth0Config;
+}) => NextResponse | void;
+export declare const deleteRelatedSessionCookies: ({ host, request, response, auth0Config: { logoutEndpoint, authCookieNames, legacyAccessTokenName, legacyRefreshTokenName, }, }: {
+    host: string;
+    request: NextRequest;
+    response: NextResponse;
+    auth0Config: Auth0Config;
+}) => NextResponse | void;

package/dist/esm/server/middleware/logout.js

@@ -0,0 +1,115 @@
+import { NextResponse } from 'next/server';
+
+const validateReturnTo = ({ pathOrUrl, host, protocol, otherDomainHost, crossDomainLogout, }) => {
+    if (typeof pathOrUrl !== 'string')
+        return false;
+    if (pathOrUrl.length > 2048)
+        return false;
+    try {
+        const decodedPathOrUrl = decodeURIComponent(pathOrUrl);
+        const isUrl = decodedPathOrUrl.startsWith('http');
+        const parsedUrlOrPath = new URL(isUrl ? decodedPathOrUrl : `${protocol}://${host}${decodedPathOrUrl}`);
+        const decodedPath = parsedUrlOrPath.pathname;
+        if (crossDomainLogout &&
+            isUrl &&
+            parsedUrlOrPath.host !== otherDomainHost) {
+            return false;
+        }
+        if (!crossDomainLogout && parsedUrlOrPath.host !== host) {
+            return false;
+        }
+        if (!decodedPath.startsWith('/') || decodedPath.startsWith('//')) {
+            return false;
+        }
+        // Limit chars in return to path to prevent injections
+        // eslint-disable-next-line @typescript-eslint/naming-convention
+        const SAFE_PATH_REGEX = /^\/[a-zA-Z0-9/_\-?.=]*$/;
+        return SAFE_PATH_REGEX.test(decodedPath);
+    }
+    catch (error) {
+        // eslint-disable-next-line no-console
+        console.warn('Error parsing URL or path:', error);
+        return false;
+    }
+};
+const getOtherDomainHost = (currentHost) => {
+    if (currentHost.includes('autoscout24')) {
+        return currentHost.replace('autoscout24', 'motoscout24');
+    }
+    if (currentHost.includes('motoscout24')) {
+        return currentHost.replace('motoscout24', 'autoscout24');
+    }
+    return currentHost;
+};
+const handleCrossDomainLogout = ({ host, protocol, request, auth0Config: { languageConfig, logoutEndpoint }, }) => {
+    if (request.nextUrl.pathname !== logoutEndpoint)
+        return;
+    const searchParams = new URLSearchParams(request.nextUrl.search);
+    const specifiedReturnTo = searchParams.get('returnTo') || '';
+    const crossDomainLogout = searchParams.get('crossDomain') === 'true';
+    const otherDomainHost = getOtherDomainHost(host);
+    let returnTo = `/${searchParams.get('locale') || languageConfig.default}`;
+    const isSafePath = validateReturnTo({
+        protocol,
+        host,
+        otherDomainHost,
+        pathOrUrl: specifiedReturnTo,
+        crossDomainLogout,
+    });
+    if (isSafePath) {
+        returnTo = specifiedReturnTo;
+    }
+    if (!crossDomainLogout && otherDomainHost && otherDomainHost !== host) {
+        const currentDomainUrl = `${protocol}://${host}`;
+        const backToCurrentDomainUrl = new URL(logoutEndpoint, currentDomainUrl);
+        backToCurrentDomainUrl.searchParams.set('returnTo', returnTo);
+        backToCurrentDomainUrl.searchParams.set('crossDomain', 'true');
+        const otherDomainLogoutUrl = new URL(logoutEndpoint, `${protocol}://${otherDomainHost}`);
+        otherDomainLogoutUrl.searchParams.set('crossDomain', 'true');
+        otherDomainLogoutUrl.searchParams.set('returnTo', backToCurrentDomainUrl.toString());
+        return NextResponse.redirect(otherDomainLogoutUrl, {
+            status: 302,
+        });
+    }
+    searchParams.set('returnTo', returnTo);
+    request.nextUrl.search = searchParams.toString();
+};
+const getLegacyCookieDomain = (hostname) => {
+    const parts = hostname.split('.');
+    if (parts.length < 2)
+        return `.${hostname}`;
+    const base = parts.slice(-2).join('.');
+    return `.${base}`;
+};
+const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { logoutEndpoint, authCookieNames, legacyAccessTokenName, legacyRefreshTokenName, }, }) => {
+    if (request.nextUrl.pathname !== logoutEndpoint || !response)
+        return;
+    authCookieNames.forEach((cookieName) => {
+        response.cookies.delete({
+            name: cookieName,
+            maxAge: 0,
+            path: '/',
+        });
+        response.cookies.delete({
+            name: `${cookieName}__0`,
+            maxAge: 0,
+            path: '/',
+        });
+    });
+    const legacyCookieDomain = getLegacyCookieDomain(host);
+    response.cookies.delete({
+        name: legacyAccessTokenName,
+        maxAge: 0,
+        path: '/',
+        domain: legacyCookieDomain,
+    });
+    response.cookies.delete({
+        name: legacyRefreshTokenName,
+        maxAge: 0,
+        path: '/',
+        domain: legacyCookieDomain,
+    });
+};
+
+export { deleteRelatedSessionCookies, handleCrossDomainLogout };
+//# sourceMappingURL=logout.js.map

