@smg-automotive/auth 8.2.2 → 8.2.3-port-error-handling.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
var server = require('next/server');
|
|
4
4
|
var debug = require('debug');
|
|
5
|
+
var authLinks = require('../../lib/authLinks.js');
|
|
5
6
|
var auth0 = require('../../config/auth0.js');
|
|
6
7
|
var getAuth0Instance = require('../getAuth0Instance.js');
|
|
7
8
|
var token = require('./token.js');
|
|
@@ -29,7 +30,7 @@ const isAuthRoute = (pathname, auth0Config) => {
|
|
|
29
30
|
};
|
|
30
31
|
const authMiddleware = async ({ request, isProtectedRoute, language, host, protocol, onError, brand, }) => {
|
|
31
32
|
const requestId$1 = requestId.getOrCreateRequestId(request);
|
|
32
|
-
const { pathname } = request.nextUrl;
|
|
33
|
+
const { pathname, search, origin } = request.nextUrl;
|
|
33
34
|
log('Processing request', {
|
|
34
35
|
requestId: requestId$1,
|
|
35
36
|
pathname,
|
|
@@ -42,88 +43,120 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
42
43
|
protocol,
|
|
43
44
|
});
|
|
44
45
|
const auth0Config = auth0.getAuth0Config();
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
crossDomainLogoutResult
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
host,
|
|
68
|
-
request,
|
|
69
|
-
response: authResponse,
|
|
70
|
-
auth0Config,
|
|
71
|
-
});
|
|
72
|
-
const accessTokenRequestResult = await token.handleAccessTokenRequest({
|
|
73
|
-
request,
|
|
74
|
-
response: authResponse,
|
|
75
|
-
auth0Instance,
|
|
76
|
-
auth0Config,
|
|
77
|
-
onError,
|
|
78
|
-
});
|
|
79
|
-
if (accessTokenRequestResult) {
|
|
80
|
-
log('Access token request handled', { requestId: requestId$1 });
|
|
81
|
-
return accessTokenRequestResult;
|
|
82
|
-
}
|
|
83
|
-
const handleUserProfileResult = await profile.handleUserProfile({
|
|
84
|
-
request,
|
|
85
|
-
response: authResponse,
|
|
86
|
-
auth0Instance,
|
|
87
|
-
auth0Config,
|
|
88
|
-
brand,
|
|
89
|
-
});
|
|
90
|
-
if (handleUserProfileResult) {
|
|
91
|
-
log('User profile request handled', { requestId: requestId$1 });
|
|
92
|
-
return handleUserProfileResult;
|
|
93
|
-
}
|
|
94
|
-
if (isAuthRoute(pathname, auth0Config) || isAuthErrorRoute) {
|
|
95
|
-
log('Auth route, returning response', { requestId: requestId$1 });
|
|
96
|
-
return authResponse;
|
|
97
|
-
}
|
|
98
|
-
const isProtected = !isAuthErrorRoute && isProtectedRoute(pathname);
|
|
99
|
-
log('Route protection check', { requestId: requestId$1, pathname, isProtected });
|
|
100
|
-
const protectRouteResult = await protectRoute.protectRoute({
|
|
101
|
-
isProtected,
|
|
102
|
-
auth0Instance,
|
|
103
|
-
auth0Config,
|
|
104
|
-
language,
|
|
105
|
-
request,
|
|
106
|
-
response: authResponse,
|
|
107
|
-
onError,
|
|
108
|
-
});
|
|
109
|
-
if (protectRouteResult) {
|
|
110
|
-
log('Route protection handled', {
|
|
46
|
+
try {
|
|
47
|
+
const isAuthErrorRoute = pathname.endsWith(auth0Config.globalAuthErrorPath);
