@smg-automotive/auth 8.1.5-instrumentation-with-debug.1 → 8.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -66
- package/dist/cjs/client/hooks/useUser.js +1 -1
- package/dist/cjs/client/hooks/useUser.js.map +1 -1
- package/dist/cjs/server/helpers/getAccessToken.js +0 -12
- package/dist/cjs/server/helpers/getAccessToken.js.map +1 -1
- package/dist/cjs/server/helpers/getUser.js +7 -40
- package/dist/cjs/server/helpers/getUser.js.map +1 -1
- package/dist/cjs/server/hooks/onCallbackFactory.d.ts +1 -1
- package/dist/cjs/server/hooks/onCallbackFactory.js +14 -1
- package/dist/cjs/server/hooks/onCallbackFactory.js.map +1 -1
- package/dist/cjs/server/middleware/index.js +0 -24
- package/dist/cjs/server/middleware/index.js.map +1 -1
- package/dist/cjs/server/middleware/logout.js +0 -20
- package/dist/cjs/server/middleware/logout.js.map +1 -1
- package/dist/cjs/server/middleware/proactivelyRefreshAccessToken.js +3 -23
- package/dist/cjs/server/middleware/proactivelyRefreshAccessToken.js.map +1 -1
- package/dist/cjs/server/middleware/profile.js +2 -22
- package/dist/cjs/server/middleware/profile.js.map +1 -1
- package/dist/cjs/server/middleware/protectRoute.js +1 -17
- package/dist/cjs/server/middleware/protectRoute.js.map +1 -1
- package/dist/cjs/server/middleware/token.js +0 -14
- package/dist/cjs/server/middleware/token.js.map +1 -1
- package/dist/esm/client/hooks/useUser.js +1 -1
- package/dist/esm/client/hooks/useUser.js.map +1 -1
- package/dist/esm/server/helpers/getAccessToken.js +0 -8
- package/dist/esm/server/helpers/getAccessToken.js.map +1 -1
- package/dist/esm/server/helpers/getUser.js +7 -36
- package/dist/esm/server/helpers/getUser.js.map +1 -1
- package/dist/esm/server/hooks/onCallbackFactory.d.ts +1 -1
- package/dist/esm/server/hooks/onCallbackFactory.js +14 -1
- package/dist/esm/server/hooks/onCallbackFactory.js.map +1 -1
- package/dist/esm/server/middleware/index.js +0 -20
- package/dist/esm/server/middleware/index.js.map +1 -1
- package/dist/esm/server/middleware/logout.js +0 -16
- package/dist/esm/server/middleware/logout.js.map +1 -1
- package/dist/esm/server/middleware/proactivelyRefreshAccessToken.js +3 -19
- package/dist/esm/server/middleware/proactivelyRefreshAccessToken.js.map +1 -1
- package/dist/esm/server/middleware/profile.js +2 -18
- package/dist/esm/server/middleware/profile.js.map +1 -1
- package/dist/esm/server/middleware/protectRoute.js +1 -13
- package/dist/esm/server/middleware/protectRoute.js.map +1 -1
- package/dist/esm/server/middleware/token.js +0 -10
- package/dist/esm/server/middleware/token.js.map +1 -1
- package/package.json +3 -5
|
@@ -1,15 +1,9 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var server = require('next/server');
|
|
4
|
-
var debug = require('debug');
|
|
5
4
|
var authLinks = require('../../lib/authLinks.js');
|
|
6
5
|
var proactivelyRefreshAccessToken = require('./proactivelyRefreshAccessToken.js');
|
|
7
6
|
|
|
8
|
-
function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
|
|
9
|
-
|
|
10
|
-
var debug__default = /*#__PURE__*/_interopDefaultCompat(debug);
|
|
11
|
-
|
|
12
|
-
const log = debug__default.default('@smg-automotive/auth:protectRoute');
|
|
13
7
|
const redirectToLogin = ({ auth0Config, language, returnTo, origin, }) => {
|
|
14
8
|
const loginUrl = authLinks.getLoginLink({
|
|
15
9
|
auth0Config,
|
|
@@ -21,16 +15,12 @@ const redirectToLogin = ({ auth0Config, language, returnTo, origin, }) => {
|
|
|
21
15
|
});
|
|
22
16
|
};
|
|
23
17
|
const protectRoute = async ({ isProtected, auth0Instance, auth0Config, language, request, response, onError, }) => {
|
|
24
|
-
const { pathname, search, origin } = request.nextUrl;
|
|
25
|
-
log('Checking route protection', { pathname, isProtected });
|
|
26
18
|
const session = await auth0Instance.getSession(request);
|
|
27
|
-
|
|
19
|
+
const { pathname, search, origin } = request.nextUrl;
|
|
28
20
|
if (!isProtected && !session?.user) {
|
|
29
|
-
log('Route not protected and no user session, allowing');
|
|
30
21
|
return response;
|
|
31
22
|
}
|
|
32
23
|
if (!session && isProtected) {
|
|
33
|
-
log('Protected route without session, redirecting to login');
|
|
34
24
|
return redirectToLogin({
|
|
35
25
|
auth0Config,
|
|
36
26
|
language,
|
|
@@ -39,21 +29,15 @@ const protectRoute = async ({ isProtected, auth0Instance, auth0Config, language,
|
|
|
39
29
|
});
|
|
40
30
|
}
|
|
41
31
|
try {
|
|
42
|
-
log('Refreshing token for protected route');
|
|
43
32
|
await proactivelyRefreshAccessToken.proactivelyRefreshAccessToken({
|
|
44
33
|
request,
|
|
45
34
|
response,
|
|
46
35
|
auth0Instance,
|
|
47
36
|
auth0Config,
|
|
48
37
|
});
|
|
49
|
-
log('Token refreshed successfully, allowing access');
|
|
50
38
|
}
|
|
51
39
|
catch (error) {
|
|
52
40
|
const authError = error;
|
|
53
|
-
log('Token refresh failed for protected route', {
|
|
54
|
-
message: authError.message,
|
|
55
|
-
code: authError.code,
|
|
56
|
-
});
|
|
57
41
|
onError?.(authError);
|
|
58
42
|
return redirectToLogin({
|
|
59
43
|
auth0Config,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"protectRoute.js","sources":["../../../../../src/server/middleware/protectRoute.ts"],"sourcesContent":[null],"names":["
|
|
1
|
+