package/dist/esm/server/middleware/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.js","sources":["../../../../../src/server/middleware/logout.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAIA,MAAM,gBAAgB,GAAG,CAAC,EACxB,SAAS,EACT,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,iBAAiB,GAOlB,KAAI;IACH,IAAI,OAAO,SAAS,KAAK,QAAQ;AAAE,QAAA,OAAO,KAAK;AAC/C,IAAA,IAAI,SAAS,CAAC,MAAM,GAAG,IAAI;AAAE,QAAA,OAAO,KAAK;AAEzC,IAAA,IAAI;AACF,QAAA,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,SAAS,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,KAAK,GAAG,gBAAgB,GAAG,GAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,CAAA,EAAG,gBAAgB,CAAA,CAAE,CACtE;AACD,QAAA,MAAM,WAAW,GAAG,eAAe,CAAC,QAAQ;AAE5C,QAAA,IACE,iBAAiB;YACjB,KAAK;AACL,YAAA,eAAe,CAAC,IAAI,KAAK,eAAe,EACxC;AACA,YAAA,OAAO,KAAK;QACd;QAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,CAAC,IAAI,KAAK,IAAI,EAAE;AACvD,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;AAChE,YAAA,OAAO,KAAK;QACd;;;QAIA,MAAM,eAAe,GAAG,yBAAyB;AACjD,QAAA,OAAO,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC;IAC1C;IAAE,OAAO,KAAK,EAAE;;AAEd,QAAA,OAAO,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,CAAC;AACjD,QAAA,OAAO,KAAK;IACd;AACF,CAAC;AAED,MAAM,kBAAkB,GAAG,CAAC,WAAmB,KAAY;AACzD,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,OAAO,WAAW;AACpB,CAAC;MAEY,uBAAuB,GAAG,CAAC,EACtC,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,WAAW,EAAE,EAAE,cAAc,EAAE,cAAc,EAAE,GAMhD,KAAyB;AACxB,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc;QAAE;IAEjD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAEhE,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE;IAC5D,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,MAAM;AAEpE,IAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,CAAC;AAChD,IAAA,IAAI,QAAQ,GAAG,CAAA,CAAA,EAAI,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,OAAO,EAAE;IACzE,MAAM,UAAU,GAAG,gBAAgB,CAAC;QAClC,QAAQ;QACR,IAAI;QACJ,eAAe;AACf,QAAA,SAAS,EAAE,iBAAiB;QAC5B,iBAAiB;AAClB,KAAA,CAAC;IACF,IAAI,UAAU,EAAE;QACd,QAAQ,GAAG,iBAAiB;IAC9B;IAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,IAAI,eAAe,KAAK,IAAI,EAAE;AACrE,QAAA,MAAM,gBAAgB,GAAG,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,EAAE;QAChD,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,gBAAgB,CAAC;QACxE,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;QAC7D,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAE9D,QAAA,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAClC,cAAc,EACd,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,eAAe,CAAA,CAAE,CACnC;QACD,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAC5D,QAAA,oBAAoB,CAAC,YAAY,CAAC,GAAG,CACnC,UAAU,EACV,sBAAsB,CAAC,QAAQ,EAAE,CAClC;AAED,QAAA,OAAO,YAAY,CAAC,QAAQ,CAAC,oBAAoB,EAAE;AACjD,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CAAC;IACJ;AAEA,IAAA,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;IACtC,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;AAClD;AAEA,MAAM,qBAAqB,GAAG,CAAC,QAAgB,KAAI;IACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;AACjC,IAAA,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAE;AAE3C,IAAA,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;IACtC,OAAO,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;AACnB,CAAC;AAEM,MAAM,2BAA2B,GAAG,CAAC,EAC1C,IAAI,EACJ,OAAO,EACP,QAAQ,EACR,WAAW,EAAE,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,sBAAsB,GACvB,GAMF,KAAyB;IACxB,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc,IAAI,CAAC,QAAQ;QAAE;AAE9D,IAAA,eAAe,CAAC,OAAO,CAAC,CAAC,UAAU,KAAI;AACrC,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,YAAA,IAAI,EAAE,UAAU;AAChB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACF,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK;AACxB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACJ,IAAA,CAAC,CAAC;AAEF,IAAA,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,IAAI,CAAC;AACtD,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,qBAAqB;AAC3B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACF,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,sBAAsB;AAC5B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACJ;;;;"}