|
|
48
|
+
log('Auth route check', { requestId: requestId$1, pathname, isAuthErrorRoute });
|
|
49
|
+
const crossDomainLogoutResult = logout.handleCrossDomainLogout({
|
|
50
|
+
host,
|
|
51
|
+
protocol,
|
|
52
|
+
request,
|
|
53
|
+
auth0Config,
|
|
54
|
+
});
|
|
55
|
+
if (crossDomainLogoutResult) {
|
|
56
|
+
crossDomainLogoutResult.headers.set(requestId.requestIdHeader, requestId$1);
|
|
57
|
+
log('Cross-domain logout detected, redirecting', { requestId: requestId$1 });
|
|
58
|
+
return crossDomainLogoutResult;
|
|
59
|
+
}
|
|
60
|
+
login.addLoginParams({
|
|
61
|
+
request,
|
|
62
|
+
auth0Config,
|
|
63
|
+
});
|
|
64
|
+
log('Calling Auth0 middleware', { requestId: requestId$1 });
|
|
65
|
+
const authResponse = await auth0Instance.middleware(request);
|
|
66
|
+
authResponse.headers.set(requestId.requestIdHeader, requestId$1);
|
|
67
|
+
log('Auth0 middleware completed', {
|
|
111
68
|
requestId: requestId$1,
|
|
112
|
-
|
|
69
|
+
status: authResponse.status,
|
|
70
|
+
});
|
|
71
|
+
logout.deleteRelatedSessionCookies({
|
|
72
|
+
host,
|
|
73
|
+
request,
|
|
74
|
+
response: authResponse,
|
|
75
|
+
auth0Config,
|
|
76
|
+
});
|
|
77
|
+
const accessTokenRequestResult = await token.handleAccessTokenRequest({
|
|
78
|
+
request,
|
|
79
|
+
response: authResponse,
|
|
80
|
+
auth0Instance,
|
|
81
|
+
auth0Config,
|
|
82
|
+
onError,
|
|
83
|
+
});
|
|
84
|
+
if (accessTokenRequestResult) {
|
|
85
|
+
log('Access token request handled', { requestId: requestId$1 });
|
|
86
|
+
return accessTokenRequestResult;
|
|
87
|
+
}
|
|
88
|
+
const handleUserProfileResult = await profile.handleUserProfile({
|
|
89
|
+
request,
|
|
90
|
+
response: authResponse,
|
|
91
|
+
auth0Instance,
|
|
92
|
+
auth0Config,
|
|
93
|
+
brand,
|
|
113
94
|
});
|
|
114
|
-
|
|
95
|
+
if (handleUserProfileResult) {
|
|
96
|
+
log('User profile request handled', { requestId: requestId$1 });
|
|
97
|
+
return handleUserProfileResult;
|
|
98
|
+
}
|
|
99
|
+
if (isAuthRoute(pathname, auth0Config) || isAuthErrorRoute) {
|
|
100
|
+
log('Auth route, returning response', { requestId: requestId$1 });
|
|
101
|
+
return authResponse;
|
|
102
|
+
}
|
|
103
|
+
const isProtected = !isAuthErrorRoute && isProtectedRoute(pathname);
|
|
104
|
+
log('Route protection check', { requestId: requestId$1, pathname, isProtected });
|
|
105
|
+
const protectRouteResult = await protectRoute.protectRoute({
|
|
106
|
+
isProtected,
|
|
107
|
+
auth0Instance,
|
|
108
|
+
auth0Config,
|
|
109
|
+
language,
|
|
110
|
+
request,
|
|
111
|
+
response: authResponse,
|
|
112
|
+
onError,
|
|
113
|
+
});
|
|
114
|
+
if (protectRouteResult) {
|
|
115
|
+
log('Route protection handled', {
|
|
116
|
+
requestId: requestId$1,
|
|
117
|
+
redirected: protectRouteResult.status === 307,
|
|
118
|
+
});
|
|
119
|
+
return protectRouteResult;
|
|
120
|
+
}
|
|
121
|
+