{"version":3,"file":"protectRoute.js","sources":["../../../../../src/server/middleware/protectRoute.ts"],"sourcesContent":[null],"names":["getLoginLink","NextResponse","proactivelyRefreshAccessToken"],"mappings":";;;;;;AAUA,MAAM,eAAe,GAAG,CAAC,EACvB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,MAAM,GAMP,KAAkB;IACjB,MAAM,QAAQ,GAAGA,sBAAY,CAAC;QAC5B,WAAW;QACX,QAAQ;QACR,QAAQ;AACT,KAAA,CAAC;IAEF,OAAOC,mBAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE;AACtD,QAAA,MAAM,EAAE,GAAG;AACZ,KAAA,CAAC;AACJ,CAAC;MAEY,YAAY,GAAG,OAAO,EACjC,WAAW,EACX,aAAa,EACb,WAAW,EACX,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,OAAO,GASR,KAAkC;IACjC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IACvD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;IAEpD,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE;AAClC,QAAA,OAAO,QAAQ;IACjB;AAEA,IAAA,IAAI,CAAC,OAAO,IAAI,WAAW,EAAE;AAC3B,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AAEA,IAAA,IAAI;AACF,QAAA,MAAMC,2DAA6B,CAAC;YAClC,OAAO;YACP,QAAQ;YACR,aAAa;YACb,WAAW;AACZ,SAAA,CAAC;IACJ;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;AACnC,QAAA,OAAO,GAAG,SAAS,CAAC;AAEpB,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AACF;;;;"}
|
|
@@ -1,24 +1,16 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var server = require('next/server');
|
|
4
|
-
var debug = require('debug');
|
|
5
4
|
var errors = require('@auth0/nextjs-auth0/errors');
|
|
6
5
|
var proactivelyRefreshAccessToken = require('./proactivelyRefreshAccessToken.js');
|
|
7
6
|
var combineHeaders = require('./combineHeaders.js');
|
|
8
7
|
var addCachingHeaders = require('./addCachingHeaders.js');
|
|
9
8
|
|
|
10
|
-
function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
|
|
11
|
-
|
|
12
|
-
var debug__default = /*#__PURE__*/_interopDefaultCompat(debug);
|
|
13
|
-
|
|
14
|
-
const log = debug__default.default('@smg-automotive/auth:token');
|
|
15
9
|
const handleAccessTokenRequest = async ({ request, response, auth0Instance, auth0Config, onError, }) => {
|
|
16
10
|
if (request.nextUrl.pathname !== auth0Config.tokenEndpoint)
|
|
17
11
|
return;
|
|
18
|
-
log('Handling access token request', { pathname: request.nextUrl.pathname });
|
|
19
12
|
const session = await auth0Instance.getSession(request);
|
|
20
13
|
if (!session) {
|
|
21
|
-
log('Access token request failed: no session');
|
|
22
14
|
return server.NextResponse.json({
|
|
23
15
|
error: {
|
|
24
16
|
message: 'The user does not have an active session.',
|
|
@@ -29,14 +21,12 @@ const handleAccessTokenRequest = async ({ request, response, auth0Instance, auth
|
|
|
29
21
|
});
|
|
30
22
|
}
|
|
31
23
|
try {
|
|
32
|
-
log('Refreshing access token');
|
|
33
24
|
const { token, expiresAt } = await proactivelyRefreshAccessToken.proactivelyRefreshAccessToken({
|
|
34
25
|
request,
|
|
35
26
|
response,
|
|
36
27
|
auth0Instance,
|
|
37
28
|
auth0Config,
|
|
38
29
|
});
|
|
39
|
-
log('Access token refreshed successfully', { expiresAt });
|
|
40
30
|
const tokenResponse = server.NextResponse.json({
|
|
41
31
|
token,
|
|
42
32
|
expiresAt,
|
|
@@ -55,10 +45,6 @@ const handleAccessTokenRequest = async ({ request, response, auth0Instance, auth
|
|
|
55
45
|
}
|
|
56
46
|
catch (error) {
|
|
57
47
|
const authError = error;
|
|
58
|
-
log('Access token request error', {
|
|
59
|
-
message: authError.message,
|
|
60
|
-
code: authError.code,
|
|
61
|
-
});
|
|
62
48
|
onError?.(authError);
|
|
63
49
|
return server.NextResponse.json({ error: { message: authError.message, code: authError.code } }, { status: 401 });
|
|
64
50
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.js","sources":["../../../../../src/server/middleware/token.ts"],"sourcesContent":[null],"names":["
|
|
1
|
+
{"version":3,"file":"token.js","sources":["../../../../../src/server/middleware/token.ts"],"sourcesContent":[null],"names":["NextResponse","AccessTokenErrorCode","proactivelyRefreshAccessToken","combineHeaders","addCachingHeaders"],"mappings":";;;;;;;;AAUO,MAAM,wBAAwB,GAAG,OAAO,EAC7C,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,EACX,OAAO,GAOR,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,aAAa;QAAE;IAE5D,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,IAAI,CAAC,OAAO,EAAE;QACZ,OAAOA,mBAAY,CAAC,IAAI,CACtB;AACE,YAAA,KAAK,EAAE;AACL,gBAAA,OAAO,EAAE,2CAA2C;gBACpD,IAAI,EAAEC,2BAAoB,CAAC,eAAe;AAC3C,aAAA;SACF,EACD;AACE,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CACF;IACH;AAEA,IAAA,IAAI;QACF,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAMC,2DAA6B,CAAC;YAC/D,OAAO;YACP,QAAQ;YACR,aAAa;YACb,WAAW;AACZ,SAAA,CAAC;AACF,QAAA,MAAM,aAAa,GAAGF,mBAAY,CAAC,IAAI,CAAC;YACtC,KAAK;YACL,SAAS;AACV,SAAA,CAAC;QACF,MAAM,2BAA2B,GAAGG,6BAAc,CAAC;AACjD,YAAA,kBAAkB,EAAE,aAAa;AACjC,YAAA,YAAY,EAAE,QAAQ;AACtB,YAAA,eAAe,EAAE,IAAI;AACtB,SAAA,CAAC;QACFC,mCAAiB,CAAC,2BAA2B,CAAC;;QAE9C,KAAK,MAAM,MAAM,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;AAC9C,YAAA,2BAA2B,CAAC,OAAO,CAAC,GAAG,CACrC,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,KAAK,EACZ,MAAM,CACP;QACH;AACA,QAAA,OAAO,2BAA2B;IACpC;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;AACnC,QAAA,OAAO,GAAG,SAAS,CAAC;AACpB,QAAA,OAAOJ,mBAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,EAAE,EAC/D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB;IACH;AACF;;;;"}
|
|
@@ -12,7 +12,7 @@ const userFetcher = async (url) => {
|
|
|
12
12
|
};
|
|
13
13
|
const useUser = () => {
|
|
14
14
|
const config = useAuthConfig();
|
|
15
|
-
const { data, error, isLoading, mutate } = useSWR(config.userProfileEndpoint, userFetcher);
|
|
15
|
+
