@smg-automotive/auth 8.1.4 → 8.1.5-instrumentation-with-debug.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +66 -0
- package/dist/cjs/server/helpers/getAccessToken.js +12 -0
- package/dist/cjs/server/helpers/getAccessToken.js.map +1 -1
- package/dist/cjs/server/helpers/getUser.js +40 -7
- package/dist/cjs/server/helpers/getUser.js.map +1 -1
- package/dist/cjs/server/middleware/index.js +24 -0
- package/dist/cjs/server/middleware/index.js.map +1 -1
- package/dist/cjs/server/middleware/logout.js +20 -0
- package/dist/cjs/server/middleware/logout.js.map +1 -1
- package/dist/cjs/server/middleware/proactivelyRefreshAccessToken.js +23 -3
- package/dist/cjs/server/middleware/proactivelyRefreshAccessToken.js.map +1 -1
- package/dist/cjs/server/middleware/profile.js +22 -2
- package/dist/cjs/server/middleware/profile.js.map +1 -1
- package/dist/cjs/server/middleware/protectRoute.js +17 -1
- package/dist/cjs/server/middleware/protectRoute.js.map +1 -1
- package/dist/cjs/server/middleware/token.js +14 -0
- package/dist/cjs/server/middleware/token.js.map +1 -1
- package/dist/esm/server/helpers/getAccessToken.js +8 -0
- package/dist/esm/server/helpers/getAccessToken.js.map +1 -1
- package/dist/esm/server/helpers/getUser.js +36 -7
- package/dist/esm/server/helpers/getUser.js.map +1 -1
- package/dist/esm/server/middleware/index.js +20 -0
- package/dist/esm/server/middleware/index.js.map +1 -1
- package/dist/esm/server/middleware/logout.js +16 -0
- package/dist/esm/server/middleware/logout.js.map +1 -1
- package/dist/esm/server/middleware/proactivelyRefreshAccessToken.js +19 -3
- package/dist/esm/server/middleware/proactivelyRefreshAccessToken.js.map +1 -1
- package/dist/esm/server/middleware/profile.js +18 -2
- package/dist/esm/server/middleware/profile.js.map +1 -1
- package/dist/esm/server/middleware/protectRoute.js +13 -1
- package/dist/esm/server/middleware/protectRoute.js.map +1 -1
- package/dist/esm/server/middleware/token.js +10 -0
- package/dist/esm/server/middleware/token.js.map +1 -1
- package/package.json +3 -1
package/README.md
CHANGED
|
@@ -237,6 +237,72 @@ export default function middleware(
|
|
|
237
237
|
|
|
238
238
|
Auth0 integration routes are handled by the middleware. You need to make sure that the middleware is invoked for all the route patters except the static assets, image optimisation and metadata files.
|
|
239
239
|
|
|
240
|
+
### Debugging
|
|
241
|
+
|
|
242
|
+
This package includes comprehensive debug instrumentation using the [`debug`](https://www.npmjs.com/package/debug) package to help track and troubleshoot authentication issues. To enable debug logging, set the `DEBUG` environment variable.
|
|
243
|
+
|
|
244
|
+
#### Available Debug Namespaces
|
|
245
|
+
|
|
246
|
+
The package uses the namespace pattern `@smg-automotive/auth:*` with the following sub-namespaces:
|
|
247
|
+
|
|
248
|
+
- `@smg-automotive/auth:middleware` - Main auth middleware flow
|
|
249
|
+
- Request processing, route checks, Auth0 middleware calls, cross-domain logout detection
|
|
250
|
+
- `@smg-automotive/auth:user` - User retrieval and enrichment
|
|
251
|
+
- Session retrieval, user fetching, user enrichment with entitlements
|
|
252
|
+
- `@smg-automotive/auth:token` - Token operations
|
|
253
|
+
- Token refresh decisions (including expiration times), access token retrieval, token endpoint handling
|
|
254
|
+
- `@smg-automotive/auth:protectRoute` - Route protection
|
|
255
|
+
- Protected route checks, session validation, token refresh for protected routes
|
|
256
|
+
- `@smg-automotive/auth:logout` - Logout operations
|
|
257
|
+
- Cross-domain logout flow, cookie deletion, returnTo URL validation
|
|
258
|
+
- `@smg-automotive/auth:profile` - User profile handling
|
|
259
|
+
- Profile requests, user enrichment, entitlement loading errors
|
|
260
|
+
|
|
261
|
+
#### Usage
|
|
262
|
+
|
|
263
|
+
Enable all auth debugging:
|
|
264
|
+
|
|
265
|
+
```bash
|
|
266
|
+
DEBUG=@smg-automotive/auth:*
|
|
267
|
+
```
|
|
268
|
+
|
|
269
|
+
Enable specific namespaces:
|
|
270
|
+
|
|
271
|
+
```bash
|
|
272
|
+
# Enable middleware and token debugging
|
|
273
|
+
DEBUG=@smg-automotive/auth:middleware,@smg-automotive/auth:token
|
|
274
|
+
|
|
275
|
+
# Enable user and profile debugging
|
|
276
|
+
DEBUG=@smg-automotive/auth:user:@smg-automotive/auth:profile
|
|
277
|
+
```
|
|
278
|
+
|
|
279
|
+
Enable debugging in your Next.js application by setting the environment variable:
|
|
280
|
+
|
|
281
|
+
```bash
|
|
282
|
+
# .env.local
|
|
283
|
+
DEBUG=@smg-automotive/auth:*
|
|
284
|
+
```
|
|
285
|
+
|
|
286
|
+
Or pass it when running your application:
|
|
287
|
+
|
|
288
|
+
```bash
|
|
289
|
+
DEBUG=@smg-automotive/auth:* npm run dev
|
|
290
|
+
```
|
|
291
|
+
|
|
292
|
+
#### What Gets Logged
|
|
293
|
+
|
|
294
|
+
The debug instrumentation logs:
|
|
295
|
+
|
|
296
|
+
- **Request flow**: Path, host, protocol, and method for each request
|
|
297
|
+
- **Session state**: Whether sessions exist, user presence, session data retrieval
|
|
298
|
+
- **Token operations**: Token expiration times, refresh decisions, token retrieval success/failure
|
|
299
|
+
- **User data**: User IDs, seller IDs, email addresses (when available), entitlement presence
|
|
300
|
+
- **Route protection**: Protected route checks, redirect decisions
|
|
301
|
+
- **Logout flow**: Cross-domain logout initiation, cookie deletion operations
|
|
302
|
+
- **Errors**: Authentication errors with error codes and messages (without exposing sensitive tokens)
|
|
303
|
+
|
|
304
|
+
All debug logs are structured and include relevant context while avoiding sensitive data like tokens or passwords.
|
|
305
|
+
|
|
240
306
|
### Fixtures
|
|
241
307
|
|
|
242
308
|
This package also provides fixture factories for the:
|
|
@@ -1,12 +1,24 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
var debug = require('debug');
|
|
3
4
|
var getAuth0Instance = require('../getAuth0Instance.js');
|
|
4
5
|
|
|
6
|
+
function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
|
|
7
|
+
|
|
8
|
+
var debug__default = /*#__PURE__*/_interopDefaultCompat(debug);
|
|
9
|
+
|
|
10
|
+
const log = debug__default.default('@smg-automotive/auth:token');
|
|
5
11
|
const getAccessToken = async ({ protocol, host, context, }) => {
|
|
12
|
+
log('Getting access token', {
|
|
13
|
+
host,
|
|
14
|
+
protocol,
|
|
15
|
+
hasRequest: !!context?.request,
|
|
16
|
+
});
|
|
6
17
|
const auth0Instance = getAuth0Instance.getAuth0Instance({ protocol, host });
|
|
7
18
|
const { token } = context?.request
|
|
8
19
|
? await auth0Instance.getAccessToken(context.request, context.response)
|
|
9
20
|
: await auth0Instance.getAccessToken();
|
|
21
|
+
log('Access token retrieved', { tokenLength: token?.length || 0 });
|
|
10
22
|
return token;
|
|
11
23
|
};
|
|
12
24
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getAccessToken.js","sources":["../../../../../src/server/helpers/getAccessToken.ts"],"sourcesContent":[null],"names":["getAuth0Instance"],"mappings":"
|
|
1
|
+
{"version":3,"file":"getAccessToken.js","sources":["../../../../../src/server/helpers/getAccessToken.ts"],"sourcesContent":[null],"names":["debug","getAuth0Instance"],"mappings":";;;;;;;;;AAMA,MAAM,GAAG,GAAGA,sBAAK,CAAC,4BAA4B,CAAC;AAExC,MAAM,cAAc,GAAG,OAAO,EACnC,QAAQ,EACR,IAAI,EACJ,OAAO,GACwC,KAAI;IACnD,GAAG,CAAC,sBAAsB,EAAE;QAC1B,IAAI;QACJ,QAAQ;AACR,QAAA,UAAU,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO;AAC/B,KAAA,CAAC;IACF,MAAM,aAAa,GAAGC,iCAAgB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AAC1D,IAAA,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE;AACzB,UAAE,MAAM,aAAa,CAAC,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,QAAQ;AACtE,UAAE,MAAM,aAAa,CAAC,cAAc,EAAE;AACxC,IAAA,GAAG,CAAC,wBAAwB,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,IAAI,CAAC,EAAE,CAAC;AAClE,IAAA,OAAO,KAAK;AACd;;;;"}
|
|
@@ -1,35 +1,68 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
var debug = require('debug');
|
|
3
4
|
var getAccessToken = require('./getAccessToken.js');
|
|
4
5
|
var getAuth0Instance = require('../getAuth0Instance.js');
|
|
5
6
|
var session = require('../../lib/enrichUser/session.js');
|
|
6
7
|
|
|
8
|
+
function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
|
|
9
|
+
|
|
10
|
+
var debug__default = /*#__PURE__*/_interopDefaultCompat(debug);
|
|
11
|
+
|
|
12
|
+
const log = debug__default.default('@smg-automotive/auth:user');
|
|
7
13
|
const getSessionData = async ({ protocol, host, context, }) => {
|
|
14
|
+
log('Retrieving session data', {
|
|
15
|
+
host,
|
|
16
|
+
protocol,
|
|
17
|
+
hasRequest: !!context?.request,
|
|
18
|
+
});
|
|
8
19
|
const auth0Instance = getAuth0Instance.getAuth0Instance({ host, protocol });
|
|
9
|
-
|
|
10
|
-
? auth0Instance.getSession(context.request)
|
|
11
|
-
: auth0Instance.getSession();
|
|
20
|
+
const session = context?.request
|
|
21
|
+
? await auth0Instance.getSession(context.request)
|
|
22
|
+
: await auth0Instance.getSession();
|
|
23
|
+
log('Session retrieved', { hasSession: !!session, hasUser: !!session?.user });
|
|
24
|
+
return session;
|
|
12
25
|
};
|
|
13
26
|
const getUser = async ({ context, host, protocol, }) => {
|
|
27
|
+
log('Getting user', { host, protocol });
|
|
14
28
|
const sessionData = await getSessionData({ host, protocol, context });
|
|
15
|
-
if (!sessionData || !sessionData.user)
|
|
29
|
+
if (!sessionData || !sessionData.user) {
|
|
30
|
+
log('No session or user found');
|
|
16
31
|
return null;
|
|
17
|
-
|
|
32
|
+
}
|
|
33
|
+
const user = sessionData.user;
|
|
34
|
+
log('User retrieved', {
|
|
35
|
+
userId: user.userId,
|
|
36
|
+
sellerId: user.sellerId,
|
|
37
|
+
email: user.email,
|
|
38
|
+
});
|
|
39
|
+
return user;
|
|
18
40
|
};
|
|
19
41
|
const getEnrichedUser = async ({ brand, context, host, protocol, }) => {
|
|
42
|
+
log('Getting enriched user', { brand, host, protocol });
|
|
20
43
|
const user = await getUser({ host, protocol, context });
|
|
21
|
-
if (!user)
|
|
44
|
+
if (!user) {
|
|
45
|
+
log('No user found, cannot enrich');
|
|
22
46
|
return null;
|
|
47
|
+
}
|
|
48
|
+
log('Retrieving access token for enrichment');
|
|
23
49
|
const accessToken = await getAccessToken.getAccessToken({
|
|
24
50
|
host,
|
|
25
51
|
protocol,
|
|
26
52
|
context,
|
|
27
53
|
});
|
|
28
|
-
|
|
54
|
+
log('Access token retrieved, enriching user');
|
|
55
|
+
const enrichedUser = await session.enrichUser({
|
|
29
56
|
user,
|
|
30
57
|
accessToken,
|
|
31
58
|
brand,
|
|
32
59
|
});
|
|
60
|
+