log('Request completed, combining headers', { requestId: requestId$1 });
|
|
122
|
+
const finalResponse = combineHeaders.combineHeaders({
|
|
123
|
+
middlewareResponse: server.NextResponse.next({
|
|
124
|
+
request: {
|
|
125
|
+
headers: request.headers,
|
|
126
|
+
},
|
|
127
|
+
}),
|
|
128
|
+
authResponse,
|
|
129
|
+
});
|
|
130
|
+
finalResponse.headers.set(requestId.requestIdHeader, requestId$1);
|
|
131
|
+
return finalResponse;
|
|
132
|
+
}
|
|
133
|
+
catch (error) {
|
|
134
|
+
log('Caught error in auth middleware', { requestId: requestId$1, error });
|
|
135
|
+
if (isProtectedRoute(pathname)) {
|
|
136
|
+
log('Falling back to redirecting the user to the login page', {
|
|
137
|
+
requestId: requestId$1,
|
|
138
|
+
});
|
|
139
|
+
return server.NextResponse.redirect(new URL(authLinks.getLoginLink({
|
|
140
|
+
returnTo: `${pathname}${search}`,
|
|
141
|
+
language,
|
|
142
|
+
auth0Config,
|
|
143
|
+
}), origin));
|
|
144
|
+
}
|
|
145
|
+
log('Falling back to delete the session cookies', { requestId: requestId$1 });
|
|
146
|
+
const response = server.NextResponse.next();
|
|
147
|
+
const sessionCookies = [
|
|
148
|
+
auth0Config.sessionCookieName,
|
|
149
|
+
`${auth0Config.sessionCookieName}__0`,
|
|
150
|
+
`${auth0Config.sessionCookieName}__1`,
|
|
151
|
+
];
|
|
152
|
+
sessionCookies.forEach((cookieName) => {
|
|
153
|
+
response.cookies.set(cookieName, '', {
|
|
154
|
+
maxAge: 0,
|
|
155
|
+
path: '/',
|
|
156
|
+
});
|
|
157
|
+
});
|
|
158
|
+
return response;
|
|
115
159
|
}
|
|
116
|
-
log('Request completed, combining headers', { requestId: requestId$1 });
|
|
117
|
-
const finalResponse = combineHeaders.combineHeaders({
|
|
118
|
-
middlewareResponse: server.NextResponse.next({
|
|
119
|
-
request: {
|
|
120
|
-
headers: request.headers,
|
|
121
|
-
},
|
|
122
|
-
}),
|
|
123
|
-
authResponse,
|
|
124
|
-
});
|
|
125
|
-
finalResponse.headers.set(requestId.requestIdHeader, requestId$1);
|
|
126
|
-
return finalResponse;
|
|
127
160
|
};
|
|
128
161
|
|
|
129
162
|
exports.authMiddleware = authMiddleware;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":["debug","requestId","getOrCreateRequestId","getAuth0Instance","getAuth0Config","handleCrossDomainLogout","requestIdHeader","addLoginParams","deleteRelatedSessionCookies","handleAccessTokenRequest","handleUserProfile","protectRoute","combineHeaders","NextResponse"],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":["debug","requestId","getOrCreateRequestId","getAuth0Instance","getAuth0Config","handleCrossDomainLogout","requestIdHeader","addLoginParams","deleteRelatedSessionCookies","handleAccessTokenRequest","handleUserProfile","protectRoute","combineHeaders","NextResponse","getLoginLink"],"mappings":";;;;;;;;;;;;;;;;;;;AAkBA,MAAM,GAAG,GAAGA,sBAAK,CAAC,iCAAiC,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,KAAK,GASN,KAA2B;AAC1B,IAAA,MAAMC,WAAS,GAAGC,