const { data, error, isLoading, mutate } = useSWR(config.userProfileEndpoint, userFetcher, { shouldRetryOnError: false });
|
|
16
16
|
const invalidate = useCallback(() => mutate(), [mutate]);
|
|
17
17
|
return {
|
|
18
18
|
user: data ?? null,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useUser.js","sources":["../../../../../src/client/hooks/useUser.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;AASA;AACE;AACA;AACE;;AAGF;AACF;AAEO;AACL
|
|
1
|
+
{"version":3,"file":"useUser.js","sources":["../../../../../src/client/hooks/useUser.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;AASA;AACE;AACA;AACE;;AAGF;AACF;AAEO;AACL;;AAQA;;;;;;;AAQF;;"}
|
|
@@ -1,18 +1,10 @@
|
|
|
1
|
-
import debug from 'debug';
|
|
2
1
|
import { getAuth0Instance } from '../getAuth0Instance.js';
|
|
3
2
|
|
|
4
|
-
const log = debug('@smg-automotive/auth:token');
|
|
5
3
|
const getAccessToken = async ({ protocol, host, context, }) => {
|
|
6
|
-
log('Getting access token', {
|
|
7
|
-
host,
|
|
8
|
-
protocol,
|
|
9
|
-
hasRequest: !!context?.request,
|
|
10
|
-
});
|
|
11
4
|
const auth0Instance = getAuth0Instance({ protocol, host });
|
|
12
5
|
const { token } = context?.request
|
|
13
6
|
? await auth0Instance.getAccessToken(context.request, context.response)
|
|
14
7
|
: await auth0Instance.getAccessToken();
|
|
15
|
-
log('Access token retrieved', { tokenLength: token?.length || 0 });
|
|
16
8
|
return token;
|
|
17
9
|
};
|
|
18
10
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getAccessToken.js","sources":["../../../../../src/server/helpers/getAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"getAccessToken.js","sources":["../../../../../src/server/helpers/getAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAIO,MAAM,cAAc,GAAG,OAAO,EACnC,QAAQ,EACR,IAAI,EACJ,OAAO,GACwC,KAAI;IACnD,MAAM,aAAa,GAAG,gBAAgB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AAC1D,IAAA,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE;AACzB,UAAE,MAAM,aAAa,CAAC,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,QAAQ;AACtE,UAAE,MAAM,aAAa,CAAC,cAAc,EAAE;AACxC,IAAA,OAAO,KAAK;AACd;;;;"}
|
|
@@ -1,62 +1,33 @@
|
|
|
1
|
-
import debug from 'debug';
|
|
2
1
|
import { getAccessToken } from './getAccessToken.js';
|
|
3
2
|
import { getAuth0Instance } from '../getAuth0Instance.js';
|
|
4
3
|
import { enrichUser } from '../../lib/enrichUser/session.js';
|
|
5
4
|
|
|
6
|
-
const log = debug('@smg-automotive/auth:user');
|
|
7
5
|
const getSessionData = async ({ protocol, host, context, }) => {
|
|
8
|
-
log('Retrieving session data', {
|
|
9
|
-
host,
|
|
10
|
-
protocol,
|
|
11
|
-
hasRequest: !!context?.request,
|
|
12
|
-
});
|
|
13
6
|
const auth0Instance = getAuth0Instance({ host, protocol });
|
|
14
|
-
|
|
15
|
-
?
|
|
16
|
-
:
|
|
17
|
-
log('Session retrieved', { hasSession: !!session, hasUser: !!session?.user });
|
|
18
|
-
return session;
|
|
7
|
+
return context?.request
|
|
8
|
+
? auth0Instance.getSession(context.request)
|
|
9
|
+
: auth0Instance.getSession();
|
|
19
10
|
};
|
|
20
11
|
const getUser = async ({ context, host, protocol, }) => {
|
|
21
|
-
log('Getting user', { host, protocol });
|
|
22
12
|
const sessionData = await getSessionData({ host, protocol, context });
|
|
23
|
-
if (!sessionData || !sessionData.user)
|
|
24
|
-
log('No session or user found');
|
|
13
|
+
if (!sessionData || !sessionData.user)
|
|
25
14
|
return null;
|
|
26
|
-
|
|
27
|
-
const user = sessionData.user;
|
|
28
|
-
log('User retrieved', {
|
|
29
|
-
userId: user.userId,
|
|
30
|
-
sellerId: user.sellerId,
|
|
31
|
-
email: user.email,
|
|
32
|
-
});
|
|
33
|
-
return user;
|
|
15
|
+
return sessionData.user;
|
|
34
16
|
};
|
|
35
17
|
const getEnrichedUser = async ({ brand, context, host, protocol, }) => {
|
|
36
|
-
log('Getting enriched user', { brand, host, protocol });
|
|
37
18
|
const user = await getUser({ host, protocol, context });
|
|
38
|
-
if (!user)
|
|
39
|
-
log('No user found, cannot enrich');
|
|
19
|
+
if (!user)
|
|
40
20
|
return null;
|
|
41
|
-
}
|
|
42
|
-
log('Retrieving access token for enrichment');
|
|
43
21
|
const accessToken = await getAccessToken({
|
|
44
22
|
host,
|
|
45
23
|
protocol,
|
|
46
24
|
context,
|
|
47
25
|
});
|
|
48
|
-
|
|
49
|
-
const enrichedUser = await enrichUser({
|
|
26
|
+
return enrichUser({
|
|
50
27
|
user,
|
|
51
28
|
accessToken,
|
|
52
29
|
brand,
|
|
53
30
|
});
|
|
54
|
-
log('User enriched successfully', {
|
|
55
|
-
userId: enrichedUser.userId,
|
|
56
|
-
sellerId: enrichedUser.sellerId,
|
|
57
|
-
hasEntitlements: !!enrichedUser.entitlements,
|
|
58
|
-
});
|
|
59
|
-
return enrichedUser;
|
|
60
31
|
};
|
|
61
32
|
|
|
62
33
|
export { getEnrichedUser, getUser };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getUser.js","sources":["../../../../../src/server/helpers/getUser.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"getUser.js","sources":["../../../../../src/server/helpers/getUser.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AAUA,MAAM,cAAc,GAAG,OAAO,EAC5B,QAAQ,EACR,IAAI,EACJ,OAAO,GACwC,KAAI;IACnD,MAAM,aAAa,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAE1D,OAAO,OAAO,EAAE;UACZ,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,OAAO;AAC1C,UAAE,aAAa,CAAC,UAAU,EAAE;AAChC,CAAC;AAEM,MAAM,OAAO,GAAG,OAAO,EAC5B,OAAO,EACP,IAAI,EACJ,QAAQ,GAEY,KAAiC;AACrD,IAAA,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AACrE,IAAA,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,CAAC,IAAI;AAAE,QAAA,OAAO,IAAI;IAElD,OAAO,WAAW,CAAC,IAAmB;AACxC;AAEO,MAAM,eAAe,GAAG,OAAO,EACpC,KAAK,EACL,OAAO,EACP,IAAI,EACJ,QAAQ,GAIP,KAAyC;AAC1C,IAAA,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AACvD,IAAA,IAAI,CAAC,IAAI;AAAE,QAAA,OAAO,IAAI;AAEtB,IAAA,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC;QACvC,IAAI;QACJ,QAAQ;QACR,OAAO;AACR,KAAA,CAAC;AACF,IAAA,OAAO,UAAU,CAAC;QAChB,IAAI;QACJ,WAAW;QACX,KAAK;AACN,KAAA,CAAC;AACJ;;;;"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