log('User enriched successfully', {
|
|
61
|
+
userId: enrichedUser.userId,
|
|
62
|
+
sellerId: enrichedUser.sellerId,
|
|
63
|
+
hasEntitlements: !!enrichedUser.entitlements,
|
|
64
|
+
});
|
|
65
|
+
return enrichedUser;
|
|
33
66
|
};
|
|
34
67
|
|
|
35
68
|
exports.getEnrichedUser = getEnrichedUser;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getUser.js","sources":["../../../../../src/server/helpers/getUser.ts"],"sourcesContent":[null],"names":["getAuth0Instance","getAccessToken","enrichUser"],"mappings":"
|
|
1
|
+
{"version":3,"file":"getUser.js","sources":["../../../../../src/server/helpers/getUser.ts"],"sourcesContent":[null],"names":["debug","getAuth0Instance","getAccessToken","enrichUser"],"mappings":";;;;;;;;;;;AAYA,MAAM,GAAG,GAAGA,sBAAK,CAAC,2BAA2B,CAAC;AAE9C,MAAM,cAAc,GAAG,OAAO,EAC5B,QAAQ,EACR,IAAI,EACJ,OAAO,GACwC,KAAI;IACnD,GAAG,CAAC,yBAAyB,EAAE;QAC7B,IAAI;QACJ,QAAQ;AACR,QAAA,UAAU,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO;AAC/B,KAAA,CAAC;IACF,MAAM,aAAa,GAAGC,iCAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAE1D,IAAA,MAAM,OAAO,GAAG,OAAO,EAAE;UACrB,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,OAAO;AAChD,UAAE,MAAM,aAAa,CAAC,UAAU,EAAE;AAEpC,IAAA,GAAG,CAAC,mBAAmB,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC;AAC7E,IAAA,OAAO,OAAO;AAChB,CAAC;AAEM,MAAM,OAAO,GAAG,OAAO,EAC5B,OAAO,EACP,IAAI,EACJ,QAAQ,GAEY,KAAiC;IACrD,GAAG,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AACvC,IAAA,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IACrE,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE;QACrC,GAAG,CAAC,0BAA0B,CAAC;AAC/B,QAAA,OAAO,IAAI;IACb;AAEA,IAAA,MAAM,IAAI,GAAG,WAAW,CAAC,IAAmB;IAC5C,GAAG,CAAC,gBAAgB,EAAE;QACpB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,KAAK,EAAE,IAAI,CAAC,KAAK;AAClB,KAAA,CAAC;AACF,IAAA,OAAO,IAAI;AACb;AAEO,MAAM,eAAe,GAAG,OAAO,EACpC,KAAK,EACL,OAAO,EACP,IAAI,EACJ,QAAQ,GAIP,KAAyC;IAC1C,GAAG,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AACvD,IAAA,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IACvD,IAAI,CAAC,IAAI,EAAE;QACT,GAAG,CAAC,8BAA8B,CAAC;AACnC,QAAA,OAAO,IAAI;IACb;IAEA,GAAG,CAAC,wCAAwC,CAAC;AAC7C,IAAA,MAAM,WAAW,GAAG,MAAMC,6BAAc,CAAC;QACvC,IAAI;QACJ,QAAQ;QACR,OAAO;AACR,KAAA,CAAC;IACF,GAAG,CAAC,wCAAwC,CAAC;AAC7C,IAAA,MAAM,YAAY,GAAG,MAAMC,kBAAU,CAAC;QACpC,IAAI;QACJ,WAAW;QACX,KAAK;AACN,KAAA,CAAC;IACF,GAAG,CAAC,4BAA4B,EAAE;QAChC,MAAM,EAAE,YAAY,CAAC,MAAM;QAC3B,QAAQ,EAAE,YAAY,CAAC,QAAQ;AAC/B,QAAA,eAAe,EAAE,CAAC,CAAC,YAAY,CAAC,YAAY;AAC7C,KAAA,CAAC;AACF,IAAA,OAAO,YAAY;AACrB;;;;;"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var server = require('next/server');
|
|
4
|
+
var debug = require('debug');
|
|
4
5
|
var auth0 = require('../../config/auth0.js');
|
|
5
6
|
var getAuth0Instance = require('../getAuth0Instance.js');
|
|
6
7
|
var token = require('./token.js');
|
|
@@ -10,6 +11,11 @@ var logout = require('./logout.js');
|
|
|
10
11
|
var login = require('./login.js');
|
|
11
12
|
var combineHeaders = require('./combineHeaders.js');
|
|
12
13
|
|
|
14
|
+
function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
|
|
15
|
+
|
|
16
|
+
var debug__default = /*#__PURE__*/_interopDefaultCompat(debug);
|
|
17
|
+
|
|
18
|
+
const log = debug__default.default('@smg-automotive/auth:middleware');
|
|
13
19
|
const isAuthRoute = (pathname, auth0Config) => {
|
|
14
20
|
const { loginEndpoint, logoutEndpoint, callbackEndpoint, userProfileEndpoint, tokenEndpoint, } = auth0Config;
|
|
15
21
|
return [
|
|
@@ -22,12 +28,19 @@ const isAuthRoute = (pathname, auth0Config) => {
|
|
|
22
28
|
};
|
|
23
29
|
const authMiddleware = async ({ request, isProtectedRoute, language, host, protocol, onError, brand, }) => {
|
|
24
30
|
const { pathname } = request.nextUrl;
|
|
31
|
+
log('Processing request', {
|
|
32
|
+
pathname,
|
|
33
|
+
host,
|
|
34
|
+
protocol,
|
|
35
|
+
method: request.method,
|
|
36
|
+
});
|
|
25
37
|
const auth0Instance = getAuth0Instance.getAuth0Instance({
|
|
26
38
|
host,
|
|
27
39
|
protocol,
|
|
28
40
|
});
|
|
29
41
|
const auth0Config = auth0.getAuth0Config();
|
|
30
42
|
const isAuthErrorRoute = pathname.endsWith(auth0Config.globalAuthErrorPath);
|
|
43
|
+
log('Auth route check', { pathname, isAuthErrorRoute });
|
|
31
44
|
const crossDomainLogoutResult = logout.handleCrossDomainLogout({
|
|
32
45
|
host,
|
|
33
46
|
protocol,
|
|
@@ -35,13 +48,16 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
35
48
|
auth0Config,
|
|
36
49
|
});
|
|
37
50
|
if (crossDomainLogoutResult) {
|
|
51
|
+
log('Cross-domain logout detected, redirecting');
|
|
38
52
|
return crossDomainLogoutResult;
|
|
39
53
|
}
|
|
40
54
|
login.addLoginParams({
|
|
41
55
|
request,
|
|
42
56
|
auth0Config,
|
|
43
57
|
});
|
|
58
|
+
log('Calling Auth0 middleware');
|
|
44
59
|
const authResponse = await auth0Instance.middleware(request);
|
|
60
|
+
log('Auth0 middleware completed', { status: authResponse.status });
|
|
45
61
|
logout.deleteRelatedSessionCookies({
|
|
46
62
|
host,
|
|
47
63
|
request,
|
|
@@ -56,6 +72,7 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
56
72
|
onError,
|
|
57
73
|
});
|
|
58
74
|
if (accessTokenRequestResult) {
|
|
75
|
+
log('Access token request handled');
|
|
59
76
|
return accessTokenRequestResult;
|
|
60
77
|
}
|
|
61
78
|
const handleUserProfileResult = await profile.handleUserProfile({
|
|
@@ -66,12 +83,15 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
66
83
|
brand,
|
|
67
84
|
});
|
|
68
85
|
if (handleUserProfileResult) {
|
|
86
|
+
log('User profile request handled');
|
|
69
87
|
return handleUserProfileResult;
|
|
70
88
|
}
|
|
71
89
|
if (isAuthRoute(pathname, auth0Config) || isAuthErrorRoute) {
|
|
90
|
+
log('Auth route, returning response');
|
|
72
91
|
return authResponse;
|
|
73
92
|
}
|
|
74
93
|
const isProtected = !isAuthErrorRoute && isProtectedRoute(pathname);
|
|
94
|
+
log('Route protection check', { pathname, isProtected });
|
|
75
95
|
const protectRouteResult = await protectRoute.protectRoute({
|
|
76
96
|
isProtected,
|
|
77
97
|
auth0Instance,
|
|
@@ -82,8 +102,12 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
82
102
|
onError,
|
|
83
103
|
});
|
|
84
104
|
if (protectRouteResult) {
|
|
105
|
+
log('Route protection handled', {
|
|
106
|
+
redirected: protectRouteResult.status === 307,
|
|
107
|
+
});
|
|
85
108
|
return protectRouteResult;
|
|
86
109
|
}
|
|
110
|
+
log('Request completed, combining headers');
|
|
87
111
|
return combineHeaders.combineHeaders({
|
|
88
112
|
middlewareResponse: server.NextResponse.next({
|
|
89
113
|
request: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":["getAuth0Instance","getAuth0Config","handleCrossDomainLogout","addLoginParams","deleteRelatedSessionCookies","handleAccessTokenRequest","handleUserProfile","protectRoute","combineHeaders","NextResponse"],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":["debug","getAuth0Instance","getAuth0Config","handleCrossDomainLogout","addLoginParams","deleteRelatedSessionCookies","handleAccessTokenRequest","handleUserProfile","protectRoute","combineHeaders","NextResponse"],"mappings":";;;;;;;;;;;;;;;;;AAgBA,MAAM,GAAG,GAAGA,sBAAK,CAAC,iCAAiC,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,KAAK,GASN,KAA2B;AAC1B,IAAA,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO;IACpC,GAAG,CAAC,oBAAoB,EAAE;QACxB,QAAQ;QACR,IAAI;QACJ,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;AACvB,KAAA,CAAC;IAEF,MAAM,aAAa,GAAGC,iCAAgB,CAAC;QACrC,IAAI;QACJ,QAAQ;AACT,KAAA,CAAC;AAEF,IAAA,MAAM,WAAW,GAAGC,oBAAc,EAAE;IACpC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAC3E,GAAG,CAAC,kBAAkB,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAEvD,MAAM,uBAAuB,GAAGC,8BAAuB,CAAC;QACtD,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;QAC3B,GAAG,CAAC,2CAA2C,CAAC;AAChD,QAAA,OAAO,uBAAuB;IAChC;AAEA,IAAAC,oBAAc,CAAC;QACb,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IAEF,GAAG,CAAC,0BAA0B,CAAC;IAC/B,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAC5D,GAAG,CAAC,4BAA4B,EAAE,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;AAElE,IAAAC,kCAA2B,CAAC;QAC1B,IAAI;QACJ,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,WAAW;AACZ,KAAA,CAAC;AAEF,IAAA,MAAM,wBAAwB,GAAG,MAAMC,8BAAwB,CAAC;QAC9D,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,OAAO;AACR,KAAA,CAAC;IACF,IAAI,wBAAwB,EAAE;QAC5B,GAAG,CAAC,8BAA8B,CAAC;AACnC,QAAA,OAAO,wBAAwB;IACjC;AAEA,IAAA,MAAM,uBAAuB,GAAG,MAAMC,yBAAiB,CAAC;QACtD,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,KAAK;AACN,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;QAC3B,GAAG,CAAC,8BAA8B,CAAC;AACnC,QAAA,OAAO,uBAAuB;IAChC;IAEA,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,gBAAgB,EAAE;QAC1D,GAAG,CAAC,gCAAgC,CAAC;AACrC,QAAA,OAAO,YAAY;IACrB;IAEA,MAAM,WAAW,GAAG,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,CAAC;IACnE,GAAG,CAAC,wBAAwB,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;AACxD,IAAA,MAAM,kBAAkB,GAAG,MAAMC,yBAAY,CAAC;QAC5C,WAAW;QACX,aAAa;QACb,WAAW;QACX,QAAQ;QACR,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,OAAO;AACR,KAAA,CAAC;IACF,IAAI,kBAAkB,EAAE;QACtB,GAAG,CAAC,0BAA0B,EAAE;AAC9B,YAAA,UAAU,EAAE,kBAAkB,CAAC,MAAM,KAAK,GAAG;AAC9C,SAAA,CAAC;AACF,QAAA,OAAO,kBAAkB;IAC3B;IAEA,GAAG,CAAC,sCAAsC,CAAC;AAC3C,IAAA,OAAOC,6BAAc,CAAC;AACpB,QAAA,kBAAkB,EAAEC,mBAAY,CAAC,IAAI,CAAC;AACpC,YAAA,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,aAAA;SACF,CAAC;QACF,YAAY;AACb,KAAA,CAAC;AACJ;;;;"}
|
|
@@ -1,7 +1,13 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var server = require('next/server');
|
|
4
|
+
var debug = require('debug');
|
|
4
5
|
|
|
6
|
+
function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
|
|
7
|
+
|
|
8
|
+
var debug__default = /*#__PURE__*/_interopDefaultCompat(debug);
|
|
9
|
+
|
|
10
|
+
const log = debug__default.default('@smg-automotive/auth:logout');
|
|
5
11
|
const validateReturnTo = ({ pathOrUrl, host, protocol, otherDomainHost, crossDomainLogout, }) => {
|
|
6
12
|
if (typeof pathOrUrl !== 'string')
|
|
7
13
|
return false;
|
|
@@ -46,9 +52,11 @@ const getOtherDomainHost = (currentHost) => {
|
|
|
46
52
|
const handleCrossDomainLogout = ({ host, protocol, request, auth0Config: { languageConfig, logoutEndpoint }, }) => {
|
|
47
53
|
if (request.nextUrl.pathname !== logoutEndpoint)
|
|
48
54
|
return;
|
|
55
|
+
log('Handling logout request', { host, protocol });
|
|
49
56
|
const searchParams = new URLSearchParams(request.nextUrl.search);
|
|
50
57
|
const specifiedReturnTo = searchParams.get('returnTo') || '';
|
|
51
58
|
const crossDomainLogout = searchParams.get('crossDomain') === 'true';
|
|
59
|
+