package/dist/esm/server/middleware/proactivelyRefreshAccessToken.d.ts

@@ -0,0 +1,10 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+export declare const proactivelyRefreshAccessToken: ({ request, response, auth0Instance, }: {
+    request: NextRequest;
+    response: NextResponse;
+    auth0Instance: Auth0Client;
+}) => Promise<{
+    token: string;
+    expiresAt: number;
+}>;

package/dist/esm/server/middleware/proactivelyRefreshAccessToken.js

@@ -0,0 +1,10 @@
+const proactivelyRefreshAccessToken = async ({ request, response, auth0Instance, }) => {
+    const session = await auth0Instance.getSession(request);
+    const shouldRefresh = (session?.tokenSet.expiresAt || 0) < Date.now() / 1000 + 30;
+    return auth0Instance.getAccessToken(request, response, {
+        refresh: shouldRefresh,
+    });
+};
+
+export { proactivelyRefreshAccessToken };
+//# sourceMappingURL=proactivelyRefreshAccessToken.js.map

package/dist/esm/server/middleware/proactivelyRefreshAccessToken.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proactivelyRefreshAccessToken.js","sources":["../../../../../src/server/middleware/proactivelyRefreshAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":"AAGO,MAAM,6BAA6B,GAAG,OAAO,EAClD,OAAO,EACP,QAAQ,EACR,aAAa,GAKd,KAAmD;IAClD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,MAAM,aAAa,GACjB,CAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE;AAC7D,IAAA,OAAO,aAAa,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE;AACrD,QAAA,OAAO,EAAE,aAAa;AACvB,KAAA,CAAC;AACJ;;;;"}