2
|
import type { OnCallbackContext, SessionData } from '@auth0/nextjs-auth0/types';
|
|
3
|
-
import type
|
|
3
|
+
import { type SdkError } from '@auth0/nextjs-auth0/errors';
|
|
4
4
|
import { Auth0Config } from 'src/types';
|
|
5
5
|
export declare const onCallbackFactory: ({ auth0Config, appBaseUrl, onError, }: {
|
|
6
6
|
auth0Config: Auth0Config;
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
2
|
import { cookies } from 'next/headers';
|
|
3
3
|
import { decodeJwt } from 'jose';
|
|
4
|
+
import { AccessTokenError, OAuth2Error } from '@auth0/nextjs-auth0/errors';
|
|
4
5
|
|
|
5
6
|
const createCallbackResponse = (context, appBaseUrl) => NextResponse.redirect(new URL(context.returnTo || '/', appBaseUrl));
|
|
6
7
|
const getLocaleFromContext = ({ returnTo }, appBaseUrl) => {
|
|
@@ -51,8 +52,8 @@ const handleAuth0Error = ({ error, auth0Config, appBaseUrl, localeFromUrl, onErr
|
|
|
51
52
|
return NextResponse.redirect(new URL(`/${locale}${auth0Config.globalAuthErrorPath}${errorCodeQuery}`, appBaseUrl));
|
|
52
53
|
};
|
|
53
54
|
const onCallbackFactory = ({ auth0Config, appBaseUrl, onError, }) => async (error, context, session) => {
|
|
55
|
+
const localeFromUrl = getLocaleFromContext(context, appBaseUrl);
|
|
54
56
|
if (error) {
|
|
55
|
-
const localeFromUrl = getLocaleFromContext(context, appBaseUrl);
|
|
56
57
|
return handleAuth0Error({
|
|
57
58
|
error,
|
|
58
59
|
auth0Config,
|
|
@@ -68,6 +69,18 @@ const onCallbackFactory = ({ auth0Config, appBaseUrl, onError, }) => async (erro
|
|
|
68
69
|
const decodedToken = session.tokenSet.accessToken
|
|
69
70
|
? decodeJwt(session.tokenSet.accessToken)
|
|
70
71
|
: null;
|
|
72
|
+
if (decodedToken && !decodedToken.complete) {
|
|
73
|
+
return handleAuth0Error({
|
|
74
|
+
error: new AccessTokenError(incompleteTokenErrorCode, incompleteTokenErrorCode, new OAuth2Error({
|
|
75
|
+
code: incompleteTokenErrorCode,
|
|
76
|
+
message: incompleteTokenErrorCode,
|
|
77
|
+
})),
|
|
78
|
+
auth0Config,
|
|
79
|
+
appBaseUrl,
|
|
80
|
+
localeFromUrl,
|
|
81
|
+
onError,
|
|
82
|
+
});
|
|
83
|
+
}
|
|
71
84
|
const availableSellerIds = decodedToken?.sellerIds ?? null;
|
|
72
85
|
let selectedSellerId = cookieStore.get(auth0Config.selectedSellerIdCookie.name)?.value ??
|
|
73
86
|
decodedToken?.sellerIds[0];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"onCallbackFactory.js","sources":["../../../../../src/server/hooks/onCallbackFactory.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"onCallbackFactory.js","sources":["../../../../../src/server/hooks/onCallbackFactory.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;AAaA,MAAM,sBAAsB,GAAG,CAC7B,OAA0B,EAC1B,UAAkB,KACf,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,GAAG,EAAE,UAAU,CAAC,CAAC;AAExE,MAAM,oBAAoB,GAAG,CAC3B,EAAE,QAAQ,EAAqB,EAC/B,UAAkB,KAChB;IACF,IAAI,CAAC,QAAQ,EAAE;AACb,QAAA,OAAO,EAAE;IACX;AAEA,IAAA,IAAI;QACF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC;QACzC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE;IAC7E;IAAE,OAAO,YAAY,EAAE;;AAErB,QAAA,OAAO,CAAC,IAAI,CACV,qDAAqD,EACrD,YAAY,CACb;IACH;AAEA,IAAA,OAAO,EAAE;AACX,CAAC;AAED,MAAM,wBAAwB,GAAG,sBAA+B;AAChE,MAAM,cAAc,GAAG,gCAAgC;AAEvD,MAAM,gBAAgB,GAAG,CAAC,EACxB,KAAK,EACL,WAAW,EACX,UAAU,EACV,aAAa,EACb,OAAO,GAOR,KAAkB;AACjB,IAAA,MAAM,iBAAiB,GAAG,WAAW,CAAC,cAAc,CAAC,SAAS;AAC9D,IAAA,MAAM,MAAM,GAAG,iBAAiB,CAAC,QAAQ,CAAC,aAAyB;AACjE,UAAG;AACH,UAAE,WAAW,CAAC,cAAc,CAAC,OAAO;AAEtC,IAAA,MAAM,cAAc,GAAG;QACrB,kBAAkB;QAClB,0BAA0B;QAC1B,wBAAwB;KACzB;IACD,IAAI,kBAAkB,GAAG,EAAE;AAE3B,IAAA,IAAI,KAAK,CAAC,KAAK,EAAE;AACf,QAAA,MAAM,KAAK,GAAG,KAAK,CAAC,KAAoB;QACxC,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC;AAC5D,QAAA,kBAAkB,GAAG,gBAAgB,GAAG,gBAAgB,CAAC,CAAC,CAAC,GAAG,EAAE;IAClE;AAEA,IAAA,IAAI,kBAAkB,KAAK,wBAAwB,EAAE;;AAEnD,QAAA,OAAO,CAAC,IAAI,CAAC,6DAA6D,CAAC;AAE3E,QAAA,OAAO,YAAY,CAAC,QAAQ,CAC1B,IAAI,GAAG,CAAC,WAAW,CAAC,cAAc,EAAE,UAAU,CAAC,CAChD;IACH;IAEA,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;AAChD,QAAA,OAAO,GAAG,KAAK,CAAC;;AAEhB,QAAA,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE,KAAK,CAAC;IAC9C;IAEA,MAAM,cAAc,GAAG;UACnB,CAAA,MAAA,EAAS,kBAAkB,CAAA;UAC3B,EAAE;IAEN,OAAO,YAAY,CAAC,QAAQ,CAC1B,IAAI,GAAG,CACL,IAAI,MAAM,CAAA,EAAG,WAAW,CAAC,mBAAmB,GAAG,cAAc,CAAA,CAAE,EAC/D,UAAU,CACX,CACF;AACH,CAAC;MAEY,iBAAiB,GAC5B,CAAC,EACC,WAAW,EACX,UAAU,EACV,OAAO,GAKR,KACD,OACE,KAAsB,EACtB,OAA0B,EAC1B,OAA2B,KACF;IACzB,MAAM,aAAa,GAAG,oBAAoB,CAAC,OAAO,EAAE,UAAU,CAAC;IAC/D,IAAI,KAAK,EAAE;AACT,QAAA,OAAO,gBAAgB,CAAC;YACtB,KAAK;YACL,WAAW;YACX,UAAU;YACV,aAAa;YACb,OAAO;AACR,SAAA,CAAC;IACJ;AAEA,IAAA,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE;AACnC,QAAA,OAAO,sBAAsB,CAAC,OAAO,EAAE,UAAU,CAAC;IACpD;AAEA,IAAA,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE;AACnC,IAAA,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC;UAClC,SAAS,CAAkB,OAAO,CAAC,QAAQ,CAAC,WAAW;UACvD,IAAI;AACR,IAAA,IAAI,YAAY,