log('Logout parameters', { specifiedReturnTo, crossDomainLogout });
|
|
52
60
|
const otherDomainHost = getOtherDomainHost(host);
|
|
53
61
|
const currentDomainUrl = `${protocol}://${host}`;
|
|
54
62
|
const locale = searchParams.get('locale');
|
|
@@ -60,16 +68,22 @@ const handleCrossDomainLogout = ({ host, protocol, request, auth0Config: { langu
|
|
|
60
68
|
pathOrUrl: specifiedReturnTo,
|
|
61
69
|
crossDomainLogout,
|
|
62
70
|
});
|
|
71
|
+
log('ReturnTo validation', { isSafePath, specifiedReturnTo });
|
|
63
72
|
if (isSafePath && specifiedReturnTo) {
|
|
64
73
|
returnTo = specifiedReturnTo;
|
|
65
74
|
}
|
|
66
75
|
if (!crossDomainLogout && otherDomainHost && otherDomainHost !== host) {
|
|
76
|
+
log('Initiating cross-domain logout', { otherDomainHost });
|
|
67
77
|
const backToCurrentDomainUrl = new URL(logoutEndpoint, currentDomainUrl);
|
|
68
78
|
backToCurrentDomainUrl.searchParams.set('returnTo', returnTo);
|
|
69
79
|
backToCurrentDomainUrl.searchParams.set('crossDomain', 'true');
|
|
70
80
|
const otherDomainLogoutUrl = new URL(logoutEndpoint, `${protocol}://${otherDomainHost}`);
|
|
71
81
|
otherDomainLogoutUrl.searchParams.set('crossDomain', 'true');
|
|
72
82
|
otherDomainLogoutUrl.searchParams.set('returnTo', backToCurrentDomainUrl.toString());
|
|
83
|
+
log('Redirecting to other domain for logout', {
|
|
84
|
+
otherDomainHost,
|
|
85
|
+
returnUrl: backToCurrentDomainUrl.toString(),
|
|
86
|
+
});
|
|
73
87
|
return server.NextResponse.redirect(otherDomainLogoutUrl, {
|
|
74
88
|
status: 302,
|
|
75
89
|
});
|
|
@@ -96,6 +110,10 @@ const getLegacyCookieDomain = (hostname) => {
|
|
|
96
110
|
const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { logoutEndpoint, authCookieNames, legacyAccessTokenName, legacyRefreshTokenName, }, }) => {
|
|
97
111
|
if (request.nextUrl.pathname !== logoutEndpoint || !response)
|
|
98
112
|
return;
|
|
113
|
+
log('Deleting session cookies', {
|
|
114
|
+
host,
|
|
115
|
+
cookieCount: authCookieNames.length,
|
|
116
|
+
});
|
|
99
117
|
authCookieNames.forEach((cookieName) => {
|
|
100
118
|
response.cookies.delete({
|
|
101
119
|
name: cookieName,
|
|
@@ -114,6 +132,7 @@ const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { l
|
|
|
114
132
|
});
|
|
115
133
|
});
|
|
116
134
|
const legacyCookieDomain = getLegacyCookieDomain(host);
|
|
135
|
+
log('Deleting legacy cookies', { legacyCookieDomain });
|
|
117
136
|
response.cookies.delete({
|
|
118
137
|
name: legacyAccessTokenName,
|
|
119
138
|
maxAge: 0,
|
|
@@ -126,6 +145,7 @@ const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { l
|
|
|
126
145
|
path: '/',
|
|
127
146
|
domain: legacyCookieDomain,
|
|
128
147
|
});
|
|
148
|
+
log('All session cookies deleted');
|
|
129
149
|
};
|
|
130
150
|
|
|
131
151
|
exports.deleteRelatedSessionCookies = deleteRelatedSessionCookies;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout.js","sources":["../../../../../src/server/middleware/logout.ts"],"sourcesContent":[null],"names":["NextResponse"],"mappings":"
|
|
1
|
+
{"version":3,"file":"logout.js","sources":["../../../../../src/server/middleware/logout.ts"],"sourcesContent":[null],"names":["debug","NextResponse"],"mappings":";;;;;;;;;AAKA,MAAM,GAAG,GAAGA,sBAAK,CAAC,6BAA6B,CAAC;AAEhD,MAAM,gBAAgB,GAAG,CAAC,EACxB,SAAS,EACT,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,iBAAiB,GAOlB,KAAI;IACH,IAAI,OAAO,SAAS,KAAK,QAAQ;AAAE,QAAA,OAAO,KAAK;AAC/C,IAAA,IAAI,SAAS,CAAC,MAAM,GAAG,IAAI;AAAE,QAAA,OAAO,KAAK;AAEzC,IAAA,IAAI;AACF,QAAA,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,SAAS,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,KAAK,GAAG,gBAAgB,GAAG,GAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,CAAA,EAAG,gBAAgB,CAAA,CAAE,CACtE;AACD,QAAA,MAAM,WAAW,GAAG,eAAe,CAAC,QAAQ;AAE5C,QAAA,IACE,iBAAiB;YACjB,KAAK;AACL,YAAA,eAAe,CAAC,IAAI,KAAK,eAAe,EACxC;AACA,YAAA,OAAO,KAAK;QACd;QAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,CAAC,IAAI,KAAK,IAAI,EAAE;AACvD,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;AAChE,YAAA,OAAO,KAAK;QACd;;;QAIA,MAAM,eAAe,GAAG,yBAAyB;AACjD,QAAA,OAAO,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC;IAC1C;IAAE,OAAO,KAAK,EAAE;;AAEd,QAAA,OAAO,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,CAAC;AACjD,QAAA,OAAO,KAAK;IACd;AACF,CAAC;AAED,MAAM,kBAAkB,GAAG,CAAC,WAAmB,KAAY;AACzD,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,OAAO,WAAW;AACpB,CAAC;MAEY,uBAAuB,GAAG,CAAC,EACtC,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,WAAW,EAAE,EAAE,cAAc,EAAE,cAAc,EAAE,GAMhD,KAAyB;AACxB,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc;QAAE;IAEjD,GAAG,CAAC,yBAAyB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAClD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAEhE,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE;IAC5D,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,MAAM;IACpE,GAAG,CAAC,mBAAmB,EAAE,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,CAAC;AAElE,IAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,CAAC;AAChD,IAAA,MAAM,gBAAgB,GAAG,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,EAAE;IAChD,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC;AACzC,IAAA,IAAI,QAAQ,GAAG,MAAM,GAAG,CAAA,CAAA,EAAI,MAAM,CAAA,CAAE,GAAG,CAAA,CAAA,EAAI,cAAc,CAAC,OAAO,EAAE;IACnE,MAAM,UAAU,GAAG,gBAAgB,CAAC;QAClC,QAAQ;QACR,IAAI;QACJ,eAAe;AACf,QAAA,SAAS,EAAE,iBAAiB;QAC5B,iBAAiB;AAClB,KAAA,CAAC;IACF,GAAG,CAAC,qBAAqB,EAAE,EAAE,UAAU,EAAE,iBAAiB,EAAE,CAAC;AAC7D,IAAA,IAAI,UAAU,IAAI,iBAAiB,EAAE;QACnC,QAAQ,GAAG,iBAAiB;IAC9B;IAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,IAAI,eAAe,KAAK,IAAI,EAAE;AACrE,QAAA,GAAG,CAAC,gCAAgC,EAAE,EAAE,eAAe,EAAE,CAAC;QAC1D,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,gBAAgB,CAAC;QACxE,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;QAC7D,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAE9D,QAAA,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAClC,cAAc,EACd,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,eAAe,CAAA,CAAE,CACnC;QACD,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAC5D,QAAA,oBAAoB,CAAC,YAAY,CAAC,GAAG,CACnC,UAAU,EACV,sBAAsB,CAAC,QAAQ,EAAE,CAClC;QAED,GAAG,CAAC,wCAAwC,EAAE;YAC5C,eAAe;AACf,YAAA,SAAS,EAAE,sBAAsB,CAAC,QAAQ,EAAE;AAC7C,SAAA,CAAC;AACF,QAAA,OAAOC,mBAAY,CAAC,QAAQ,CAAC,oBAAoB,EAAE;AACjD,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CAAC;IACJ;IAEA,IAAI,aAAa,GAAG,KAAK;AACzB,IAAA,IAAI;AACF,QAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,QAAQ,CAAC;AACpD,QAAA,aAAa,GAAG,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC;IACpD;IAAE,OAAO,KAAK,EAAE;;AAEd,QAAA,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC;IACjD;AAEA,IAAA,YAAY,CAAC,GAAG,CACd,UAAU,EACV,aAAa,GAAG,QAAQ,GAAG,CAAA,EAAG,gBAAgB,GAAG,QAAQ,CAAA,CAAE,CAC5D;IACD,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;AAClD;AAEA,MAAM,qBAAqB,GAAG,CAAC,QAAgB,KAAI;IACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;AACjC,IAAA,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAE;AAE3C,IAAA,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;IACtC,OAAO,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;AACnB,CAAC;AAEM,MAAM,2BAA2B,GAAG,CAAC,EAC1C,IAAI,EACJ,OAAO,EACP,QAAQ,EACR,WAAW,EAAE,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,sBAAsB,GACvB,GAMF,KAAI;IACH,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc,IAAI,CAAC,QAAQ;QAAE;IAE9D,GAAG,CAAC,0BAA0B,EAAE;QAC9B,IAAI;QACJ,WAAW,EAAE,eAAe,CAAC,MAAM;AACpC,KAAA,CAAC;AACF,IAAA,eAAe,CAAC,OAAO,CAAC,CAAC,UAAU,KAAI;AACrC,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,YAAA,IAAI,EAAE,UAAU;AAChB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACF,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK;AACxB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACF,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK;AACxB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACJ,IAAA,CAAC,CAAC;AAEF,IAAA,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,IAAI,CAAC;AACtD,IAAA,GAAG,CAAC,yBAAyB,EAAE,EAAE,kBAAkB,EAAE,CAAC;AACtD,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,qBAAqB;AAC3B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACF,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,sBAAsB;AAC5B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;IACF,GAAG,CAAC,6BAA6B,CAAC;AACpC;;;;;"}
|
|
@@ -1,12 +1,32 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
var debug = require('debug');
|
|
4
|
+
|
|
5
|
+
function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
|
|
6
|
+
|
|
7
|
+
var debug__default = /*#__PURE__*/_interopDefaultCompat(debug);
|
|
8
|
+
|
|
9
|
+
const log = debug__default.default('@smg-automotive/auth:token');
|
|
3
10
|
const proactivelyRefreshAccessToken = async ({ request, response, auth0Instance, auth0Config, }) => {
|
|
11
|
+
log('Checking if token refresh is needed');
|
|
4
12
|
const session = await auth0Instance.getSession(request);
|
|
5
|
-
const
|
|
6
|
-
|
|
7
|
-
|
|
13
|
+
const expiresAt = session?.tokenSet.expiresAt || 0;
|
|
14
|
+
const expiresInSeconds = expiresAt - Date.now() / 1000;
|
|
15
|
+
const shouldRefresh = auth0Config.debugForceTokenRefresh || expiresAt < Date.now() / 1000 + 30;
|
|
16
|
+
log('Token refresh decision', {
|
|
17
|
+
shouldRefresh,
|
|
18
|
+
expiresInSeconds: Math.round(expiresInSeconds),
|
|
19
|
+
debugForceRefresh: auth0Config.debugForceTokenRefresh,
|
|
20
|
+
hasSession: !!session,
|
|
21
|
+
});
|
|
22
|
+
const result = await auth0Instance.getAccessToken(request, response, {
|
|
8
23
|
refresh: shouldRefresh,
|
|
9
24
|
});
|
|
25
|
+
log('Access token retrieved', {
|
|
26
|
+
expiresAt: result.expiresAt,
|
|
27
|
+
tokenLength: result.token.length,
|
|
28
|
+
});
|
|
29
|
+
return result;
|
|
10
30
|
};
|
|
11
31
|
|
|
12
32
|
exports.proactivelyRefreshAccessToken = proactivelyRefreshAccessToken;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"proactivelyRefreshAccessToken.js","sources":["../../../../../src/server/middleware/proactivelyRefreshAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"proactivelyRefreshAccessToken.js","sources":["../../../../../src/server/middleware/proactivelyRefreshAccessToken.ts"],"sourcesContent":[null],"names":["debug"],"mappings":";;;;;;;;AAMA,MAAM,GAAG,GAAGA,sBAAK,CAAC,4BAA4B,CAAC;AAExC,MAAM,6BAA6B,GAAG,OAAO,EAClD,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,GAMZ,KAAmD;IAClD,GAAG,CAAC,qCAAqC,CAAC;IAC1C,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,MAAM,SAAS,GAAG,OAAO,EAAE,QAAQ,CAAC,SAAS,IAAI,CAAC;IAClD,MAAM,gBAAgB,GAAG,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI;AACtD,IAAA,MAAM,aAAa,GACjB,WAAW,CAAC,sBAAsB,IAAI,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE;IAE1E,GAAG,CAAC,wBAAwB,EAAE;QAC5B,aAAa;AACb,QAAA,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC;QAC9C,iBAAiB,EAAE,WAAW,CAAC,sBAAsB;QACrD,UAAU,EAAE,CAAC,CAAC,OAAO;AACtB,KAAA,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE;AACnE,QAAA,OAAO,EAAE,aAAa;AACvB,KAAA,CAAC;IAEF,GAAG,CAAC,wBAAwB,EAAE;QAC5B,SAAS,EAAE,MAAM,CAAC,SAAS;AAC3B,QAAA,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;AACjC,KAAA,CAAC;AAEF,IAAA,OAAO,MAAM;AACf;;;;"}