8BAAoB,CAAC,OAAO,CAAC;IAE/C,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;IACpD,GAAG,CAAC,oBAAoB,EAAE;mBACxBD,WAAS;QACT,QAAQ;QACR,IAAI;QACJ,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;AACvB,KAAA,CAAC;IAEF,MAAM,aAAa,GAAGE,iCAAgB,CAAC;QACrC,IAAI;QACJ,QAAQ;AACT,KAAA,CAAC;AAEF,IAAA,MAAM,WAAW,GAAGC,oBAAc,EAAE;AAEpC,IAAA,IAAI;QACF,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;QAC3E,GAAG,CAAC,kBAAkB,EAAE,aAAEH,WAAS,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;QAElE,MAAM,uBAAuB,GAAGI,8BAAuB,CAAC;YACtD,IAAI;YACJ,QAAQ;YACR,OAAO;YACP,WAAW;AACZ,SAAA,CAAC;QACF,IAAI,uBAAuB,EAAE;YAC3B,uBAAuB,CAAC,OAAO,CAAC,GAAG,CAACC,yBAAe,EAAEL,WAAS,CAAC;AAC/D,YAAA,GAAG,CAAC,2CAA2C,EAAE,aAAEA,WAAS,EAAE,CAAC;AAC/D,YAAA,OAAO,uBAAuB;QAChC;AAEA,QAAAM,oBAAc,CAAC;YACb,OAAO;YACP,WAAW;AACZ,SAAA,CAAC;AAEF,QAAA,GAAG,CAAC,0BAA0B,EAAE,aAAEN,WAAS,EAAE,CAAC;QAC9C,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;QAC5D,YAAY,CAAC,OAAO,CAAC,GAAG,CAACK,yBAAe,EAAEL,WAAS,CAAC;QACpD,GAAG,CAAC,4BAA4B,EAAE;uBAChCA,WAAS;YACT,MAAM,EAAE,YAAY,CAAC,MAAM;AAC5B,SAAA,CAAC;AAEF,QAAAO,kCAA2B,CAAC;YAC1B,IAAI;YACJ,OAAO;AACP,YAAA,QAAQ,EAAE,YAAY;YACtB,WAAW;AACZ,SAAA,CAAC;AAEF,QAAA,MAAM,wBAAwB,GAAG,MAAMC,8BAAwB,CAAC;YAC9D,OAAO;AACP,YAAA,QAAQ,EAAE,YAAY;YACtB,aAAa;YACb,WAAW;YACX,OAAO;AACR,SAAA,CAAC;QACF,IAAI,wBAAwB,EAAE;AAC5B,YAAA,GAAG,CAAC,8BAA8B,EAAE,aAAER,WAAS,EAAE,CAAC;AAClD,YAAA,OAAO,wBAAwB;QACjC;AAEA,QAAA,MAAM,uBAAuB,GAAG,MAAMS,yBAAiB,CAAC;YACtD,OAAO;AACP,YAAA,QAAQ,EAAE,YAAY;YACtB,aAAa;YACb,WAAW;YACX,KAAK;AACN,SAAA,CAAC;QACF,IAAI,uBAAuB,EAAE;AAC3B,YAAA,GAAG,CAAC,8BAA8B,EAAE,aAAET,WAAS,EAAE,CAAC;AAClD,YAAA,OAAO,uBAAuB;QAChC;QAEA,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,gBAAgB,EAAE;AAC1D,YAAA,GAAG,CAAC,gCAAgC,EAAE,aAAEA,WAAS,EAAE,CAAC;AACpD,YAAA,OAAO,YAAY;QACrB;QAEA,MAAM,WAAW,GAAG,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,CAAC;QACnE,GAAG,CAAC,wBAAwB,EAAE,aAAEA,WAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;AACnE,QAAA,MAAM,kBAAkB,GAAG,MAAMU,yBAAY,CAAC;YAC5C,WAAW;YACX,aAAa;YACb,WAAW;YACX,QAAQ;YACR,OAAO;AACP,YAAA,QAAQ,EAAE,YAAY;YACtB,OAAO;AACR,SAAA,CAAC;QACF,IAAI,kBAAkB,EAAE;YACtB,GAAG,CAAC,0BAA0B,EAAE;2BAC9BV,WAAS;AACT,gBAAA,UAAU,EAAE,kBAAkB,CAAC,MAAM,KAAK,GAAG;AAC9C,aAAA,CAAC;AACF,YAAA,OAAO,kBAAkB;QAC3B;AAEA,QAAA,GAAG,CAAC,sCAAsC,EAAE,aAAEA,WAAS,EAAE,CAAC;QAC1D,MAAM,aAAa,GAAGW,6BAAc,CAAC;AACnC,YAAA,kBAAkB,EAAEC,mBAAY,CAAC,IAAI,CAAC;AACpC,gBAAA,OAAO,EAAE;oBACP,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,iBAAA;aACF,CAAC;YACF,YAAY;AACb,SAAA,CAAC;QACF,aAAa,CAAC,OAAO,CAAC,GAAG,CAACP,yBAAe,EAAEL,WAAS,CAAC;AACrD,QAAA,OAAO,aAAa;IACtB;IAAE,OAAO,KAAK,EAAE;QACd,GAAG,CAAC,iCAAiC,EAAE,aAAEA,WAAS,EAAE,KAAK,EAAE,CAAC;AAE5D,QAAA,IAAI,gBAAgB,CAAC,QAAQ,CAAC,EAAE;YAC9B,GAAG,CAAC,wDAAwD,EAAE;2BAC5DA,WAAS;AACV,aAAA,CAAC;YACF,OAAOY,mBAAY,CAAC,QAAQ,CAC1B,IAAI,GAAG,CACLC,sBAAY,CAAC;AACX,gBAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;gBAChC,QAAQ;gBACR,WAAW;AACZ,aAAA,CAAC,EACF,MAAM,CACP,CACF;QACH;AAEA,QAAA,GAAG,CAAC,4CAA4C,EAAE,aAAEb,WAAS,EAAE,CAAC;AAChE,QAAA,MAAM,QAAQ,GAAGY,mBAAY,CAAC,IAAI,EAAE;AACpC,QAAA,MAAM,cAAc,GAAG;AACrB,YAAA,WAAW,CAAC,iBAAiB;YAC7B,CAAA,EAAG,WAAW,CAAC,iBAAiB,CAAA,GAAA,CAAK;YACrC,CAAA,EAAG,WAAW,CAAC,iBAAiB,CAAA,GAAA,CAAK;SACtC;AACD,QAAA,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,KAAI;YACpC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,EAAE;AACnC,gBAAA,MAAM,EAAE,CAAC;AACT,gBAAA,IAAI,EAAE,GAAG;AACV,aAAA,CAAC;AACJ,QAAA,CAAC,CAAC;AACF,QAAA,OAAO,QAAQ;IACjB;AACF;;;;"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
2
|
import debug from 'debug';
|
|
3
|
+
import { getLoginLink } from '../../lib/authLinks.js';
|
|
3
4
|
import { getAuth0Config } from '../../config/auth0.js';
|
|
4
5
|
import { getAuth0Instance } from '../getAuth0Instance.js';
|
|
5
6
|
import { handleAccessTokenRequest } from './token.js';
|
|
@@ -23,7 +24,7 @@ const isAuthRoute = (pathname, auth0Config) => {
|
|
|
23
24
|
};
|
|
24
25
|
const authMiddleware = async ({ request, isProtectedRoute, language, host, protocol, onError, brand, }) => {
|
|
25
26
|
const requestId = getOrCreateRequestId(request);
|
|
26
|
-
const { pathname } = request.nextUrl;
|
|
27
|
+
const { pathname, search, origin } = request.nextUrl;
|
|
27
28
|
log('Processing request', {
|
|
28
29
|
requestId,
|
|
29
30
|
pathname,
|
|
@@ -36,88 +37,120 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
36
37
|
protocol,
|
|
37
38
|
});
|
|
38
39
|
const auth0Config = getAuth0Config();
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
crossDomainLogoutResult
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
host,
|
|
62
|
-
request,
|
|
63
|
-
response: authResponse,
|
|
64
|
-
auth0Config,
|
|
65
|
-
});
|
|
66
|
-
const accessTokenRequestResult = await handleAccessTokenRequest({
|
|
67
|
-
request,
|
|
68
|
-
response: authResponse,
|
|
69
|
-
auth0Instance,
|
|
70
|
-
auth0Config,
|
|
71
|
-
onError,
|
|
72
|
-
});
|
|
73
|
-
if (accessTokenRequestResult) {
|
|
74
|
-
log('Access token request handled', { requestId });
|
|
75
|
-
return accessTokenRequestResult;
|
|
76
|
-
}
|
|
77
|
-
const handleUserProfileResult = await handleUserProfile({
|
|
78
|
-
request,
|
|
79
|
-
response: authResponse,
|
|
80
|
-
auth0Instance,
|
|
81
|
-
auth0Config,
|
|
82
|
-
brand,
|
|
83
|
-
});
|
|
84
|
-
if (handleUserProfileResult) {
|
|
85
|
-
log('User profile request handled', { requestId });
|
|
86
|
-
return handleUserProfileResult;
|
|
87
|
-
}
|
|
88
|
-
if (isAuthRoute(pathname, auth0Config) || isAuthErrorRoute) {
|
|
89
|
-
log('Auth route, returning response', { requestId });
|
|
90
|
-
return authResponse;
|
|
91
|
-
}
|
|
92
|
-
const isProtected = !isAuthErrorRoute && isProtectedRoute(pathname);
|
|
93
|
-
log('Route protection check', { requestId, pathname, isProtected });
|
|
94
|
-