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE;AAC1C,QAAA,OAAO,gBAAgB,CAAC;YACtB,KAAK,EAAE,IAAI,gBAAgB,CACzB,wBAAwB,EACxB,wBAAwB,EACxB,IAAI,WAAW,CAAC;AACd,gBAAA,IAAI,EAAE,wBAAwB;AAC9B,gBAAA,OAAO,EAAE,wBAAwB;AAClC,aAAA,CAAC,CACH;YACD,WAAW;YACX,UAAU;YACV,aAAa;YACb,OAAO;AACR,SAAA,CAAC;IACJ;AAEA,IAAA,MAAM,kBAAkB,GAAG,YAAY,EAAE,SAAS,IAAI,IAAI;AAE1D,IAAA,IAAI,gBAAgB,GAClB,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,KAAK;AAC/D,QAAA,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC;AAE5B,IAAA,IACE,kBAAkB;QAClB,gBAAgB;AAChB,QAAA,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC;QACjC,kBAAkB,CAAC,MAAM,GAAG,CAAC;AAC7B,QAAA,CAAC,kBAAkB,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAC9C;;;;QAIA,gBAAgB,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACrD;IAEA,MAAM,QAAQ,GAAG,sBAAsB,CAAC,OAAO,EAAE,UAAU,CAAC;IAE5D,IAAI,gBAAgB,EAAE;AACpB,QAAA,QAAQ,CAAC,OAAO,CAAC,GAAG,CAClB,WAAW,CAAC,sBAAsB,CAAC,IAAI,EACvC,gBAAgB,EAChB,WAAW,CAAC,sBAAsB,CACnC;IACH;AAEA,IAAA,MAAM,oBAAoB,GAAG,YAAY,EAAE;AACzC,UAAE,YAAY,CAAC,SAAS,CAAC,CAAC;UACxB,IAAI;IAER,IAAI,oBAAoB,EAAE;AACxB,QAAA,QAAQ,CAAC,OAAO,CAAC,GAAG,CAClB,WAAW,CAAC,0BAA0B,CAAC,IAAI,EAC3C,oBAAoB,EACpB,WAAW,CAAC,0BAA0B,CACvC;IACH;AAEA,IAAA,OAAO,QAAQ;AACjB;;;;"}
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
|
-
import debug from 'debug';
|
|
3
2
|
import { getAuth0Config } from '../../config/auth0.js';
|
|
4
3
|
import { getAuth0Instance } from '../getAuth0Instance.js';
|
|
5
4
|
import { handleAccessTokenRequest } from './token.js';
|
|
@@ -9,7 +8,6 @@ import { handleCrossDomainLogout, deleteRelatedSessionCookies } from './logout.j
|
|
|
9
8
|
import { addLoginParams } from './login.js';
|
|
10
9
|
import { combineHeaders } from './combineHeaders.js';
|
|
11
10
|
|
|
12
|
-
const log = debug('@smg-automotive/auth:middleware');
|
|
13
11
|
const isAuthRoute = (pathname, auth0Config) => {
|
|
14
12
|
const { loginEndpoint, logoutEndpoint, callbackEndpoint, userProfileEndpoint, tokenEndpoint, } = auth0Config;
|
|
15
13
|
return [
|
|
@@ -22,19 +20,12 @@ const isAuthRoute = (pathname, auth0Config) => {
|
|
|
22
20
|
};
|
|
23
21
|
const authMiddleware = async ({ request, isProtectedRoute, language, host, protocol, onError, brand, }) => {
|
|
24
22
|
const { pathname } = request.nextUrl;
|
|
25
|
-
log('Processing request', {
|
|
26
|
-
pathname,
|
|
27
|
-
host,
|
|
28
|
-
protocol,
|
|
29
|
-
method: request.method,
|
|
30
|
-
});
|
|
31
23
|
const auth0Instance = getAuth0Instance({
|
|
32
24
|
host,
|
|
33
25
|
protocol,
|
|
34
26
|
});
|
|
35
27
|
const auth0Config = getAuth0Config();
|
|
36
28
|
const isAuthErrorRoute = pathname.endsWith(auth0Config.globalAuthErrorPath);
|
|
37
|
-
log('Auth route check', { pathname, isAuthErrorRoute });
|
|
38
29
|
const crossDomainLogoutResult = handleCrossDomainLogout({
|
|
39
30
|
host,
|
|
40
31
|
protocol,
|
|
@@ -42,16 +33,13 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
42
33
|
auth0Config,
|
|
43
34
|
});
|
|
44
35
|
if (crossDomainLogoutResult) {
|
|
45
|
-
log('Cross-domain logout detected, redirecting');
|
|
46
36
|
return crossDomainLogoutResult;
|
|
47
37
|
}
|
|
48
38
|
addLoginParams({
|
|
49
39
|
request,
|
|
50
40
|
auth0Config,
|
|
51
41
|
});
|
|
52
|
-
log('Calling Auth0 middleware');
|
|
53
42
|
const authResponse = await auth0Instance.middleware(request);
|
|
54
|
-
log('Auth0 middleware completed', { status: authResponse.status });
|
|
55
43
|
deleteRelatedSessionCookies({
|
|
56
44
|
host,
|
|
57
45
|
request,
|
|
@@ -66,7 +54,6 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
66
54
|
onError,
|
|
67
55
|
});
|
|
68
56
|
if (accessTokenRequestResult) {
|
|
69
|
-
log('Access token request handled');
|
|
70
57
|
return accessTokenRequestResult;
|
|
71
58
|
}
|
|
72
59
|
const handleUserProfileResult = await handleUserProfile({
|
|
@@ -77,15 +64,12 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
77
64
|
brand,
|
|
78
65
|
});
|
|
79
66
|
if (handleUserProfileResult) {
|
|
80
|
-
log('User profile request handled');
|
|
81
67
|
return handleUserProfileResult;
|
|
82
68
|
}
|
|
83
69
|
if (isAuthRoute(pathname, auth0Config) || isAuthErrorRoute) {
|
|
84
|
-
log('Auth route, returning response');
|
|
85
70
|
return authResponse;
|
|
86
71
|
}
|
|
87
72
|
const isProtected = !isAuthErrorRoute && isProtectedRoute(pathname);
|
|
88
|
-
log('Route protection check', { pathname, isProtected });
|
|
89
73
|
const protectRouteResult = await protectRoute({
|
|
90
74
|
isProtected,
|
|
91
75
|
auth0Instance,
|
|
@@ -96,12 +80,8 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
96
80
|
onError,
|
|
97
81
|
});
|
|
98
82
|
if (protectRouteResult) {
|
|
99
|
-
log('Route protection handled', {
|
|
100
|
-
redirected: protectRouteResult.status === 307,
|
|
101
|
-
});
|
|
102
83
|
return protectRouteResult;
|
|
103
84
|
}
|
|
104
|
-
log('Request completed, combining headers');
|
|
105
85
|
return combineHeaders({
|
|
106
86
|
middlewareResponse: NextResponse.next({
|
|
107
87
|