|
|
@@ -1,11 +1,17 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var server = require('next/server');
|
|
4
|
+
var debug = require('debug');
|
|
4
5
|
var session = require('../../lib/enrichUser/session.js');
|
|
5
6
|
var proactivelyRefreshAccessToken = require('./proactivelyRefreshAccessToken.js');
|
|
6
7
|
var combineHeaders = require('./combineHeaders.js');
|
|
7
8
|
var addCachingHeaders = require('./addCachingHeaders.js');
|
|
8
9
|
|
|
10
|
+
function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
|
|
11
|
+
|
|
12
|
+
var debug__default = /*#__PURE__*/_interopDefaultCompat(debug);
|
|
13
|
+
|
|
14
|
+
const log = debug__default.default('@smg-automotive/auth:profile');
|
|
9
15
|
const returnEmptyResponse = () => {
|
|
10
16
|
return new server.NextResponse(null, {
|
|
11
17
|
status: 204,
|
|
@@ -20,23 +26,35 @@ const returnEmptyResponse = () => {
|
|
|
20
26
|
const handleUserProfile = async ({ request, response, auth0Instance, auth0Config, brand, }) => {
|
|
21
27
|
if (request.nextUrl.pathname !== auth0Config.userProfileEndpoint)
|
|
22
28
|
return;
|
|
29
|
+
log('Handling user profile request', { brand });
|
|
23
30
|
const session$1 = await auth0Instance.getSession(request);
|
|
24
31
|
if (!session$1) {
|
|
32
|
+
log('No session found for profile request');
|
|
25
33
|
return returnEmptyResponse();
|
|
26
34
|
}
|
|
27
35
|
try {
|
|
28
36
|
const user = session$1.user;
|
|
37
|
+
log('User found, refreshing token and enriching', {
|
|
38
|
+
userId: user.userId,
|
|
39
|
+
sellerId: user.sellerId,
|
|
40
|
+
});
|
|
29
41
|
const { token } = await proactivelyRefreshAccessToken.proactivelyRefreshAccessToken({
|
|
30
42
|
request,
|
|
31
43
|
response,
|
|
32
44
|
auth0Instance,
|
|
33
45
|
auth0Config,
|
|
34
46
|
});
|
|
47
|
+
log('Token refreshed, enriching user');
|
|
35
48
|
const enrichedUser = await session.enrichUser({
|
|
36
49
|
user,
|
|
37
50
|
accessToken: token,
|
|
38
51
|
brand,
|
|
39
52
|
});
|
|
53
|
+
log('User enriched successfully', {
|
|
54
|
+
userId: enrichedUser.userId,
|
|
55
|
+
sellerId: enrichedUser.sellerId,
|
|
56
|
+
hasEntitlements: !!enrichedUser.entitlements,
|
|
57
|
+
});
|
|
40
58
|
const userResponse = server.NextResponse.json(enrichedUser);
|
|
41
59
|
const responseWithCombinedHeaders = combineHeaders.combineHeaders({
|
|
42
60
|
middlewareResponse: userResponse,
|
|
@@ -51,8 +69,10 @@ const handleUserProfile = async ({ request, response, auth0Instance, auth0Config
|
|
|
51
69
|
return responseWithCombinedHeaders;
|
|
52
70
|
}
|
|
53
71
|
catch (error) {
|
|
54
|
-
|
|
55
|
-
|
|
72
|
+
log('User Profile error loading entitlements', {
|
|
73
|
+
error: error instanceof Error ? error.message : String(error),
|
|
74
|
+
stack: error instanceof Error ? error.stack : undefined,
|
|
75
|
+
});
|
|
56
76
|
return returnEmptyResponse();
|
|
57
77
|
}
|
|
58
78
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profile.js","sources":["../../../../../src/server/middleware/profile.ts"],"sourcesContent":[null],"names":["NextResponse","session","proactivelyRefreshAccessToken","enrichUser","combineHeaders","addCachingHeaders"],"mappings":"
|
|
1
|
+
{"version":3,"file":"profile.js","sources":["../../../../../src/server/middleware/profile.ts"],"sourcesContent":[null],"names":["debug","NextResponse","session","proactivelyRefreshAccessToken","enrichUser","combineHeaders","addCachingHeaders"],"mappings":";;;;;;;;;;;;;AAYA,MAAM,GAAG,GAAGA,sBAAK,CAAC,8BAA8B,CAAC;AAEjD,MAAM,mBAAmB,GAAG,MAAmB;AAC7C,IAAA,OAAO,IAAIC,mBAAY,CAAC,IAAI,EAAE;AAC5B,QAAA,MAAM,EAAE,GAAG;AACX,QAAA,OAAO,EAAE;AACP,YAAA,IAAI,EAAE,uBAAuB;AAC7B,YAAA,eAAe,EACb,yDAAyD;AAC3D,YAAA,MAAM,EAAE,UAAU;AAClB,YAAA,OAAO,EAAE,GAAG;AACb,SAAA;AACF,KAAA,CAAC;AACJ,CAAC;AAEM,MAAM,iBAAiB,GAAG,OAAO,EACtC,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,EACX,KAAK,GAON,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,mBAAmB;QAAE;AAElE,IAAA,GAAG,CAAC,+BAA+B,EAAE,EAAE,KAAK,EAAE,CAAC;IAC/C,MAAMC,SAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,IAAI,CAACA,SAAO,EAAE;QACZ,GAAG,CAAC,sCAAsC,CAAC;QAC3C,OAAO,mBAAmB,EAAE;IAC9B;AAEA,IAAA,IAAI;AACF,QAAA,MAAM,IAAI,GAAGA,SAAO,CAAC,IAAmB;QACxC,GAAG,CAAC,4CAA4C,EAAE;YAChD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;AACxB,SAAA,CAAC;AACF,QAAA,MAAM,EAAE,KAAK,EAAE,GAAG,MAAMC,2DAA6B,CAAC;YACpD,OAAO;YACP,QAAQ;YACR,aAAa;YACb,WAAW;AACZ,SAAA,CAAC;QACF,GAAG,CAAC,iCAAiC,CAAC;AACtC,QAAA,MAAM,YAAY,GAAG,MAAMC,kBAAU,CAAC;YACpC,IAAI;AACJ,YAAA,WAAW,EAAE,KAAK;YAClB,KAAK;AACN,SAAA,CAAC;QAEF,GAAG,CAAC,4BAA4B,EAAE;YAChC,MAAM,EAAE,YAAY,CAAC,MAAM;YAC3B,QAAQ,EAAE,YAAY,CAAC,QAAQ;AAC/B,YAAA,eAAe,EAAE,CAAC,CAAC,YAAY,CAAC,YAAY;AAC7C,SAAA,CAAC;QACF,MAAM,YAAY,GAAGH,mBAAY,CAAC,IAAI,CAAC,YAAY,CAAC;QACpD,MAAM,2BAA2B,GAAGI,6BAAc,CAAC;AACjD,YAAA,kBAAkB,EAAE,YAAY;AAChC,YAAA,YAAY,EAAE,QAAQ;AACtB,YAAA,eAAe,EAAE,IAAI;AACtB,SAAA,CAAC;QACFC,mCAAiB,CAAC,2BAA2B,CAAC;;QAE9C,KAAK,MAAM,MAAM,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;AAC9C,YAAA,2BAA2B,CAAC,OAAO,CAAC,GAAG,CACrC,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,KAAK,EACZ,MAAM,CACP;QACH;AACA,QAAA,OAAO,2BAA2B;IACpC;IAAE,OAAO,KAAK,EAAE;QACd,GAAG,CAAC,yCAAyC,EAAE;AAC7C,YAAA,KAAK,EAAE,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC;AAC7D,YAAA,KAAK,EAAE,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,KAAK,GAAG,SAAS;AACxD,SAAA,CAAC;QAEF,OAAO,mBAAmB,EAAE;IAC9B;AACF;;;;"}
|
|
@@ -1,9 +1,15 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var server = require('next/server');
|
|
4
|
+
var debug = require('debug');
|
|
4
5
|
var authLinks = require('../../lib/authLinks.js');
|
|
5
6
|
var proactivelyRefreshAccessToken = require('./proactivelyRefreshAccessToken.js');
|
|
6
7
|
|
|
8
|
+
function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
|
|
9
|
+
|
|
10
|
+
var debug__default = /*#__PURE__*/_interopDefaultCompat(debug);
|
|
11
|
+
|
|
12
|
+
const log = debug__default.default('@smg-automotive/auth:protectRoute');
|
|
7
13
|
const redirectToLogin = ({ auth0Config, language, returnTo, origin, }) => {
|
|
8
14
|
const loginUrl = authLinks.getLoginLink({
|
|
9
15
|
auth0Config,
|
|
@@ -15,12 +21,16 @@ const redirectToLogin = ({ auth0Config, language, returnTo, origin, }) => {
|
|
|
15
21
|
});
|
|
16
22
|
};
|
|
17
23
|
const protectRoute = async ({ isProtected, auth0Instance, auth0Config, language, request, response, onError, }) => {
|
|
18
|
-
const session = await auth0Instance.getSession(request);
|
|
19
24
|
const { pathname, search, origin } = request.nextUrl;
|
|
25
|
+
log('Checking route protection', { pathname, isProtected });
|
|
26
|
+
const session = await auth0Instance.getSession(request);
|
|
27
|
+
log('Session check', { hasSession: !!session, hasUser: !!session?.user });
|
|
20
28
|
if (!isProtected && !session?.user) {
|
|
29
|
+
log('Route not protected and no user session, allowing');
|
|
21
30
|
return response;
|
|
22
31
|
}
|
|
23
32
|
if (!session && isProtected) {
|
|
33
|
+
log('Protected route without session, redirecting to login');
|
|
24
34
|
return redirectToLogin({
|
|
25
35
|
auth0Config,
|
|
26
36
|
language,
|
|
@@ -29,15 +39,21 @@ const protectRoute = async ({ isProtected, auth0Instance, auth0Config, language,
|
|
|
29
39
|
});
|
|
30
40
|
}
|
|
31
41
|
try {
|
|
42
|
+
log('Refreshing token for protected route');
|
|
32
43
|
await proactivelyRefreshAccessToken.proactivelyRefreshAccessToken({
|
|
33
44
|
request,
|
|
34
45
|
response,
|
|
35
46
|
auth0Instance,
|
|
36
47
|
auth0Config,
|
|
37
48
|
});
|
|
49
|
+
log('Token refreshed successfully, allowing access');
|
|
38
50
|
}
|
|
39
51
|
catch (error) {
|
|
40
52
|
const authError = error;
|
|
53
|
+
log('Token refresh failed for protected route', {
|
|
54
|
+
message: authError.message,
|
|
55
|
+
code: authError.code,
|
|
56
|
+
});
|
|
41
57
|
onError?.(authError);
|
|
42
58
|
return redirectToLogin({
|
|
43
59
|
auth0Config,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"protectRoute.js","sources":["../../../../../src/server/middleware/protectRoute.ts"],"sourcesContent":[null],"names":["getLoginLink","NextResponse","proactivelyRefreshAccessToken"],"mappings":"
|
|
1
|
+
{"version":3,"file":"protectRoute.js","sources":["../../../../../src/server/middleware/protectRoute.ts"],"sourcesContent":[null],"names":["debug","getLoginLink","NextResponse","proactivelyRefreshAccessToken"],"mappings":";;;;;;;;;;;AAWA,MAAM,GAAG,GAAGA,sBAAK,CAAC,mCAAmC,CAAC;AAEtD,MAAM,eAAe,GAAG,CAAC,EACvB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,MAAM,GAMP,KAAkB;IACjB,MAAM,QAAQ,GAAGC,sBAAY,CAAC;QAC5B,WAAW;QACX,QAAQ;QACR,QAAQ;AACT,KAAA,CAAC;IAEF,OAAOC,mBAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE;AACtD,QAAA,MAAM,EAAE,GAAG;AACZ,KAAA,CAAC;AACJ,CAAC;MAEY,YAAY,GAAG,OAAO,EACjC,WAAW,EACX,aAAa,EACb,WAAW,EACX,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,OAAO,GASR,KAAkC;IACjC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;IACpD,GAAG,CAAC,2BAA2B,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;IAE3D,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;AACvD,IAAA,GAAG,CAAC,eAAe,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC;IAEzE,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE;QAClC,GAAG,CAAC,mDAAmD,CAAC;AACxD,QAAA,OAAO,QAAQ;IACjB;AAEA,IAAA,IAAI,CAAC,OAAO,IAAI,WAAW,EAAE;QAC3B,GAAG,CAAC,uDAAuD,CAAC;AAC5D,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AAEA,IAAA,IAAI;QACF,GAAG,CAAC,sCAAsC,CAAC;AAC3C,QAAA,MAAMC,2DAA6B,CAAC;YAClC,OAAO;YACP,QAAQ;YACR,aAAa;YACb,WAAW;AACZ,SAAA,CAAC;QACF,GAAG,CAAC,+CAA+C,CAAC;IACtD;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;QACnC,GAAG,CAAC,0CAA0C,EAAE;YAC9C,OAAO,EAAE,SAAS,CAAC,OAAO;YAC1B,IAAI,EAAE,SAAS,CAAC,IAAI;AACrB,SAAA,CAAC;AACF,QAAA,OAAO,GAAG,SAAS,CAAC;AAEpB,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AACF;;;;"}
|
|
@@ -1,16 +1,24 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var server = require('next/server');
|
|
4
|
+
var debug = require('debug');
|
|
4
5
|
var errors = require('@auth0/nextjs-auth0/errors');
|
|
5
6
|