package/dist/esm/server/middleware/profile.d.ts

@@ -0,0 +1,10 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+import { Brand } from 'src/types/brand';
+import { Auth0Config } from 'src/types';
+export declare const handleUserProfile: ({ request, auth0Instance, auth0Config, brand, }: {
+    request: NextRequest;
+    auth0Instance: Auth0Client;
+    auth0Config: Auth0Config;
+    brand: Brand;
+}) => Promise<NextResponse | void>;

package/dist/esm/server/middleware/profile.js

@@ -0,0 +1,26 @@
+import { NextResponse } from 'next/server';
+import { enrichUser } from '../../lib/enrichUser/session.js';
+import { addCachingHeaders } from './addCachingHeaders.js';
+
+const handleUserProfile = async ({ request, auth0Instance, auth0Config, brand, }) => {
+    if (request.nextUrl.pathname === auth0Config.userProfileEndpoint) {
+        const session = await auth0Instance.getSession(request);
+        if (!session) {
+            return new NextResponse(null, {
+                status: 401,
+            });
+        }
+        const user = session.user;
+        const enrichedUser = await enrichUser({
+            user,
+            accessToken: session.tokenSet.accessToken,
+            brand,
+        });
+        const userResponse = NextResponse.json(enrichedUser);
+        addCachingHeaders(userResponse);
+        return userResponse;
+    }
+};
+
+export { handleUserProfile };
+//# sourceMappingURL=profile.js.map

package/dist/esm/server/middleware/profile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"profile.js","sources":["../../../../../src/server/middleware/profile.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AASO,MAAM,iBAAiB,GAAG,OAAO,EACtC,OAAO,EACP,aAAa,EACb,WAAW,EACX,KAAK,GAMN,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,mBAAmB,EAAE;QAChE,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;QAEvD,IAAI,CAAC,OAAO,EAAE;AACZ,YAAA,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE;AAC5B,gBAAA,MAAM,EAAE,GAAG;AACZ,aAAA,CAAC;QACJ;AAEA,QAAA,MAAM,IAAI,GAAG,OAAO,CAAC,IAAmB;AAExC,QAAA,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC;YACpC,IAAI;AACJ,YAAA,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,WAAW;YACzC,KAAK;AACN,SAAA,CAAC;QAEF,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;QACpD,iBAAiB,CAAC,YAAY,CAAC;AAC/B,QAAA,OAAO,YAAY;IACrB;AACF;;;;"}

package/dist/esm/server/middleware/protectRoute.d.ts

@@ -0,0 +1,13 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Language } from '@smg-automotive/i18n-pkg';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+import { Auth0Config } from 'src/types';
+export declare const protectRoute: ({ isProtected, auth0Instance, auth0Config, language, request, response, onError, }: {
+    isProtected: boolean;
+    auth0Instance: Auth0Client;
+    auth0Config: Auth0Config;
+    language: Language;
+    request: NextRequest;
+    response: NextResponse;
+    onError?: (error: Error) => void;
+}) => Promise<NextResponse | void>;

package/dist/esm/server/middleware/protectRoute.js

@@ -0,0 +1,52 @@
+import { NextResponse } from 'next/server';
+import { getLoginLink } from '../../lib/authLinks.js';
+import { proactivelyRefreshAccessToken } from './proactivelyRefreshAccessToken.js';
+
+const redirectToLogin = ({ auth0Config, language, returnTo, origin, }) => {
+    const loginUrl = getLoginLink({
+        auth0Config,
+        language,
+        returnTo,
+    });
+    return NextResponse.redirect(new URL(loginUrl, origin), {
+        status: 307,
+    });
+};
+const protectRoute = async ({ isProtected, auth0Instance, auth0Config, language, request, response, onError, }) => {
+    const session = await auth0Instance.getSession(request);
+    const { pathname, search, origin } = request.nextUrl;
+    if (!isProtected && !session?.user) {
+        return response;
+    }
+    if (!session && isProtected) {
+        return redirectToLogin({
+            auth0Config,
+            language,
+            returnTo: `${pathname}${search}`,
+            origin,
+        });
+    }
+    try {
+        await proactivelyRefreshAccessToken({
+            request,
+            response,
+            auth0Instance,
+        });
+    }
+    catch (error) {
+        const authError = error;
+        onError?.(authError);
+        if (!isProtected) {
+            return response;
+        }
+        return redirectToLogin({
+            auth0Config,
+            language,
+            returnTo: `${pathname}${search}`,
+            origin,
+        });
+    }
+};
+
+export { protectRoute };
+//# sourceMappingURL=protectRoute.js.map