const protectRouteResult = await protectRoute({
|
|
95
|
-
isProtected,
|
|
96
|
-
auth0Instance,
|
|
97
|
-
auth0Config,
|
|
98
|
-
language,
|
|
99
|
-
request,
|
|
100
|
-
response: authResponse,
|
|
101
|
-
onError,
|
|
102
|
-
});
|
|
103
|
-
if (protectRouteResult) {
|
|
104
|
-
log('Route protection handled', {
|
|
40
|
+
try {
|
|
41
|
+
const isAuthErrorRoute = pathname.endsWith(auth0Config.globalAuthErrorPath);
|
|
42
|
+
log('Auth route check', { requestId, pathname, isAuthErrorRoute });
|
|
43
|
+
const crossDomainLogoutResult = handleCrossDomainLogout({
|
|
44
|
+
host,
|
|
45
|
+
protocol,
|
|
46
|
+
request,
|
|
47
|
+
auth0Config,
|
|
48
|
+
});
|
|
49
|
+
if (crossDomainLogoutResult) {
|
|
50
|
+
crossDomainLogoutResult.headers.set(requestIdHeader, requestId);
|
|
51
|
+
log('Cross-domain logout detected, redirecting', { requestId });
|
|
52
|
+
return crossDomainLogoutResult;
|
|
53
|
+
}
|
|
54
|
+
addLoginParams({
|
|
55
|
+
request,
|
|
56
|
+
auth0Config,
|
|
57
|
+
});
|
|
58
|
+
log('Calling Auth0 middleware', { requestId });
|
|
59
|
+
const authResponse = await auth0Instance.middleware(request);
|
|
60
|
+
authResponse.headers.set(requestIdHeader, requestId);
|
|
61
|
+
log('Auth0 middleware completed', {
|
|
105
62
|
requestId,
|
|
106
|
-
|
|
63
|
+
status: authResponse.status,
|
|
64
|
+
});
|
|
65
|
+
deleteRelatedSessionCookies({
|
|
66
|
+
host,
|
|
67
|
+
request,
|
|
68
|
+
response: authResponse,
|
|
69
|
+
auth0Config,
|
|
70
|
+
});
|
|
71
|
+
const accessTokenRequestResult = await handleAccessTokenRequest({
|
|
72
|
+
request,
|
|
73
|
+
response: authResponse,
|
|
74
|
+
auth0Instance,
|
|
75
|
+
auth0Config,
|
|
76
|
+
onError,
|
|
77
|
+
});
|
|
78
|
+
if (accessTokenRequestResult) {
|
|
79
|
+
log('Access token request handled', { requestId });
|
|
80
|
+
return accessTokenRequestResult;
|
|
81
|
+
}
|
|
82
|
+
const handleUserProfileResult = await handleUserProfile({
|
|
83
|
+
request,
|
|
84
|
+
response: authResponse,
|
|
85
|
+
auth0Instance,
|
|
86
|
+
auth0Config,
|
|
87
|
+
brand,
|
|
107
88
|
});
|
|
108
|
-
|
|
89
|
+
if (handleUserProfileResult) {
|
|
90
|
+
log('User profile request handled', { requestId });
|
|
91
|
+
return handleUserProfileResult;
|
|
92
|
+
}
|
|
93
|
+
if (isAuthRoute(pathname, auth0Config) || isAuthErrorRoute) {
|
|
94
|
+
log('Auth route, returning response', { requestId });
|
|
95
|
+
return authResponse;
|
|
96
|
+
}
|
|
97
|
+
const isProtected = !isAuthErrorRoute && isProtectedRoute(pathname);
|
|
98
|
+
log('Route protection check', { requestId, pathname, isProtected });
|
|
99
|
+
const protectRouteResult = await protectRoute({
|
|
100
|
+
isProtected,
|
|
101
|
+
auth0Instance,
|
|
102
|
+
auth0Config,
|
|
103
|
+
language,
|
|
104
|
+
request,
|
|
105
|
+
response: authResponse,
|
|
106
|
+
onError,
|
|
107
|
+
});
|
|
108
|
+
if (protectRouteResult) {
|
|
109
|
+