request: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;AAeA,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,KAAK,GASN,KAA2B;AAC1B,IAAA,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO;IACpC,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,IAAI;QACJ,QAAQ;AACT,KAAA,CAAC;AAEF,IAAA,MAAM,WAAW,GAAG,cAAc,EAAE;IACpC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAE3E,MAAM,uBAAuB,GAAG,uBAAuB,CAAC;QACtD,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;AAC3B,QAAA,OAAO,uBAAuB;IAChC;AAEA,IAAA,cAAc,CAAC;QACb,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IAEF,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;AAE5D,IAAA,2BAA2B,CAAC;QAC1B,IAAI;QACJ,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,WAAW;AACZ,KAAA,CAAC;AAEF,IAAA,MAAM,wBAAwB,GAAG,MAAM,wBAAwB,CAAC;QAC9D,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,OAAO;AACR,KAAA,CAAC;IACF,IAAI,wBAAwB,EAAE;AAC5B,QAAA,OAAO,wBAAwB;IACjC;AAEA,IAAA,MAAM,uBAAuB,GAAG,MAAM,iBAAiB,CAAC;QACtD,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,KAAK;AACN,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;AAC3B,QAAA,OAAO,uBAAuB;IAChC;IAEA,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,gBAAgB,EAAE;AAC1D,QAAA,OAAO,YAAY;IACrB;IAEA,MAAM,WAAW,GAAG,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,CAAC;AACnE,IAAA,MAAM,kBAAkB,GAAG,MAAM,YAAY,CAAC;QAC5C,WAAW;QACX,aAAa;QACb,WAAW;QACX,QAAQ;QACR,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,OAAO;AACR,KAAA,CAAC;IACF,IAAI,kBAAkB,EAAE;AACtB,QAAA,OAAO,kBAAkB;IAC3B;AAEA,IAAA,OAAO,cAAc,CAAC;AACpB,QAAA,kBAAkB,EAAE,YAAY,CAAC,IAAI,CAAC;AACpC,YAAA,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,aAAA;SACF,CAAC;QACF,YAAY;AACb,KAAA,CAAC;AACJ;;;;"}
|
|
@@ -1,7 +1,5 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
|
-
import debug from 'debug';
|
|
3
2
|
|
|
4
|
-
const log = debug('@smg-automotive/auth:logout');
|
|
5
3
|
const validateReturnTo = ({ pathOrUrl, host, protocol, otherDomainHost, crossDomainLogout, }) => {
|
|
6
4
|
if (typeof pathOrUrl !== 'string')
|
|
7
5
|
return false;
|
|
@@ -46,11 +44,9 @@ const getOtherDomainHost = (currentHost) => {
|
|
|
46
44
|
const handleCrossDomainLogout = ({ host, protocol, request, auth0Config: { languageConfig, logoutEndpoint }, }) => {
|
|
47
45
|
if (request.nextUrl.pathname !== logoutEndpoint)
|
|
48
46
|
return;
|
|
49
|
-
log('Handling logout request', { host, protocol });
|
|
50
47
|
const searchParams = new URLSearchParams(request.nextUrl.search);
|
|
51
48
|
const specifiedReturnTo = searchParams.get('returnTo') || '';
|
|
52
49
|
const crossDomainLogout = searchParams.get('crossDomain') === 'true';
|
|
53
|
-
log('Logout parameters', { specifiedReturnTo, crossDomainLogout });
|
|
54
50
|
const otherDomainHost = getOtherDomainHost(host);
|
|
55
51
|
const currentDomainUrl = `${protocol}://${host}`;
|
|
56
52
|
const locale = searchParams.get('locale');
|
|
@@ -62,22 +58,16 @@ const handleCrossDomainLogout = ({ host, protocol, request, auth0Config: { langu
|
|
|
62
58
|
pathOrUrl: specifiedReturnTo,
|
|
63
59
|
crossDomainLogout,
|
|
64
60
|
});
|
|
65
|
-
log('ReturnTo validation', { isSafePath, specifiedReturnTo });
|
|
66
61
|
if (isSafePath && specifiedReturnTo) {
|
|
67
62
|
returnTo = specifiedReturnTo;
|
|
68
63
|
}
|
|
69
64
|
if (!crossDomainLogout && otherDomainHost && otherDomainHost !== host) {
|
|
70
|
-
log('Initiating cross-domain logout', { otherDomainHost });
|
|
71
65
|
const backToCurrentDomainUrl = new URL(logoutEndpoint, currentDomainUrl);
|
|
72
66
|
backToCurrentDomainUrl.searchParams.set('returnTo', returnTo);
|
|
73
67
|
backToCurrentDomainUrl.searchParams.set('crossDomain', 'true');
|
|
74
68
|
const otherDomainLogoutUrl = new URL(logoutEndpoint, `${protocol}://${otherDomainHost}`);
|
|
75
69
|
otherDomainLogoutUrl.searchParams.set('crossDomain', 'true');
|
|
76
70
|
otherDomainLogoutUrl.searchParams.set('returnTo', backToCurrentDomainUrl.toString());
|
|
77
|
-
log('Redirecting to other domain for logout', {
|
|
78
|
-
otherDomainHost,
|
|
79
|
-
returnUrl: backToCurrentDomainUrl.toString(),
|
|
80
|
-
});
|
|
81
71
|
return NextResponse.redirect(otherDomainLogoutUrl, {
|
|
82
72
|
status: 302,
|
|
83
73
|
});
|
|
@@ -104,10 +94,6 @@ const getLegacyCookieDomain = (hostname) => {
|
|
|
104
94
|
const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { logoutEndpoint, authCookieNames, legacyAccessTokenName, legacyRefreshTokenName, }, }) => {
|
|
105
95
|
if (request.nextUrl.pathname !== logoutEndpoint || !response)
|
|
106
96
|
return;
|
|
107
|
-
log('Deleting session cookies', {
|
|
108
|
-
host,
|
|
109
|
-
cookieCount: authCookieNames.length,
|
|
110
|
-
});
|
|
111
97
|
authCookieNames.forEach((cookieName) => {
|
|
112
98
|
response.cookies.delete({
|
|
113
99
|
name: cookieName,
|
|
@@ -126,7 +112,6 @@ const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { l
|
|
|
126
112
|
});
|
|
127
113
|
});
|
|
128
114
|
const legacyCookieDomain = getLegacyCookieDomain(host);
|
|
129
|
-
log('Deleting legacy cookies', { legacyCookieDomain });
|
|
130
115
|
response.cookies.delete({
|
|
131
116
|
name: legacyAccessTokenName,
|
|
132
117
|
maxAge: 0,
|
|
@@ -139,7 +124,6 @@ const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { l
|
|
|
139
124
|
path: '/',
|
|
140
125
|
domain: legacyCookieDomain,
|
|
141
126
|
});
|
|
142
|
-
log('All session cookies deleted');
|
|
143
127
|
};
|
|
144
128
|
|
|
145
129
|