package/dist/esm/server/middleware/protectRoute.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protectRoute.js","sources":["../../../../../src/server/middleware/protectRoute.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AAUA,MAAM,eAAe,GAAG,CAAC,EACvB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,MAAM,GAMP,KAAkB;IACjB,MAAM,QAAQ,GAAG,YAAY,CAAC;QAC5B,WAAW;QACX,QAAQ;QACR,QAAQ;AACT,KAAA,CAAC;IAEF,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE;AACtD,QAAA,MAAM,EAAE,GAAG;AACZ,KAAA,CAAC;AACJ,CAAC;MAEY,YAAY,GAAG,OAAO,EACjC,WAAW,EACX,aAAa,EACb,WAAW,EACX,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,OAAO,GASR,KAAkC;IACjC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IACvD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;IAEpD,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE;AAClC,QAAA,OAAO,QAAQ;IACjB;AAEA,IAAA,IAAI,CAAC,OAAO,IAAI,WAAW,EAAE;AAC3B,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AAEA,IAAA,IAAI;AACF,QAAA,MAAM,6BAA6B,CAAC;YAClC,OAAO;YACP,QAAQ;YACR,aAAa;AACd,SAAA,CAAC;IACJ;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;AACnC,QAAA,OAAO,GAAG,SAAS,CAAC;QAEpB,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,OAAO,QAAQ;QACjB;AAEA,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AACF;;;;"}

package/dist/esm/server/middleware/token.d.ts

@@ -0,0 +1,12 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Language } from '@smg-automotive/i18n-pkg';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+import { Auth0Config } from 'src/types';
+export declare const handleAccessTokenRequest: ({ language, request, response, auth0Instance, auth0Config, onError, }: {
+    language: Language;
+    request: NextRequest;
+    response: NextResponse;
+    auth0Instance: Auth0Client;
+    auth0Config: Auth0Config;
+    onError?: (error: Error) => void;
+}) => Promise<NextResponse | void>;

package/dist/esm/server/middleware/token.js

@@ -0,0 +1,55 @@
+import { NextResponse } from 'next/server';
+import { AccessTokenErrorCode } from '@auth0/nextjs-auth0/errors';
+import { getLoginLink } from '../../lib/authLinks.js';
+import { proactivelyRefreshAccessToken } from './proactivelyRefreshAccessToken.js';
+import { addCachingHeaders } from './addCachingHeaders.js';
+
+const handleAccessTokenRequest = async ({ language, request, response, auth0Instance, auth0Config, onError, }) => {
+    if (request.nextUrl.pathname !== auth0Config.tokenEndpoint)
+        return;
+    const searchParams = new URLSearchParams(request.nextUrl.search);
+    const sellerId = searchParams.get('seller_id');
+    const session = await auth0Instance.getSession(request);
+    if (!session) {
+        return NextResponse.json({
+            error: {
+                message: 'The user does not have an active session.',
+                code: AccessTokenErrorCode.MISSING_SESSION,
+            },
+        }, {
+            status: 401,
+        });
+    }
+    if (sellerId && session?.user) {
+        const loginUrl = getLoginLink({
+            auth0Config,
+            language,
+            returnTo: auth0Config.tokenEndpoint,
+            selectedSellerId: sellerId,
+        });
+        return NextResponse.redirect(new URL(loginUrl, request.nextUrl.origin), {
+            status: 302,
+        });
+    }
+    try {
+        const { token, expiresAt } = await proactivelyRefreshAccessToken({
+            request,
+            response,
+            auth0Instance,
+        });
+        const tokenResponse = NextResponse.json({
+            token,
+            expiresAt,
+        });
+        addCachingHeaders(tokenResponse);
+        return tokenResponse;
+    }
+    catch (error) {
+        const authError = error;
+        onError?.(authError);
+        return NextResponse.json({ error: { message: authError.message, code: authError.code } }, { status: 401 });
+    }
+};
+
+export { handleAccessTokenRequest };
+//# sourceMappingURL=token.js.map