var proactivelyRefreshAccessToken = require('./proactivelyRefreshAccessToken.js');
|
|
6
7
|
var combineHeaders = require('./combineHeaders.js');
|
|
7
8
|
var addCachingHeaders = require('./addCachingHeaders.js');
|
|
8
9
|
|
|
10
|
+
function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
|
|
11
|
+
|
|
12
|
+
var debug__default = /*#__PURE__*/_interopDefaultCompat(debug);
|
|
13
|
+
|
|
14
|
+
const log = debug__default.default('@smg-automotive/auth:token');
|
|
9
15
|
const handleAccessTokenRequest = async ({ request, response, auth0Instance, auth0Config, onError, }) => {
|
|
10
16
|
if (request.nextUrl.pathname !== auth0Config.tokenEndpoint)
|
|
11
17
|
return;
|
|
18
|
+
log('Handling access token request', { pathname: request.nextUrl.pathname });
|
|
12
19
|
const session = await auth0Instance.getSession(request);
|
|
13
20
|
if (!session) {
|
|
21
|
+
log('Access token request failed: no session');
|
|
14
22
|
return server.NextResponse.json({
|
|
15
23
|
error: {
|
|
16
24
|
message: 'The user does not have an active session.',
|
|
@@ -21,12 +29,14 @@ const handleAccessTokenRequest = async ({ request, response, auth0Instance, auth
|
|
|
21
29
|
});
|
|
22
30
|
}
|
|
23
31
|
try {
|
|
32
|
+
log('Refreshing access token');
|
|
24
33
|
const { token, expiresAt } = await proactivelyRefreshAccessToken.proactivelyRefreshAccessToken({
|
|
25
34
|
request,
|
|
26
35
|
response,
|
|
27
36
|
auth0Instance,
|
|
28
37
|
auth0Config,
|
|
29
38
|
});
|
|
39
|
+
log('Access token refreshed successfully', { expiresAt });
|
|
30
40
|
const tokenResponse = server.NextResponse.json({
|
|
31
41
|
token,
|
|
32
42
|
expiresAt,
|
|
@@ -45,6 +55,10 @@ const handleAccessTokenRequest = async ({ request, response, auth0Instance, auth
|
|
|
45
55
|
}
|
|
46
56
|
catch (error) {
|
|
47
57
|
const authError = error;
|
|
58
|
+
log('Access token request error', {
|
|
59
|
+
message: authError.message,
|
|
60
|
+
code: authError.code,
|
|
61
|
+
});
|
|
48
62
|
onError?.(authError);
|
|
49
63
|
return server.NextResponse.json({ error: { message: authError.message, code: authError.code } }, { status: 401 });
|
|
50
64
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.js","sources":["../../../../../src/server/middleware/token.ts"],"sourcesContent":[null],"names":["NextResponse","AccessTokenErrorCode","proactivelyRefreshAccessToken","combineHeaders","addCachingHeaders"],"mappings":"
|
|
1
|
+
{"version":3,"file":"token.js","sources":["../../../../../src/server/middleware/token.ts"],"sourcesContent":[null],"names":["debug","NextResponse","AccessTokenErrorCode","proactivelyRefreshAccessToken","combineHeaders","addCachingHeaders"],"mappings":";;;;;;;;;;;;;AAOA,MAAM,GAAG,GAAGA,sBAAK,CAAC,4BAA4B,CAAC;AAMxC,MAAM,wBAAwB,GAAG,OAAO,EAC7C,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,EACX,OAAO,GAOR,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,aAAa;QAAE;AAE5D,IAAA,GAAG,CAAC,+BAA+B,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;IAC5E,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,IAAI,CAAC,OAAO,EAAE;QACZ,GAAG,CAAC,yCAAyC,CAAC;QAC9C,OAAOC,mBAAY,CAAC,IAAI,CACtB;AACE,YAAA,KAAK,EAAE;AACL,gBAAA,OAAO,EAAE,2CAA2C;gBACpD,IAAI,EAAEC,2BAAoB,CAAC,eAAe;AAC3C,aAAA;SACF,EACD;AACE,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CACF;IACH;AAEA,IAAA,IAAI;QACF,GAAG,CAAC,yBAAyB,CAAC;QAC9B,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAMC,2DAA6B,CAAC;YAC/D,OAAO;YACP,QAAQ;YACR,aAAa;YACb,WAAW;AACZ,SAAA,CAAC;AACF,QAAA,GAAG,CAAC,qCAAqC,EAAE,EAAE,SAAS,EAAE,CAAC;AACzD,QAAA,MAAM,aAAa,GAAGF,mBAAY,CAAC,IAAI,CAAC;YACtC,KAAK;YACL,SAAS;AACV,SAAA,CAAC;QACF,MAAM,2BAA2B,GAAGG,6BAAc,CAAC;AACjD,YAAA,kBAAkB,EAAE,aAAa;AACjC,YAAA,YAAY,EAAE,QAAQ;AACtB,YAAA,eAAe,EAAE,IAAI;AACtB,SAAA,CAAC;QACFC,mCAAiB,CAAC,2BAA2B,CAAC;;QAE9C,KAAK,MAAM,MAAM,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;AAC9C,YAAA,2BAA2B,CAAC,OAAO,CAAC,GAAG,CACrC,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,KAAK,EACZ,MAAM,CACP;QACH;AACA,QAAA,OAAO,2BAA2B;IACpC;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;QACnC,GAAG,CAAC,4BAA4B,EAAE;YAChC,OAAO,EAAE,SAAS,CAAC,OAAO;YAC1B,IAAI,EAAE,SAAS,CAAC,IAAI;AACrB,SAAA,CAAC;AACF,QAAA,OAAO,GAAG,SAAS,CAAC;AACpB,QAAA,OAAOJ,mBAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,EAAE,EAC/D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB;IACH;AACF;;;;"}
|
|
@@ -1,10 +1,18 @@
|
|
|
1
|
+
import debug from 'debug';
|
|
1
2
|
import { getAuth0Instance } from '../getAuth0Instance.js';
|
|
2
3
|
|
|
4
|
+
const log = debug('@smg-automotive/auth:token');
|
|
3
5
|
const getAccessToken = async ({ protocol, host, context, }) => {
|
|
6
|
+
log('Getting access token', {
|
|
7
|
+
host,
|
|
8
|
+
protocol,
|
|
9
|
+
hasRequest: !!context?.request,
|
|
10
|
+
});
|
|
4
11
|
const auth0Instance = getAuth0Instance({ protocol, host });
|
|
5
12
|
const { token } = context?.request
|
|
6
13
|
? await auth0Instance.getAccessToken(context.request, context.response)
|
|
7
14
|
: await auth0Instance.getAccessToken();
|
|
15
|
+
log('Access token retrieved', { tokenLength: token?.length || 0 });
|
|
8
16
|
return token;
|
|
9
17
|
};
|
|
10
18
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getAccessToken.js","sources":["../../../../../src/server/helpers/getAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"getAccessToken.js","sources":["../../../../../src/server/helpers/getAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":";;;AAMA,MAAM,GAAG,GAAG,KAAK,CAAC,4BAA4B,CAAC;AAExC,MAAM,cAAc,GAAG,OAAO,EACnC,QAAQ,EACR,IAAI,EACJ,OAAO,GACwC,KAAI;IACnD,GAAG,CAAC,sBAAsB,EAAE;QAC1B,IAAI;QACJ,QAAQ;AACR,QAAA,UAAU,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO;AAC/B,KAAA,CAAC;IACF,MAAM,aAAa,GAAG,gBAAgB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AAC1D,IAAA,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE;AACzB,UAAE,MAAM,aAAa,CAAC,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,QAAQ;AACtE,UAAE,MAAM,aAAa,CAAC,cAAc,EAAE;AACxC,IAAA,GAAG,CAAC,wBAAwB,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,IAAI,CAAC,EAAE,CAAC;AAClE,IAAA,OAAO,KAAK;AACd;;;;"}
|
|
@@ -1,33 +1,62 @@
|
|
|
1
|
+
import debug from 'debug';
|
|
1
2
|
import { getAccessToken } from './getAccessToken.js';
|
|
2
3
|
import { getAuth0Instance } from '../getAuth0Instance.js';
|
|
3
4
|
import { enrichUser } from '../../lib/enrichUser/session.js';
|
|
4
5
|
|
|
6
|
+
const log = debug('@smg-automotive/auth:user');
|
|
5
7
|
const getSessionData = async ({ protocol, host, context, }) => {
|
|
8
|
+
log('Retrieving session data', {
|
|
9
|
+
host,
|
|
10
|
+
protocol,
|
|
11
|
+
hasRequest: !!context?.request,
|
|
12
|
+
});
|
|
6
13
|
const auth0Instance = getAuth0Instance({ host, protocol });
|
|
7
|
-
|
|
8
|
-
? auth0Instance.getSession(context.request)
|
|
9
|
-
: auth0Instance.getSession();
|
|
14
|
+
const session = context?.request
|
|
15
|
+
? await auth0Instance.getSession(context.request)
|
|
16
|
+
: await auth0Instance.getSession();
|
|
17
|
+
log('Session retrieved', { hasSession: !!session, hasUser: !!session?.user });
|
|
18
|
+
return session;
|
|
10
19
|
};
|
|
11
20
|
const getUser = async ({ context, host, protocol, }) => {
|
|
21
|
+
log('Getting user', { host, protocol });
|
|
12
22
|
const sessionData = await getSessionData({ host, protocol, context });
|
|
13
|
-
if (!sessionData || !sessionData.user)
|
|
23
|
+
if (!sessionData || !sessionData.user) {
|
|
24
|
+
log('No session or user found');
|
|
14
25
|
return null;
|
|
15
|
-
|
|
26
|
+
}
|
|
27
|
+
const user = sessionData.user;
|
|
28
|
+
log('User retrieved', {
|
|
29
|
+
userId: user.userId,
|
|
30
|
+
sellerId: user.sellerId,
|
|
31
|
+
email: user.email,
|
|
32
|
+
});
|
|
33
|
+
return user;
|
|
16
34
|
};
|
|
17
35
|
const getEnrichedUser = async ({ brand, context, host, protocol, }) => {
|
|
36
|
+
log('Getting enriched user', { brand, host, protocol });
|
|
18
37
|
const user = await getUser({ host, protocol, context });
|
|
19
|
-
if (!user)
|
|
38
|
+
if (!user) {
|
|
39
|
+
log('No user found, cannot enrich');
|
|
20
40
|
return null;
|
|
41
|
+
}
|
|
42
|
+
log('Retrieving access token for enrichment');
|
|
21
43
|
const accessToken = await getAccessToken({
|
|
22
44
|
host,
|
|
23
45
|
protocol,
|
|
24
46
|
context,
|
|
25
47
|
});
|
|
26
|
-
|
|
48
|
+
log('Access token retrieved, enriching user');
|
|
49
|
+
const enrichedUser = await enrichUser({
|
|
27
50
|
user,
|
|
28
51
|
accessToken,
|
|
29
52
|
brand,
|
|
30
53
|
});
|
|
54
|
+
log('User enriched successfully', {
|
|
55
|
+
userId: enrichedUser.userId,
|
|
56
|
+
sellerId: enrichedUser.sellerId,
|
|
57
|
+
hasEntitlements: !!enrichedUser.entitlements,
|
|
58
|
+
});
|
|
59
|
+
return enrichedUser;
|
|
31
60
|
};
|
|
32
61
|
|
|
33
62
|
export { getEnrichedUser, getUser };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getUser.js","sources":["../../../../../src/server/helpers/getUser.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"getUser.js","sources":["../../../../../src/server/helpers/getUser.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;AAYA,MAAM,GAAG,GAAG,KAAK,CAAC,2BAA2B,CAAC;AAE9C,MAAM,cAAc,GAAG,OAAO,EAC5B,QAAQ,EACR,IAAI,EACJ,OAAO,GACwC,KAAI;IACnD,GAAG,CAAC,yBAAyB,EAAE;QAC7B,IAAI;QACJ,QAAQ;AACR,QAAA,UAAU,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO;AAC/B,KAAA,CAAC;IACF,MAAM,aAAa,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAE1D,IAAA,MAAM,OAAO,GAAG,OAAO,EAAE;UACrB,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,OAAO;AAChD,UAAE,MAAM,aAAa,CAAC,UAAU,EAAE;AAEpC,IAAA,GAAG,CAAC,mBAAmB,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC;AAC7E,IAAA,OAAO,OAAO;AAChB,CAAC;AAEM,MAAM,OAAO,GAAG,OAAO,EAC5B,OAAO,EACP,IAAI,EACJ,QAAQ,GAEY,KAAiC;IACrD,GAAG,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AACvC,IAAA,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IACrE,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE;QACrC,GAAG,CAAC,0BAA0B,CAAC;AAC/B,QAAA,OAAO,IAAI;IACb;AAEA,IAAA,MAAM,IAAI,GAAG,WAAW,CAAC,IAAmB;IAC5C,GAAG,CAAC,gBAAgB,EAAE;QACpB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,KAAK,EAAE,IAAI,CAAC,KAAK;AAClB,KAAA,CAAC;AACF,IAAA,OAAO,IAAI;AACb;AAEO,MAAM,eAAe,GAAG,OAAO,EACpC,KAAK,EACL,OAAO,EACP,IAAI,EACJ,QAAQ,GAIP,KAAyC;IAC1C,GAAG,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AACvD,IAAA,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IACvD,IAAI,CAAC,IAAI,EAAE;QACT,GAAG,CAAC,8BAA8B,CAAC;AACnC,QAAA,OAAO,IAAI;IACb;IAEA,GAAG,CAAC,wCAAwC,CAAC;AAC7C,IAAA,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC;QACvC,IAAI;QACJ,QAAQ;QACR,OAAO;AACR,KAAA,CAAC;IACF,GAAG,CAAC,wCAAwC,CAAC;AAC7C,IAAA,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC;QACpC,IAAI;QACJ,WAAW;QACX,KAAK;AACN,KAAA,CAAC;IACF,GAAG,CAAC,4BAA4B,EAAE;QAChC,MAAM,EAAE,YAAY,CAAC,MAAM;QAC3B,QAAQ,EAAE,YAAY,CAAC,QAAQ;AAC/B,QAAA,eAAe,EAAE,CAAC,CAAC,YAAY,CAAC,YAAY;AAC7C,KAAA,CAAC;AACF,IAAA,OAAO,YAAY;AACrB;;;;"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