export { deleteRelatedSessionCookies, handleCrossDomainLogout };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout.js","sources":["../../../../../src/server/middleware/logout.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"logout.js","sources":["../../../../../src/server/middleware/logout.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAIA,MAAM,gBAAgB,GAAG,CAAC,EACxB,SAAS,EACT,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,iBAAiB,GAOlB,KAAI;IACH,IAAI,OAAO,SAAS,KAAK,QAAQ;AAAE,QAAA,OAAO,KAAK;AAC/C,IAAA,IAAI,SAAS,CAAC,MAAM,GAAG,IAAI;AAAE,QAAA,OAAO,KAAK;AAEzC,IAAA,IAAI;AACF,QAAA,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,SAAS,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,KAAK,GAAG,gBAAgB,GAAG,GAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,CAAA,EAAG,gBAAgB,CAAA,CAAE,CACtE;AACD,QAAA,MAAM,WAAW,GAAG,eAAe,CAAC,QAAQ;AAE5C,QAAA,IACE,iBAAiB;YACjB,KAAK;AACL,YAAA,eAAe,CAAC,IAAI,KAAK,eAAe,EACxC;AACA,YAAA,OAAO,KAAK;QACd;QAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,CAAC,IAAI,KAAK,IAAI,EAAE;AACvD,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;AAChE,YAAA,OAAO,KAAK;QACd;;;QAIA,MAAM,eAAe,GAAG,yBAAyB;AACjD,QAAA,OAAO,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC;IAC1C;IAAE,OAAO,KAAK,EAAE;;AAEd,QAAA,OAAO,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,CAAC;AACjD,QAAA,OAAO,KAAK;IACd;AACF,CAAC;AAED,MAAM,kBAAkB,GAAG,CAAC,WAAmB,KAAY;AACzD,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,OAAO,WAAW;AACpB,CAAC;MAEY,uBAAuB,GAAG,CAAC,EACtC,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,WAAW,EAAE,EAAE,cAAc,EAAE,cAAc,EAAE,GAMhD,KAAyB;AACxB,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc;QAAE;IAEjD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAEhE,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE;IAC5D,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,MAAM;AAEpE,IAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,CAAC;AAChD,IAAA,MAAM,gBAAgB,GAAG,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,EAAE;IAChD,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC;AACzC,IAAA,IAAI,QAAQ,GAAG,MAAM,GAAG,CAAA,CAAA,EAAI,MAAM,CAAA,CAAE,GAAG,CAAA,CAAA,EAAI,cAAc,CAAC,OAAO,EAAE;IACnE,MAAM,UAAU,GAAG,gBAAgB,CAAC;QAClC,QAAQ;QACR,IAAI;QACJ,eAAe;AACf,QAAA,SAAS,EAAE,iBAAiB;QAC5B,iBAAiB;AAClB,KAAA,CAAC;AACF,IAAA,IAAI,UAAU,IAAI,iBAAiB,EAAE;QACnC,QAAQ,GAAG,iBAAiB;IAC9B;IAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,IAAI,eAAe,KAAK,IAAI,EAAE;QACrE,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,gBAAgB,CAAC;QACxE,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;QAC7D,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAE9D,QAAA,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAClC,cAAc,EACd,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,eAAe,CAAA,CAAE,CACnC;QACD,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAC5D,QAAA,oBAAoB,CAAC,YAAY,CAAC,GAAG,CACnC,UAAU,EACV,sBAAsB,CAAC,QAAQ,EAAE,CAClC;AAED,QAAA,OAAO,YAAY,CAAC,QAAQ,CAAC,oBAAoB,EAAE;AACjD,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CAAC;IACJ;IAEA,IAAI,aAAa,GAAG,KAAK;AACzB,IAAA,IAAI;AACF,QAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,QAAQ,CAAC;AACpD,QAAA,aAAa,GAAG,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC;IACpD;IAAE,OAAO,KAAK,EAAE;;AAEd,QAAA,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC;IACjD;AAEA,IAAA,YAAY,CAAC,GAAG,CACd,UAAU,EACV,aAAa,GAAG,QAAQ,GAAG,CAAA,EAAG,gBAAgB,GAAG,QAAQ,CAAA,CAAE,CAC5D;IACD,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;AAClD;AAEA,MAAM,qBAAqB,GAAG,CAAC,QAAgB,KAAI;IACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;AACjC,IAAA,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAE;AAE3C,IAAA,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;IACtC,OAAO,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;AACnB,CAAC;AAEM,MAAM,2BAA2B,GAAG,CAAC,EAC1C,IAAI,EACJ,OAAO,EACP,QAAQ,EACR,WAAW,EAAE,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,sBAAsB,GACvB,GAMF,KAAI;IACH,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc,IAAI,CAAC,QAAQ;QAAE;AAE9D,IAAA,eAAe,CAAC,OAAO,CAAC,CAAC,UAAU,KAAI;AACrC,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,YAAA,IAAI,EAAE,UAAU;AAChB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACF,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK;AACxB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACF,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK;AACxB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACJ,IAAA,CAAC,CAAC;AAEF,IAAA,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,IAAI,CAAC;AACtD,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,qBAAqB;AAC3B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACF,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,sBAAsB;AAC5B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACJ;;;;"}
|
|
@@ -1,26 +1,10 @@
|
|
|
1
|
-
import debug from 'debug';
|
|
2
|
-
|
|
3
|
-
const log = debug('@smg-automotive/auth:token');
|
|
4
1
|
const proactivelyRefreshAccessToken = async ({ request, response, auth0Instance, auth0Config, }) => {
|
|
5
|
-
log('Checking if token refresh is needed');
|
|
6
2
|
const session = await auth0Instance.getSession(request);
|
|
7
|
-
const
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
log('Token refresh decision', {
|
|
11
|
-
shouldRefresh,
|
|
12
|
-
expiresInSeconds: Math.round(expiresInSeconds),
|
|
13
|
-
debugForceRefresh: auth0Config.debugForceTokenRefresh,
|
|
14
|
-
hasSession: !!session,
|
|
15
|
-
});
|
|
16
|
-
const result = await auth0Instance.getAccessToken(request, response, {
|
|
3
|
+
const shouldRefresh = auth0Config.debugForceTokenRefresh ||
|
|
4
|
+
(session?.tokenSet.expiresAt || 0) < Date.now() / 1000 + 30;
|
|
5
|
+
return auth0Instance.getAccessToken(request, response, {
|
|
17
6
|
refresh: shouldRefresh,
|
|
18
7
|