log('Route protection handled', {
|
|
110
|
+
requestId,
|
|
111
|
+
redirected: protectRouteResult.status === 307,
|
|
112
|
+
});
|
|
113
|
+
return protectRouteResult;
|
|
114
|
+
}
|
|
115
|
+
log('Request completed, combining headers', { requestId });
|
|
116
|
+
const finalResponse = combineHeaders({
|
|
117
|
+
middlewareResponse: NextResponse.next({
|
|
118
|
+
request: {
|
|
119
|
+
headers: request.headers,
|
|
120
|
+
},
|
|
121
|
+
}),
|
|
122
|
+
authResponse,
|
|
123
|
+
});
|
|
124
|
+
finalResponse.headers.set(requestIdHeader, requestId);
|
|
125
|
+
return finalResponse;
|
|
126
|
+
}
|
|
127
|
+
catch (error) {
|
|
128
|
+
log('Caught error in auth middleware', { requestId, error });
|
|
129
|
+
if (isProtectedRoute(pathname)) {
|
|
130
|
+
log('Falling back to redirecting the user to the login page', {
|
|
131
|
+
requestId,
|
|
132
|
+
});
|
|
133
|
+
return NextResponse.redirect(new URL(getLoginLink({
|
|
134
|
+
returnTo: `${pathname}${search}`,
|
|
135
|
+
language,
|
|
136
|
+
auth0Config,
|
|
137
|
+
}), origin));
|
|
138
|
+
}
|
|
139
|
+
log('Falling back to delete the session cookies', { requestId });
|
|
140
|
+
const response = NextResponse.next();
|
|
141
|
+
const sessionCookies = [
|
|
142
|
+
auth0Config.sessionCookieName,
|
|
143
|
+
`${auth0Config.sessionCookieName}__0`,
|
|
144
|
+
`${auth0Config.sessionCookieName}__1`,
|
|
145
|
+
];
|
|
146
|
+
sessionCookies.forEach((cookieName) => {
|
|
147
|
+
response.cookies.set(cookieName, '', {
|
|
148
|
+
maxAge: 0,
|
|
149
|
+
path: '/',
|
|
150
|
+
});
|
|
151
|
+
});
|
|
152
|
+
return response;
|
|
109
153
|
}
|
|
110
|
-
log('Request completed, combining headers', { requestId });
|
|
111
|
-
const finalResponse = combineHeaders({
|
|
112
|
-
middlewareResponse: NextResponse.next({
|
|
113
|
-
request: {
|
|
114
|
-
headers: request.headers,
|
|
115
|
-
},
|
|
116
|
-
}),
|
|
117
|
-
authResponse,
|
|
118
|
-
});
|
|
119
|
-
finalResponse.headers.set(requestIdHeader, requestId);
|
|
120
|
-
return finalResponse;
|
|
121
154
|
};
|
|
122
155
|
|
|
123
156
|
export { authMiddleware };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;;;;AAkBA,MAAM,GAAG,GAAG,KAAK,CAAC,iCAAiC,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,KAAK,GASN,KAA2B;AAC1B,IAAA,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC;IAE/C,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;IACpD,GAAG,CAAC,oBAAoB,EAAE;QACxB,SAAS;QACT,QAAQ;QACR,IAAI;QACJ,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;AACvB,KAAA,CAAC;IAEF,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,IAAI;QACJ,QAAQ;AACT,KAAA,CAAC;AAEF,IAAA,MAAM,WAAW,GAAG,cAAc,EAAE;AAEpC,IAAA,IAAI;QACF,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;QAC3E,GAAG,CAAC,kBAAkB,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;QAElE,MAAM,uBAAuB,GAAG,uBAAuB,CAAC;YACtD,IAAI;YACJ,QAAQ;YACR,OAAO;YACP,WAAW;AACZ,SAAA,CAAC;QACF,IAAI,uBAAuB,EAAE;YAC3B,uBAAuB,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC;AAC/D,YAAA,GAAG,CAAC,2CAA2C,EAAE,EAAE,SAAS,EAAE,CAAC;AAC/D,YAAA,OAAO,uBAAuB;QAChC;AAEA,QAAA,cAAc,CAAC;YACb,OAAO;YACP,WAAW;AACZ,SAAA,CAAC;AAEF,QAAA,GAAG,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,CAAC;QAC9C,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;QAC5D,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC;QACpD,GAAG,CAAC,4BAA4B,EAAE;YAChC,SAAS;YACT,MAAM,EAAE,YAAY,CAAC,MAAM;AAC5B,SAAA,CAAC;AAEF,QAAA,2BAA2B,CAAC;YAC1B,IAAI;YACJ,OAAO;AACP,YAAA,QAAQ,EAAE,YAAY;YACtB,WAAW;AACZ,SAAA,CAAC;AAEF,QAAA,MAAM,wBAAwB,GAAG,MAAM,wBAAwB,CAAC;YAC9D,OAAO;AACP,YAAA,QAAQ,EAAE,YAAY;YACtB,aAAa;YACb,WAAW;YACX,OAAO;AACR,SAAA,CAAC;QACF,IAAI,wBAAwB,EAAE;AAC5B,YAAA,GAAG,CAAC,8BAA8B,EAAE,EAAE,SAAS,EAAE,CAAC;AAClD,YAAA,OAAO,wBAAwB;QACjC;AAEA,QAAA,MAAM,uBAAuB,GAAG,MAAM,iBAAiB,CAAC;YACtD,OAAO;AACP,YAAA,QAAQ,EAAE,YAAY;YACtB,aAAa;YACb,WAAW;YACX,KAAK;AACN,SAAA,CAAC;QACF,IAAI,uBAAuB,EAAE;AAC3B,YAAA,GAAG,CAAC,8BAA8B,EAAE,EAAE,SAAS,EAAE,CAAC;AAClD,YAAA,OAAO,uBAAuB;QAChC;QAEA,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,gBAAgB,EAAE;AAC1D,YAAA,GAAG,CAAC,gCAAgC,EAAE,EAAE,SAAS,EAAE,CAAC;AACpD,YAAA,OAAO,YAAY;QACrB;QAEA,MAAM,WAAW,GAAG,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,CAAC;QACnE,GAAG,CAAC,wBAAwB,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;AACnE,QAAA,MAAM,kBAAkB,GAAG,MAAM,YAAY,CAAC;YAC5C,WAAW;YACX,aAAa;YACb,WAAW;YACX,QAAQ;YACR,OAAO;AACP,YAAA,QAAQ,EAAE,YAAY;YACtB,OAAO;AACR,SAAA,CAAC;QACF,IAAI,kBAAkB,EAAE;YACtB,GAAG,CAAC,0BAA0B,EAAE;gBAC9B,SAAS;AACT,gBAAA,UAAU,EAAE,kBAAkB,CAAC,MAAM,KAAK,GAAG;AAC9C,aAAA,CAAC;AACF,YAAA,OAAO,kBAAkB;QAC3B;AAEA,QAAA,GAAG,CAAC,sCAAsC,EAAE,EAAE,SAAS,EAAE,CAAC;QAC1D,MAAM,aAAa,GAAG,cAAc,CAAC;AACnC,YAAA,kBAAkB,EAAE,YAAY,CAAC,IAAI,CAAC;AACpC,gBAAA,OAAO,EAAE;oBACP,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,iBAAA;aACF,CAAC;YACF,YAAY;AACb,SAAA,CAAC;QACF,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC;AACrD,QAAA,OAAO,aAAa;IACtB;IAAE,OAAO,KAAK,EAAE;QACd,GAAG,CAAC,iCAAiC,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;AAE5D,QAAA,IAAI,gBAAgB,CAAC,QAAQ,CAAC,EAAE;YAC9B,GAAG,CAAC,wDAAwD,EAAE;gBAC5D,SAAS;AACV,aAAA,CAAC;YACF,OAAO,YAAY,CAAC,QAAQ,CAC1B,IAAI,GAAG,CACL,YAAY,CAAC;AACX,gBAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;gBAChC,QAAQ;gBACR,WAAW;AACZ,aAAA,CAAC,EACF,MAAM,CACP,CACF;QACH;AAEA,QAAA,GAAG,CAAC,4CAA4C,EAAE,EAAE,SAAS,EAAE,CAAC;AAChE,QAAA,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE;AACpC,QAAA,MAAM,cAAc,GAAG;AACrB,YAAA,WAAW,CAAC,iBAAiB;YAC7B,CAAA,EAAG,WAAW,CAAC,iBAAiB,CAAA,GAAA,CAAK;YACrC,CAAA,EAAG,WAAW,CAAC,iBAAiB,CAAA,GAAA,CAAK;SACtC;AACD,QAAA,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,KAAI;YACpC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,EAAE;AACnC,gBAAA,MAAM,EAAE,CAAC;AACT,gBAAA,IAAI,EAAE,GAAG;AACV,aAAA,CAAC;AACJ,QAAA,CAAC,CAAC;AACF,QAAA,OAAO,QAAQ;IACjB;AACF;;;;"}
|