|
+
import debug from 'debug';
|
|
2
3
|
import { getAuth0Config } from '../../config/auth0.js';
|
|
3
4
|
import { getAuth0Instance } from '../getAuth0Instance.js';
|
|
4
5
|
import { handleAccessTokenRequest } from './token.js';
|
|
@@ -8,6 +9,7 @@ import { handleCrossDomainLogout, deleteRelatedSessionCookies } from './logout.j
|
|
|
8
9
|
import { addLoginParams } from './login.js';
|
|
9
10
|
import { combineHeaders } from './combineHeaders.js';
|
|
10
11
|
|
|
12
|
+
const log = debug('@smg-automotive/auth:middleware');
|
|
11
13
|
const isAuthRoute = (pathname, auth0Config) => {
|
|
12
14
|
const { loginEndpoint, logoutEndpoint, callbackEndpoint, userProfileEndpoint, tokenEndpoint, } = auth0Config;
|
|
13
15
|
return [
|
|
@@ -20,12 +22,19 @@ const isAuthRoute = (pathname, auth0Config) => {
|
|
|
20
22
|
};
|
|
21
23
|
const authMiddleware = async ({ request, isProtectedRoute, language, host, protocol, onError, brand, }) => {
|
|
22
24
|
const { pathname } = request.nextUrl;
|
|
25
|
+
log('Processing request', {
|
|
26
|
+
pathname,
|
|
27
|
+
host,
|
|
28
|
+
protocol,
|
|
29
|
+
method: request.method,
|
|
30
|
+
});
|
|
23
31
|
const auth0Instance = getAuth0Instance({
|
|
24
32
|
host,
|
|
25
33
|
protocol,
|
|
26
34
|
});
|
|
27
35
|
const auth0Config = getAuth0Config();
|
|
28
36
|
const isAuthErrorRoute = pathname.endsWith(auth0Config.globalAuthErrorPath);
|
|
37
|
+
log('Auth route check', { pathname, isAuthErrorRoute });
|
|
29
38
|
const crossDomainLogoutResult = handleCrossDomainLogout({
|
|
30
39
|
host,
|
|
31
40
|
protocol,
|
|
@@ -33,13 +42,16 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
33
42
|
auth0Config,
|
|
34
43
|
});
|
|
35
44
|
if (crossDomainLogoutResult) {
|
|
45
|
+
log('Cross-domain logout detected, redirecting');
|
|
36
46
|
return crossDomainLogoutResult;
|
|
37
47
|
}
|
|
38
48
|
addLoginParams({
|
|
39
49
|
request,
|
|
40
50
|
auth0Config,
|
|
41
51
|
});
|
|
52
|
+
log('Calling Auth0 middleware');
|
|
42
53
|
const authResponse = await auth0Instance.middleware(request);
|
|
54
|
+
log('Auth0 middleware completed', { status: authResponse.status });
|
|
43
55
|
deleteRelatedSessionCookies({
|
|
44
56
|
host,
|
|
45
57
|
request,
|
|
@@ -54,6 +66,7 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
54
66
|
onError,
|
|
55
67
|
});
|
|
56
68
|
if (accessTokenRequestResult) {
|
|
69
|
+
log('Access token request handled');
|
|
57
70
|
return accessTokenRequestResult;
|
|
58
71
|
}
|
|
59
72
|
const handleUserProfileResult = await handleUserProfile({
|
|
@@ -64,12 +77,15 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
64
77
|
brand,
|
|
65
78
|
});
|
|
66
79
|
if (handleUserProfileResult) {
|
|
80
|
+
log('User profile request handled');
|
|
67
81
|
return handleUserProfileResult;
|
|
68
82
|
}
|
|
69
83
|
if (isAuthRoute(pathname, auth0Config) || isAuthErrorRoute) {
|
|
84
|
+
log('Auth route, returning response');
|
|
70
85
|
return authResponse;
|
|
71
86
|
}
|
|
72
87
|
const isProtected = !isAuthErrorRoute && isProtectedRoute(pathname);
|
|
88
|
+
log('Route protection check', { pathname, isProtected });
|
|
73
89
|
const protectRouteResult = await protectRoute({
|
|
74
90
|
isProtected,
|
|
75
91
|
auth0Instance,
|
|
@@ -80,8 +96,12 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
80
96
|
onError,
|
|
81
97
|
});
|
|
82
98
|
if (protectRouteResult) {
|
|
99
|
+
log('Route protection handled', {
|
|
100
|
+
redirected: protectRouteResult.status === 307,
|
|
101
|
+
});
|
|
83
102
|
return protectRouteResult;
|
|
84
103
|
}
|
|
104
|
+
log('Request completed, combining headers');
|
|
85
105
|
return combineHeaders({
|
|
86
106
|
middlewareResponse: NextResponse.next({
|
|
87
107
|
request: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;;AAgBA,MAAM,GAAG,GAAG,KAAK,CAAC,iCAAiC,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,KAAK,GASN,KAA2B;AAC1B,IAAA,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO;IACpC,GAAG,CAAC,oBAAoB,EAAE;QACxB,QAAQ;QACR,IAAI;QACJ,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;AACvB,KAAA,CAAC;IAEF,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,IAAI;QACJ,QAAQ;AACT,KAAA,CAAC;AAEF,IAAA,MAAM,WAAW,GAAG,cAAc,EAAE;IACpC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAC3E,GAAG,CAAC,kBAAkB,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAEvD,MAAM,uBAAuB,GAAG,uBAAuB,CAAC;QACtD,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;QAC3B,GAAG,CAAC,2CAA2C,CAAC;AAChD,QAAA,OAAO,uBAAuB;IAChC;AAEA,IAAA,cAAc,CAAC;QACb,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IAEF,GAAG,CAAC,0BAA0B,CAAC;IAC/B,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAC5D,GAAG,CAAC,4BAA4B,EAAE,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;AAElE,IAAA,2BAA2B,CAAC;QAC1B,IAAI;QACJ,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,WAAW;AACZ,KAAA,CAAC;AAEF,IAAA,MAAM,wBAAwB,GAAG,MAAM,wBAAwB,CAAC;QAC9D,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,OAAO;AACR,KAAA,CAAC;IACF,IAAI,wBAAwB,EAAE;QAC5B,GAAG,CAAC,8BAA8B,CAAC;AACnC,QAAA,OAAO,wBAAwB;IACjC;AAEA,IAAA,MAAM,uBAAuB,GAAG,MAAM,iBAAiB,CAAC;QACtD,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,KAAK;AACN,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;QAC3B,GAAG,CAAC,8BAA8B,CAAC;AACnC,QAAA,OAAO,uBAAuB;IAChC;IAEA,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,gBAAgB,EAAE;QAC1D,GAAG,CAAC,gCAAgC,CAAC;AACrC,QAAA,OAAO,YAAY;IACrB;IAEA,MAAM,WAAW,GAAG,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,CAAC;IACnE,GAAG,CAAC,wBAAwB,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;AACxD,IAAA,MAAM,kBAAkB,GAAG,MAAM,YAAY,CAAC;QAC5C,WAAW;QACX,aAAa;QACb,WAAW;QACX,QAAQ;QACR,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,OAAO;AACR,KAAA,CAAC;IACF,IAAI,kBAAkB,EAAE;QACtB,GAAG,CAAC,0BAA0B,EAAE;AAC9B,YAAA,UAAU,EAAE,kBAAkB,CAAC,MAAM,KAAK,GAAG;AAC9C,SAAA,CAAC;AACF,QAAA,OAAO,kBAAkB;IAC3B;IAEA,GAAG,CAAC,sCAAsC,CAAC;AAC3C,IAAA,OAAO,cAAc,CAAC;AACpB,QAAA,kBAAkB,EAAE,YAAY,CAAC,IAAI,CAAC;AACpC,YAAA,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,aAAA;SACF,CAAC;QACF,YAAY;AACb,KAAA,CAAC;AACJ;;;;"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
|
+
import debug from 'debug';
|
|
2
3
|
|
|
4
|
+
const log = debug('@smg-automotive/auth:logout');
|
|
3
5
|
const validateReturnTo = ({ pathOrUrl, host, protocol, otherDomainHost, crossDomainLogout, }) => {
|
|
4
6
|
if (typeof pathOrUrl !== 'string')
|
|
5
7
|
return false;
|
|
@@ -44,9 +46,11 @@ const getOtherDomainHost = (currentHost) => {
|
|
|
44
46
|
const handleCrossDomainLogout = ({ host, protocol, request, auth0Config: { languageConfig, logoutEndpoint }, }) => {
|
|
45
47
|
if (request.nextUrl.pathname !== logoutEndpoint)
|
|
46
48
|
return;
|
|
49
|
+
log('Handling logout request', { host, protocol });
|
|
47
50
|
const searchParams = new URLSearchParams(request.nextUrl.search);
|
|
48
51
|
const specifiedReturnTo = searchParams.get('returnTo') || '';
|
|
49
52
|
const crossDomainLogout = searchParams.get('crossDomain') === 'true';
|
|
53
|
+
log('Logout parameters', { specifiedReturnTo, crossDomainLogout });
|
|
50
54
|
const otherDomainHost = getOtherDomainHost(host);
|
|
51
55
|
const currentDomainUrl = `${protocol}://${host}`;
|
|
52
56
|
const locale = searchParams.get('locale');
|
|
@@ -58,16 +62,22 @@ const handleCrossDomainLogout = ({ host, protocol, request, auth0Config: { langu
|
|
|
58
62
|
pathOrUrl: specifiedReturnTo,
|
|
59
63
|
crossDomainLogout,
|
|
60
64
|
});
|
|
65
|
+
log('ReturnTo validation', { isSafePath, specifiedReturnTo });
|
|
61
66
|
if (isSafePath && specifiedReturnTo) {
|
|
62
67
|
returnTo = specifiedReturnTo;
|
|
63
68
|
}
|
|
64
69
|
if (!crossDomainLogout && otherDomainHost && otherDomainHost !== host) {
|
|
70
|
+
log('Initiating cross-domain logout', { otherDomainHost });
|
|
65
71
|
const backToCurrentDomainUrl = new URL(logoutEndpoint, currentDomainUrl);
|
|
66
72
|
backToCurrentDomainUrl.searchParams.set('returnTo', returnTo);
|
|
67
73
|
backToCurrentDomainUrl.searchParams.set('crossDomain', 'true');
|
|
68
74
|
const otherDomainLogoutUrl = new URL(logoutEndpoint, `${protocol}://${otherDomainHost}`);
|
|
69
75
|
otherDomainLogoutUrl.searchParams.set('crossDomain', 'true');
|
|
70
76
|
otherDomainLogoutUrl.searchParams.set('returnTo', backToCurrentDomainUrl.toString());
|
|
77
|
+
log('Redirecting to other domain for logout', {
|
|
78
|
+
otherDomainHost,
|
|
79
|
+
returnUrl: backToCurrentDomainUrl.toString(),
|
|
80
|
+
});
|
|
71
81
|
return NextResponse.redirect(otherDomainLogoutUrl, {
|
|
72
82
|
status: 302,
|
|
73
83
|
});
|
|
@@ -94,6 +104,10 @@ const getLegacyCookieDomain = (hostname) => {
|
|
|
94
104
|
const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { logoutEndpoint, authCookieNames, legacyAccessTokenName, legacyRefreshTokenName, }, }) => {
|
|
95
105
|
if (request.nextUrl.pathname !== logoutEndpoint || !response)
|
|
96
106
|
return;
|
|
107
|
+
log('Deleting session cookies', {
|
|
108
|
+
host,
|
|
109
|
+
cookieCount: authCookieNames.length,
|
|
110
|
+
});
|
|
97
111
|
authCookieNames.forEach((cookieName) => {
|
|
98
112
|
response.cookies.delete({
|
|
99
113
|
name: cookieName,
|
|
@@ -112,6 +126,7 @@ const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { l
|
|
|
112
126
|
});
|
|
113
127
|
});
|
|
114
128
|
const legacyCookieDomain = getLegacyCookieDomain(host);
|
|
129
|
+
log('Deleting legacy cookies', { legacyCookieDomain });
|
|
115
130
|
response.cookies.delete({
|
|
116
131
|
name: legacyAccessTokenName,
|
|
117
132
|
maxAge: 0,
|
|
@@ -124,6 +139,7 @@ const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { l
|
|
|
124
139
|
path: '/',
|
|
125
140
|
domain: legacyCookieDomain,
|
|
126
141
|
});
|
|
142
|
+
log('All session cookies deleted');
|
|
127
143
|
};
|
|
128
144
|
|
|
129
145
|