});
|
|
19
|
-
log('Access token retrieved', {
|
|
20
|
-
expiresAt: result.expiresAt,
|
|
21
|
-
tokenLength: result.token.length,
|
|
22
|
-
});
|
|
23
|
-
return result;
|
|
24
8
|
};
|
|
25
9
|
|
|
26
10
|
export { proactivelyRefreshAccessToken };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"proactivelyRefreshAccessToken.js","sources":["../../../../../src/server/middleware/proactivelyRefreshAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"proactivelyRefreshAccessToken.js","sources":["../../../../../src/server/middleware/proactivelyRefreshAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":"AAKO,MAAM,6BAA6B,GAAG,OAAO,EAClD,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,GAMZ,KAAmD;IAClD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;AAEvD,IAAA,MAAM,aAAa,GACjB,WAAW,CAAC,sBAAsB;AAClC,QAAA,CAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE;AAC7D,IAAA,OAAO,aAAa,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE;AACrD,QAAA,OAAO,EAAE,aAAa;AACvB,KAAA,CAAC;AACJ;;;;"}
|
|
@@ -1,11 +1,9 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
|
-
import debug from 'debug';
|
|
3
2
|
import { enrichUser } from '../../lib/enrichUser/session.js';
|
|
4
3
|
import { proactivelyRefreshAccessToken } from './proactivelyRefreshAccessToken.js';
|
|
5
4
|
import { combineHeaders } from './combineHeaders.js';
|
|
6
5
|
import { addCachingHeaders } from './addCachingHeaders.js';
|
|
7
6
|
|
|
8
|
-
const log = debug('@smg-automotive/auth:profile');
|
|
9
7
|
const returnEmptyResponse = () => {
|
|
10
8
|
return new NextResponse(null, {
|
|
11
9
|
status: 204,
|
|
@@ -20,35 +18,23 @@ const returnEmptyResponse = () => {
|
|
|
20
18
|
const handleUserProfile = async ({ request, response, auth0Instance, auth0Config, brand, }) => {
|
|
21
19
|
if (request.nextUrl.pathname !== auth0Config.userProfileEndpoint)
|
|
22
20
|
return;
|
|
23
|
-
log('Handling user profile request', { brand });
|
|
24
21
|
const session = await auth0Instance.getSession(request);
|
|
25
22
|
if (!session) {
|
|
26
|
-
log('No session found for profile request');
|
|
27
23
|
return returnEmptyResponse();
|
|
28
24
|
}
|
|
29
25
|
try {
|
|
30
26
|
const user = session.user;
|
|
31
|
-
log('User found, refreshing token and enriching', {
|
|
32
|
-
userId: user.userId,
|
|
33
|
-
sellerId: user.sellerId,
|
|
34
|
-
});
|
|
35
27
|
const { token } = await proactivelyRefreshAccessToken({
|
|
36
28
|
request,
|
|
37
29
|
response,
|
|
38
30
|
auth0Instance,
|
|
39
31
|
auth0Config,
|
|
40
32
|
});
|
|
41
|
-
log('Token refreshed, enriching user');
|
|
42
33
|
const enrichedUser = await enrichUser({
|
|
43
34
|
user,
|
|
44
35
|
accessToken: token,
|
|
45
36
|
brand,
|
|
46
37
|
});
|
|
47
|
-
log('User enriched successfully', {
|
|
48
|
-
userId: enrichedUser.userId,
|
|
49
|
-
sellerId: enrichedUser.sellerId,
|
|
50
|
-
hasEntitlements: !!enrichedUser.entitlements,
|
|
51
|
-
});
|
|
52
38
|
const userResponse = NextResponse.json(enrichedUser);
|
|
53
39
|
const responseWithCombinedHeaders = combineHeaders({
|
|
54
40
|
middlewareResponse: userResponse,
|
|
@@ -63,10 +49,8 @@ const handleUserProfile = async ({ request, response, auth0Instance, auth0Config
|
|
|
63
49
|
return responseWithCombinedHeaders;
|
|
64
50
|
}
|
|
65
51
|
catch (error) {
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
stack: error instanceof Error ? error.stack : undefined,
|
|
69
|
-
});
|
|
52
|
+
// eslint-disable-next-line no-console
|
|
53
|
+
console.warn('User Profile error loading entitlements', JSON.stringify(error, null, 2));
|
|
70
54
|
return returnEmptyResponse();
|
|
71
55
|
}
|
|
72
56
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profile.js","sources":["../../../../../src/server/middleware/profile.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"profile.js","sources":["../../../../../src/server/middleware/profile.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;AAWA,MAAM,mBAAmB,GAAG,MAAmB;AAC7C,IAAA,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE;AAC5B,QAAA,MAAM,EAAE,GAAG;AACX,QAAA,OAAO,EAAE;AACP,YAAA,IAAI,EAAE,uBAAuB;AAC7B,YAAA,eAAe,EACb,yDAAyD;AAC3D,YAAA,MAAM,EAAE,UAAU;AAClB,YAAA,OAAO,EAAE,GAAG;AACb,SAAA;AACF,KAAA,CAAC;AACJ,CAAC;AAEM,MAAM,iBAAiB,GAAG,OAAO,EACtC,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,EACX,KAAK,GAON,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,mBAAmB;QAAE;IAElE,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,IAAI,CAAC,OAAO,EAAE;QACZ,OAAO,mBAAmB,EAAE;IAC9B;AAEA,IAAA,IAAI;AACF,QAAA,MAAM,IAAI,GAAG,OAAO,CAAC,IAAmB;AACxC,QAAA,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,6BAA6B,CAAC;YACpD,OAAO;YACP,QAAQ;YACR,aAAa;YACb,WAAW;AACZ,SAAA,CAAC;AACF,QAAA,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC;YACpC,IAAI;AACJ,YAAA,WAAW,EAAE,KAAK;YAClB,KAAK;AACN,SAAA,CAAC;QAEF,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;QACpD,MAAM,2BAA2B,GAAG,cAAc,CAAC;AACjD,YAAA,kBAAkB,EAAE,YAAY;AAChC,YAAA,YAAY,EAAE,QAAQ;AACtB,YAAA,eAAe,EAAE,IAAI;AACtB,SAAA,CAAC;QACF,iBAAiB,CAAC,2BAA2B,CAAC;;QAE9C,KAAK,MAAM,MAAM,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;AAC9C,YAAA,2BAA2B,CAAC,OAAO,CAAC,GAAG,CACrC,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,KAAK,EACZ,MAAM,CACP;QACH;AACA,QAAA,OAAO,2BAA2B;IACpC;IAAE,OAAO,KAAK,EAAE;;AAEd,QAAA,OAAO,CAAC,IAAI,CACV,yCAAyC,EACzC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAC/B;QAED,OAAO,mBAAmB,EAAE;IAC9B;AACF;;;;"}
|