package/dist/esm/server/middleware/token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.js","sources":["../../../../../src/server/middleware/token.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;MAYa,wBAAwB,GAAG,OAAO,EAC7C,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,EACX,OAAO,GAQR,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,aAAa;QAAE;IAE5D,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAEhE,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC;IAC9C,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,IAAI,CAAC,OAAO,EAAE;QACZ,OAAO,YAAY,CAAC,IAAI,CACtB;AACE,YAAA,KAAK,EAAE;AACL,gBAAA,OAAO,EAAE,2CAA2C;gBACpD,IAAI,EAAE,oBAAoB,CAAC,eAAe;AAC3C,aAAA;SACF,EACD;AACE,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CACF;IACH;AAEA,IAAA,IAAI,QAAQ,IAAI,OAAO,EAAE,IAAI,EAAE;QAC7B,MAAM,QAAQ,GAAG,YAAY,CAAC;YAC5B,WAAW;YACX,QAAQ;YACR,QAAQ,EAAE,WAAW,CAAC,aAAa;AACnC,YAAA,gBAAgB,EAAE,QAAQ;AAC3B,SAAA,CAAC;AACF,QAAA,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;AACtE,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CAAC;IACJ;AAEA,IAAA,IAAI;QACF,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,6BAA6B,CAAC;YAC/D,OAAO;YACP,QAAQ;YACR,aAAa;AACd,SAAA,CAAC;AACF,QAAA,MAAM,aAAa,GAAG,YAAY,CAAC,IAAI,CAAC;YACtC,KAAK;YACL,SAAS;AACV,SAAA,CAAC;QACF,iBAAiB,CAAC,aAAa,CAAC;AAChC,QAAA,OAAO,aAAa;IACtB;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;AACnC,QAAA,OAAO,GAAG,SAAS,CAAC;AACpB,QAAA,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,EAAE,EAC/D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB;IACH;AACF;;;;"}

package/dist/esm/server.d.ts

@@ -1,4 +1,2 @@
-export * from './getServerAuthProps';
-export * from './apiRoutes';
-export * from './lib/request/getUserAndAccessToken';
-export * from './lib/request/isLoggedIn';
+export * from './server/middleware';
+export * from './server/helpers';

package/dist/esm/server.js

@@ -1,6 +1,6 @@
-export { getServerAuthProps as getServerAuthPropsPages } from './getServerAuthProps/pages.js';
-export { getServerAuthProps as getServerAuthPropsApp } from './getServerAuthProps/app.js';
-export { apiRoutesHandler } from './apiRoutes/handlers/index.js';
-export { getUser, getUserAndAccessToken } from './lib/request/getUserAndAccessToken.js';
-export { isLoggedIn } from './lib/request/isLoggedIn.js';
+export { authMiddleware } from './server/middleware/index.js';
+export { getAccessToken } from './server/helpers/getAccessToken.js';
+export { getAuthProps } from './server/helpers/getAuthProps.js';
+export { getUser } from './server/helpers/getUser.js';
+export { isLoggedIn } from './server/helpers/isLoggedIn.js';
 //# sourceMappingURL=server.js.map

package/dist/esm/types/auth0/config.d.ts

@@ -22,4 +22,6 @@ export type Auth0Config = {
     scopes: string;
     globalAuthErrorPath: string;
     authCookieNames: string[];
+    sessionCookieName: string;
+    audience: string;
 };