export { deleteRelatedSessionCookies, handleCrossDomainLogout };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout.js","sources":["../../../../../src/server/middleware/logout.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"logout.js","sources":["../../../../../src/server/middleware/logout.ts"],"sourcesContent":[null],"names":[],"mappings":";;;AAKA,MAAM,GAAG,GAAG,KAAK,CAAC,6BAA6B,CAAC;AAEhD,MAAM,gBAAgB,GAAG,CAAC,EACxB,SAAS,EACT,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,iBAAiB,GAOlB,KAAI;IACH,IAAI,OAAO,SAAS,KAAK,QAAQ;AAAE,QAAA,OAAO,KAAK;AAC/C,IAAA,IAAI,SAAS,CAAC,MAAM,GAAG,IAAI;AAAE,QAAA,OAAO,KAAK;AAEzC,IAAA,IAAI;AACF,QAAA,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,SAAS,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,KAAK,GAAG,gBAAgB,GAAG,GAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,CAAA,EAAG,gBAAgB,CAAA,CAAE,CACtE;AACD,QAAA,MAAM,WAAW,GAAG,eAAe,CAAC,QAAQ;AAE5C,QAAA,IACE,iBAAiB;YACjB,KAAK;AACL,YAAA,eAAe,CAAC,IAAI,KAAK,eAAe,EACxC;AACA,YAAA,OAAO,KAAK;QACd;QAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,CAAC,IAAI,KAAK,IAAI,EAAE;AACvD,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;AAChE,YAAA,OAAO,KAAK;QACd;;;QAIA,MAAM,eAAe,GAAG,yBAAyB;AACjD,QAAA,OAAO,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC;IAC1C;IAAE,OAAO,KAAK,EAAE;;AAEd,QAAA,OAAO,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,CAAC;AACjD,QAAA,OAAO,KAAK;IACd;AACF,CAAC;AAED,MAAM,kBAAkB,GAAG,CAAC,WAAmB,KAAY;AACzD,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,OAAO,WAAW;AACpB,CAAC;MAEY,uBAAuB,GAAG,CAAC,EACtC,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,WAAW,EAAE,EAAE,cAAc,EAAE,cAAc,EAAE,GAMhD,KAAyB;AACxB,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc;QAAE;IAEjD,GAAG,CAAC,yBAAyB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAClD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAEhE,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE;IAC5D,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,MAAM;IACpE,GAAG,CAAC,mBAAmB,EAAE,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,CAAC;AAElE,IAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,CAAC;AAChD,IAAA,MAAM,gBAAgB,GAAG,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,EAAE;IAChD,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC;AACzC,IAAA,IAAI,QAAQ,GAAG,MAAM,GAAG,CAAA,CAAA,EAAI,MAAM,CAAA,CAAE,GAAG,CAAA,CAAA,EAAI,cAAc,CAAC,OAAO,EAAE;IACnE,MAAM,UAAU,GAAG,gBAAgB,CAAC;QAClC,QAAQ;QACR,IAAI;QACJ,eAAe;AACf,QAAA,SAAS,EAAE,iBAAiB;QAC5B,iBAAiB;AAClB,KAAA,CAAC;IACF,GAAG,CAAC,qBAAqB,EAAE,EAAE,UAAU,EAAE,iBAAiB,EAAE,CAAC;AAC7D,IAAA,IAAI,UAAU,IAAI,iBAAiB,EAAE;QACnC,QAAQ,GAAG,iBAAiB;IAC9B;IAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,IAAI,eAAe,KAAK,IAAI,EAAE;AACrE,QAAA,GAAG,CAAC,gCAAgC,EAAE,EAAE,eAAe,EAAE,CAAC;QAC1D,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,gBAAgB,CAAC;QACxE,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;QAC7D,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAE9D,QAAA,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAClC,cAAc,EACd,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,eAAe,CAAA,CAAE,CACnC;QACD,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAC5D,QAAA,oBAAoB,CAAC,YAAY,CAAC,GAAG,CACnC,UAAU,EACV,sBAAsB,CAAC,QAAQ,EAAE,CAClC;QAED,GAAG,CAAC,wCAAwC,EAAE;YAC5C,eAAe;AACf,YAAA,SAAS,EAAE,sBAAsB,CAAC,QAAQ,EAAE;AAC7C,SAAA,CAAC;AACF,QAAA,OAAO,YAAY,CAAC,QAAQ,CAAC,oBAAoB,EAAE;AACjD,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CAAC;IACJ;IAEA,IAAI,aAAa,GAAG,KAAK;AACzB,IAAA,IAAI;AACF,QAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,QAAQ,CAAC;AACpD,QAAA,aAAa,GAAG,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC;IACpD;IAAE,OAAO,KAAK,EAAE;;AAEd,QAAA,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC;IACjD;AAEA,IAAA,YAAY,CAAC,GAAG,CACd,UAAU,EACV,aAAa,GAAG,QAAQ,GAAG,CAAA,EAAG,gBAAgB,GAAG,QAAQ,CAAA,CAAE,CAC5D;IACD,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;AAClD;AAEA,MAAM,qBAAqB,GAAG,CAAC,QAAgB,KAAI;IACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;AACjC,IAAA,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAE;AAE3C,IAAA,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;IACtC,OAAO,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;AACnB,CAAC;AAEM,MAAM,2BAA2B,GAAG,CAAC,EAC1C,IAAI,EACJ,OAAO,EACP,QAAQ,EACR,WAAW,EAAE,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,sBAAsB,GACvB,GAMF,KAAI;IACH,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc,IAAI,CAAC,QAAQ;QAAE;IAE9D,GAAG,CAAC,0BAA0B,EAAE;QAC9B,IAAI;QACJ,WAAW,EAAE,eAAe,CAAC,MAAM;AACpC,KAAA,CAAC;AACF,IAAA,eAAe,CAAC,OAAO,CAAC,CAAC,UAAU,KAAI;AACrC,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,YAAA,IAAI,EAAE,UAAU;AAChB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACF,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK;AACxB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACF,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK;AACxB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACJ,IAAA,CAAC,CAAC;AAEF,IAAA,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,IAAI,CAAC;AACtD,IAAA,GAAG,CAAC,yBAAyB,EAAE,EAAE,kBAAkB,EAAE,CAAC;AACtD,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,qBAAqB;AAC3B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACF,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,sBAAsB;AAC5B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;IACF,GAAG,CAAC,6BAA6B,CAAC;AACpC;;;;"}
|
|
@@ -1,10 +1,26 @@
|
|
|
1
|
+
import debug from 'debug';
|
|
2
|
+
|
|
3
|
+
const log = debug('@smg-automotive/auth:token');
|
|
1
4
|
const proactivelyRefreshAccessToken = async ({ request, response, auth0Instance, auth0Config, }) => {
|
|
5
|
+
log('Checking if token refresh is needed');
|
|
2
6
|
const session = await auth0Instance.getSession(request);
|
|
3
|
-
const
|
|
4
|
-
|
|
5
|
-
|
|
7
|
+
const expiresAt = session?.tokenSet.expiresAt || 0;
|
|
8
|
+
const expiresInSeconds = expiresAt - Date.now() / 1000;
|
|
9
|
+
const shouldRefresh = auth0Config.debugForceTokenRefresh || expiresAt < Date.now() / 1000 + 30;
|
|
10
|
+
log('Token refresh decision', {
|
|
11
|
+
shouldRefresh,
|
|
12
|
+
expiresInSeconds: Math.round(expiresInSeconds),
|
|
13
|
+
debugForceRefresh: auth0Config.debugForceTokenRefresh,
|
|
14
|
+
hasSession: !!session,
|
|
15
|
+
});
|
|
16
|
+
const result = await auth0Instance.getAccessToken(request, response, {
|
|
6
17
|
refresh: shouldRefresh,
|
|
7
18
|
});
|
|
19
|
+
log('Access token retrieved', {
|
|
20
|
+
expiresAt: result.expiresAt,
|
|
21
|
+
tokenLength: result.token.length,
|
|
22
|
+
});
|
|
23
|
+
return result;
|
|
8
24
|
};
|
|
9
25
|
|
|
10
26
|
export { proactivelyRefreshAccessToken };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"proactivelyRefreshAccessToken.js","sources":["../../../../../src/server/middleware/proactivelyRefreshAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"proactivelyRefreshAccessToken.js","sources":["../../../../../src/server/middleware/proactivelyRefreshAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAMA,MAAM,GAAG,GAAG,KAAK,CAAC,4BAA4B,CAAC;AAExC,MAAM,6BAA6B,GAAG,OAAO,EAClD,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,GAMZ,KAAmD;IAClD,GAAG,CAAC,qCAAqC,CAAC;IAC1C,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,MAAM,SAAS,GAAG,OAAO,EAAE,QAAQ,CAAC,SAAS,IAAI,CAAC;IAClD,MAAM,gBAAgB,GAAG,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI;AACtD,IAAA,MAAM,aAAa,GACjB,WAAW,CAAC,sBAAsB,IAAI,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE;IAE1E,GAAG,CAAC,wBAAwB,EAAE;QAC5B,aAAa;AACb,QAAA,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC;QAC9C,iBAAiB,EAAE,WAAW,CAAC,sBAAsB;QACrD,UAAU,EAAE,CAAC,CAAC,OAAO;AACtB,KAAA,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE;AACnE,QAAA,OAAO,EAAE,aAAa;AACvB,KAAA,CAAC;IAEF,GAAG,CAAC,wBAAwB,EAAE;QAC5B,SAAS,EAAE,MAAM,CAAC,SAAS;AAC3B,QAAA,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;AACjC,KAAA,CAAC;AAEF,IAAA,OAAO,MAAM;AACf;;;;"}
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
|
+
import debug from 'debug';
|
|
2
3
|
import { enrichUser } from '../../lib/enrichUser/session.js';
|
|
3
4
|
import { proactivelyRefreshAccessToken } from './proactivelyRefreshAccessToken.js';
|
|
4
5
|
import { combineHeaders } from './combineHeaders.js';
|
|
5
6
|
import { addCachingHeaders } from './addCachingHeaders.js';
|
|
6
7
|
|
|
8
|
+
const log = debug('@smg-automotive/auth:profile');
|
|
7
9
|
const returnEmptyResponse = () => {
|
|
8
10
|
return new NextResponse(null, {
|
|
9
11
|
status: 204,
|
|
@@ -18,23 +20,35 @@ const returnEmptyResponse = () => {
|
|
|
18
20
|
const handleUserProfile = async ({ request, response, auth0Instance, auth0Config, brand, }) => {
|
|
19
21
|
if (request.nextUrl.pathname !== auth0Config.userProfileEndpoint)
|
|
20
22
|
return;
|
|
23
|
+
log('Handling user profile request', { brand });
|
|
21
24
|
const session = await auth0Instance.getSession(request);
|
|
22
25
|
if (!session) {
|
|
26
|
+
log('No session found for profile request');
|
|
23
27
|
return returnEmptyResponse();
|
|
24
28
|
}
|
|
25
29
|
try {
|
|
26
30
|
const user = session.user;
|
|
31
|
+
log('User found, refreshing token and enriching', {
|
|
32
|
+
userId: user.userId,
|
|
33
|
+
sellerId: user.sellerId,
|
|
34
|
+
});
|
|
27
35
|
const { token } = await proactivelyRefreshAccessToken({
|
|
28
36
|
request,
|
|
29
37
|
response,
|
|
30
38
|
auth0Instance,
|
|
31
39
|
auth0Config,
|
|
32
40
|
});
|
|
41
|
+
log('Token refreshed, enriching user');
|
|
33
42
|
const enrichedUser = await enrichUser({
|
|
34
43
|
user,
|
|
35
44
|
accessToken: token,
|
|
36
45
|
brand,
|
|
37
46
|
});
|
|
47
|
+
log('User enriched successfully', {
|
|
48
|
+
userId: enrichedUser.userId,
|
|
49
|
+
sellerId: enrichedUser.sellerId,
|
|
50
|
+
hasEntitlements: !!enrichedUser.entitlements,
|
|
51
|
+
});
|
|
38
52
|
const userResponse = NextResponse.json(enrichedUser);
|
|
39
53
|
const responseWithCombinedHeaders = combineHeaders({
|
|
40
54
|
middlewareResponse: userResponse,
|
|
@@ -49,8 +63,10 @@ const handleUserProfile = async ({ request, response, auth0Instance, auth0Config
|
|
|
49
63
|
return responseWithCombinedHeaders;
|
|
50
64
|
}
|
|
51
65
|
catch (error) {
|
|
52
|
-
|
|
53
|
-
|
|
66
|
+
log('User Profile error loading entitlements', {
|
|
67
|
+
error: error instanceof Error ? error.message : String(error),
|
|
68
|
+
stack: error instanceof Error ? error.stack : undefined,
|
|
69
|
+
});
|
|
54
70
|
return returnEmptyResponse();
|
|
55
71
|
}
|
|
56
72
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profile.js","sources":["../../../../../src/server/middleware/profile.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"profile.js","sources":["../../../../../src/server/middleware/profile.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;AAYA,MAAM,GAAG,GAAG,KAAK,CAAC,8BAA8B,CAAC;AAEjD,MAAM,mBAAmB,GAAG,MAAmB;AAC7C,IAAA,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE;AAC5B,QAAA,MAAM,EAAE,GAAG;AACX,QAAA,OAAO,EAAE;AACP,YAAA,IAAI,EAAE,uBAAuB;AAC7B,YAAA,eAAe,EACb,yDAAyD;AAC3D,YAAA,MAAM,EAAE,UAAU;AAClB,YAAA,OAAO,EAAE,GAAG;AACb,SAAA;AACF,KAAA,CAAC;AACJ,CAAC;AAEM,MAAM,iBAAiB,GAAG,OAAO,EACtC,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,EACX,KAAK,GAON,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,mBAAmB;QAAE;AAElE,IAAA,GAAG,CAAC,+BAA+B,EAAE,EAAE,KAAK,EAAE,CAAC;IAC/C,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,IAAI,CAAC,OAAO,EAAE;QACZ,GAAG,CAAC,sCAAsC,CAAC;QAC3C,OAAO,mBAAmB,EAAE;IAC9B;AAEA,IAAA,IAAI;AACF,QAAA,MAAM,IAAI,GAAG,OAAO,CAAC,IAAmB;QACxC,GAAG,CAAC,4CAA4C,EAAE;YAChD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;AACxB,SAAA,CAAC;AACF,QAAA,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,6BAA6B,CAAC;YACpD,OAAO;YACP,QAAQ;YACR,aAAa;YACb,WAAW;AACZ,SAAA,CAAC;QACF,GAAG,CAAC,iCAAiC,CAAC;AACtC,QAAA,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC;YACpC,IAAI;AACJ,YAAA,WAAW,EAAE,KAAK;YAClB,KAAK;AACN,SAAA,CAAC;QAEF,GAAG,CAAC,4BAA4B,EAAE;YAChC,MAAM,EAAE,YAAY,CAAC,MAAM;YAC3B,QAAQ,EAAE,YAAY,CAAC,QAAQ;AAC/B,YAAA,eAAe,EAAE,CAAC,CAAC,YAAY,CAAC,YAAY;AAC7C,SAAA,CAAC;QACF,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;QACpD,MAAM,2BAA2B,GAAG,cAAc,CAAC;AACjD,YAAA,kBAAkB,EAAE,YAAY;AAChC,YAAA,YAAY,EAAE,QAAQ;AACtB,YAAA,eAAe,EAAE,IAAI;AACtB,SAAA,CAAC;QACF,iBAAiB,CAAC,2BAA2B,CAAC;;QAE9C,KAAK,MAAM,MAAM,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;AAC9C,YAAA,2BAA2B,CAAC,OAAO,CAAC,GAAG,CACrC,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,KAAK,EACZ,MAAM,CACP;QACH;AACA,QAAA,OAAO,2BAA2B;IACpC;IAAE,OAAO,KAAK,EAAE;QACd,GAAG,CAAC,yCAAyC,EAAE;AAC7C,YAAA,KAAK,EAAE,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC;AAC7D,YAAA,KAAK,EAAE,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,KAAK,GAAG,SAAS;AACxD,SAAA,CAAC;QAEF,OAAO,mBAAmB,EAAE;IAC9B;AACF;;;;"}
|
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
|
+
import debug from 'debug';
|
|
2
3
|
import { getLoginLink } from '../../lib/authLinks.js';
|
|
3
4
|
import { proactivelyRefreshAccessToken } from './proactivelyRefreshAccessToken.js';
|
|
4
5
|
|
|
6
|
+
const log = debug('@smg-automotive/auth:protectRoute');
|
|
5
7
|
const redirectToLogin = ({ auth0Config, language, returnTo, origin, }) => {
|
|
6
8
|
const loginUrl = getLoginLink({
|
|
7
9
|
auth0Config,
|
|
@@ -13,12 +15,16 @@ const redirectToLogin = ({ auth0Config, language, returnTo, origin, }) => {
|
|
|
13
15
|
});
|
|
14
16
|
};
|
|
15
17
|
const protectRoute = async ({ isProtected, auth0Instance, auth0Config, language, request, response, onError, }) => {
|
|
16
|
-
const session = await auth0Instance.getSession(request);
|
|
17
18
|
const { pathname, search, origin } = request.nextUrl;
|
|
19
|
+
log('Checking route protection', { pathname, isProtected });
|
|
20
|
+
const session = await auth0Instance.getSession(request);
|
|
21
|
+
log('Session check', { hasSession: !!session, hasUser: !!session?.user });
|
|
18
22
|
if (!isProtected && !session?.user) {
|
|
23
|
+
log('Route not protected and no user session, allowing');
|
|
19
24
|
return response;
|
|
20
25
|
}
|
|
21
26
|
if (!session && isProtected) {
|
|
27
|
+
log('Protected route without session, redirecting to login');
|
|
22
28
|
return redirectToLogin({
|
|
23
29
|
auth0Config,
|
|
24
30
|
language,
|
|
@@ -27,15 +33,21 @@ const protectRoute = async ({ isProtected, auth0Instance, auth0Config, language,
|
|
|
27
33
|
});
|
|
28
34
|
}
|
|
29
35
|
try {
|
|
36
|
+
log('Refreshing token for protected route');
|
|
30
37
|
await proactivelyRefreshAccessToken({
|
|
31
38
|
request,
|
|
32
39
|
response,
|
|
33
40
|
auth0Instance,
|
|
34
41
|
auth0Config,
|
|
35
42
|
});
|
|
43
|
+
log('Token refreshed successfully, allowing access');
|
|
36
44
|
}
|
|
37
45
|
catch (error) {
|
|
38
46
|
const authError = error;
|
|
47
|
+
log('Token refresh failed for protected route', {
|
|
48
|
+
message: authError.message,
|
|
49
|
+
code: authError.code,
|
|
50
|
+
});
|
|
39
51
|
onError?.(authError);
|
|
40
52
|
return redirectToLogin({
|
|
41
53
|
auth0Config,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"protectRoute.js","sources":["../../../../../src/server/middleware/protectRoute.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"protectRoute.js","sources":["../../../../../src/server/middleware/protectRoute.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;AAWA,MAAM,GAAG,GAAG,KAAK,CAAC,mCAAmC,CAAC;AAEtD,MAAM,eAAe,GAAG,CAAC,EACvB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,MAAM,GAMP,KAAkB;IACjB,MAAM,QAAQ,GAAG,YAAY,CAAC;QAC5B,WAAW;QACX,QAAQ;QACR,QAAQ;AACT,KAAA,CAAC;IAEF,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE;AACtD,QAAA,MAAM,EAAE,GAAG;AACZ,KAAA,CAAC;AACJ,CAAC;MAEY,YAAY,GAAG,OAAO,EACjC,WAAW,EACX,aAAa,EACb,WAAW,EACX,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,OAAO,GASR,KAAkC;IACjC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;IACpD,GAAG,CAAC,2BAA2B,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;IAE3D,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;AACvD,IAAA,GAAG,CAAC,eAAe,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC;IAEzE,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE;QAClC,GAAG,CAAC,mDAAmD,CAAC;AACxD,QAAA,OAAO,QAAQ;IACjB;AAEA,IAAA,IAAI,CAAC,OAAO,IAAI,WAAW,EAAE;QAC3B,GAAG,CAAC,uDAAuD,CAAC;AAC5D,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AAEA,IAAA,IAAI;QACF,GAAG,CAAC,sCAAsC,CAAC;AAC3C,QAAA,MAAM,6BAA6B,CAAC;YAClC,OAAO;YACP,QAAQ;YACR,aAAa;YACb,WAAW;AACZ,SAAA,CAAC;QACF,GAAG,CAAC,+CAA+C,CAAC;IACtD;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;QACnC,GAAG,CAAC,0CAA0C,EAAE;YAC9C,OAAO,EAAE,SAAS,CAAC,OAAO;YAC1B,IAAI,EAAE,SAAS,CAAC,IAAI;AACrB,SAAA,CAAC;AACF,QAAA,OAAO,GAAG,SAAS,CAAC;AAEpB,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AACF;;;;"}
|
|
@@ -1,14 +1,18 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
|
+
import debug from 'debug';
|
|
2
3
|
import { AccessTokenErrorCode } from '@auth0/nextjs-auth0/errors';
|
|
3
4
|
import { proactivelyRefreshAccessToken } from './proactivelyRefreshAccessToken.js';
|
|
4
5
|
import { combineHeaders } from './combineHeaders.js';
|
|
5
6
|
import { addCachingHeaders } from './addCachingHeaders.js';
|
|
6
7
|
|
|
8
|
+
const log = debug('@smg-automotive/auth:token');
|
|
7
9
|
const handleAccessTokenRequest = async ({ request, response, auth0Instance, auth0Config, onError, }) => {
|
|
8
10
|
if (request.nextUrl.pathname !== auth0Config.tokenEndpoint)
|
|
9
11
|
return;
|
|
12
|
+
log('Handling access token request', { pathname: request.nextUrl.pathname });
|
|
10
13
|
const session = await auth0Instance.getSession(request);
|
|
11
14
|
if (!session) {
|
|
15
|
+
log('Access token request failed: no session');
|
|
12
16
|
return NextResponse.json({
|
|
13
17
|
error: {
|
|
14
18
|
message: 'The user does not have an active session.',
|
|
@@ -19,12 +23,14 @@ const handleAccessTokenRequest = async ({ request, response, auth0Instance, auth
|
|
|
19
23
|
});
|
|
20
24
|
}
|
|
21
25
|
try {
|
|
26
|
+
log('Refreshing access token');
|
|
22
27
|
const { token, expiresAt } = await proactivelyRefreshAccessToken({
|
|
23
28
|
request,
|
|
24
29
|
response,
|
|
25
30
|
auth0Instance,
|
|
26
31
|
auth0Config,
|
|
27
32
|
});
|
|
33
|
+
log('Access token refreshed successfully', { expiresAt });
|
|
28
34
|
const tokenResponse = NextResponse.json({
|
|
29
35
|
token,
|
|
30
36
|
expiresAt,
|
|
@@ -43,6 +49,10 @@ const handleAccessTokenRequest = async ({ request, response, auth0Instance, auth
|
|
|
43
49
|
}
|
|
44
50
|
catch (error) {
|
|
45
51
|
const authError = error;
|
|
52
|
+
log('Access token request error', {
|
|
53
|
+
message: authError.message,
|
|
54
|
+
code: authError.code,
|
|
55
|
+
});
|
|
46
56
|
onError?.(authError);
|
|
47
57
|
return NextResponse.json({ error: { message: authError.message, code: authError.code } }, { status: 401 });
|
|
48
58
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.js","sources":["../../../../../src/server/middleware/token.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"token.js","sources":["../../../../../src/server/middleware/token.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;AAOA,MAAM,GAAG,GAAG,KAAK,CAAC,4BAA4B,CAAC;AAMxC,MAAM,wBAAwB,GAAG,OAAO,EAC7C,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,EACX,OAAO,GAOR,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,aAAa;QAAE;AAE5D,IAAA,GAAG,CAAC,+BAA+B,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;IAC5E,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,IAAI,CAAC,OAAO,EAAE;QACZ,GAAG,CAAC,yCAAyC,CAAC;QAC9C,OAAO,YAAY,CAAC,IAAI,CACtB;AACE,YAAA,KAAK,EAAE;AACL,gBAAA,OAAO,EAAE,2CAA2C;gBACpD,IAAI,EAAE,oBAAoB,CAAC,eAAe;AAC3C,aAAA;SACF,EACD;AACE,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CACF;IACH;AAEA,IAAA,IAAI;QACF,GAAG,CAAC,yBAAyB,CAAC;QAC9B,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,6BAA6B,CAAC;YAC/D,OAAO;YACP,QAAQ;YACR,aAAa;YACb,WAAW;AACZ,SAAA,CAAC;AACF,QAAA,GAAG,CAAC,qCAAqC,EAAE,EAAE,SAAS,EAAE,CAAC;AACzD,QAAA,MAAM,aAAa,GAAG,YAAY,CAAC,IAAI,CAAC;YACtC,KAAK;YACL,SAAS;AACV,SAAA,CAAC;QACF,MAAM,2BAA2B,GAAG,cAAc,CAAC;AACjD,YAAA,kBAAkB,EAAE,aAAa;AACjC,YAAA,YAAY,EAAE,QAAQ;AACtB,YAAA,eAAe,EAAE,IAAI;AACtB,SAAA,CAAC;QACF,iBAAiB,CAAC,2BAA2B,CAAC;;QAE9C,KAAK,MAAM,MAAM,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;AAC9C,YAAA,2BAA2B,CAAC,OAAO,CAAC,GAAG,CACrC,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,KAAK,EACZ,MAAM,CACP;QACH;AACA,QAAA,OAAO,2BAA2B;IACpC;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;QACnC,GAAG,CAAC,4BAA4B,EAAE;YAChC,OAAO,EAAE,SAAS,CAAC,OAAO;YAC1B,IAAI,EAAE,SAAS,CAAC,IAAI;AACrB,SAAA,CAAC;AACF,QAAA,OAAO,GAAG,SAAS,CAAC;AACpB,QAAA,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,EAAE,EAC/D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB;IACH;AACF;;;;"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@smg-automotive/auth",
|
|
3
|
-
"version": "8.1.
|
|
3
|
+
"version": "8.1.5-instrumentation-with-debug.1",
|
|
4
4
|
"description": "SMG Automotive auth package",
|
|
5
5
|
"exports": {
|
|
6
6
|
".": {
|
|
@@ -68,6 +68,7 @@
|
|
|
68
68
|
"@testing-library/jest-dom": "6.9.1",
|
|
69
69
|
"@testing-library/react": "16.3.0",
|
|
70
70
|
"@testing-library/user-event": "14.6.1",
|
|
71
|
+
"@types/debug": "4.1.12",
|
|
71
72
|
"@types/react": "19.2.2",
|
|
72
73
|
"dotenv": "17.2.3",
|
|
73
74
|
"jest": "30.2.0",
|
|
@@ -92,6 +93,7 @@
|
|
|
92
93
|
"@auth0/nextjs-auth0": "4.9.0",
|
|
93
94
|
"@smg-automotive/api-client-pkg": "4.5.0",
|
|
94
95
|
"@smg-automotive/i18n-pkg": "2.0.0",
|
|
96
|
+
"debug": "4.4.3",
|
|
95
97
|
"jose": "6.1.0",
|
|
96
98
|
"redis": "5.9.0"
|
|
97
99
|
},
|