package/dist/esm/types/auth0/jwtPayload.d.ts

@@ -11,4 +11,6 @@ export type Auth0JWTPayload = {
     azp: string;
     user_id: string;
     permissions: string[];
+    isMultiTenantUser: boolean;
+    isImpersonated?: boolean;
 };

package/dist/esm/types/auth0/user.d.ts

@@ -6,5 +6,4 @@ export type Auth0User = {
     email: string;
     email_verified: boolean;
     sub: string;
-    sid: string;
 };

package/dist/esm/types/cookieOptions.d.ts

@@ -3,6 +3,6 @@ export type CookieOptions = {
     httpOnly: boolean;
     maxAge: number;
     secure: boolean;
-    sameSite: string;
+    sameSite: boolean | 'lax' | 'strict' | 'none' | undefined;
     path: string;
 };

package/dist/fixtures.d.ts

@@ -1,4 +1,4 @@
-import { A as Auth0Config, c as EnrichedSessionUser, E as Entitlements } from './sessionUser-DV1lFwq8.js';
+import { A as Auth0Config, E as EnrichedSessionUser, a as Entitlements } from './sessionUser-DL32W6UV.js';
 import '@smg-automotive/i18n-pkg';
 
 declare const authConfig: (args?: Partial<Auth0Config>) => Auth0Config;

package/dist/index.d.ts

@@ -1,34 +1,37 @@
-import { A as Auth0Config } from './sessionUser-DV1lFwq8.js';
-export { b as Auth0User, a as Auth0UserType, c as EnrichedSessionUser, E as Entitlements, F as FullEntitlements, I as IncompleteSessionUser, M as ManagedSeller, S as SessionUser } from './sessionUser-DV1lFwq8.js';
-export { A as AuthProps, b as AuthProvider, a as AuthProviderProps, u as useAuthContext } from './types-QCN7bglM.js';
+export { A as AuthProvider } from './Auth-BnjTWorx.js';
+import { A as Auth0Config, E as EnrichedSessionUser } from './sessionUser-DL32W6UV.js';
 import { Language } from '@smg-automotive/i18n-pkg';
 import 'react';
 
-type Auth0JWTPayload = {
-    complete: boolean;
-    sellerIds: string[];
-    email: string;
-    iss: string;
-    sub: string;
-    aud: string[];
-    iat: number;
-    exp: number;
-    scope: string;
-    azp: string;
-    user_id: string;
-    permissions: string[];
+declare const getAccessToken: ({ config }: {
+    config: Auth0Config;
+}) => Promise<any>;
+
+declare const switchSelectedTenant: ({ config, sellerId, }: {
+    config: Auth0Config;
+    sellerId: string;
+}) => Promise<void>;
+
+declare const useUser: () => {
+    user: EnrichedSessionUser | null;
+    error: Error | null;
+    isLoading: boolean;
+    invalidate: () => Promise<EnrichedSessionUser | undefined>;
 };
 
+declare const useAuthConfig: () => Auth0Config;
+
 declare const getLogoutLink: ({ returnTo, language, auth0Config, }: {
     returnTo?: string;
     language?: Language;
     auth0Config: Auth0Config | null;
 }) => string;
-declare const getLoginLink: ({ returnTo, language, auth0Config, }: {
+declare const getLoginLink: ({ returnTo, language, auth0Config, selectedSellerId, impersonateSellerId, }: {
     returnTo?: string;
     language?: Language;
     auth0Config: Auth0Config | null;
+    selectedSellerId?: string;
+    impersonateSellerId?: string;
 }) => string;
 
-export { Auth0Config, getLoginLink, getLogoutLink };
-export type { Auth0JWTPayload };
+export { getAccessToken, getLoginLink, getLogoutLink, switchSelectedTenant, useAuthConfig, useUser };