@smg-automotive/auth 8.3.0-lschuerch-FED-782-sync-tenant.5 → 8.3.0-lschuerch-FED-782-sync-tenant.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/server/helpers/getAuthProps.js +13 -1
- package/dist/cjs/server/helpers/getAuthProps.js.map +1 -1
- package/dist/cjs/server/middleware/crossApplicationStateSynchronization.js +18 -21
- package/dist/cjs/server/middleware/crossApplicationStateSynchronization.js.map +1 -1
- package/dist/cjs/server/middleware/index.js +0 -15
- package/dist/cjs/server/middleware/index.js.map +1 -1
- package/dist/cjs/server/middleware/proactivelyRefreshAccessToken.js +0 -22
- package/dist/cjs/server/middleware/proactivelyRefreshAccessToken.js.map +1 -1
- package/dist/esm/server/helpers/getAuthProps.js +9 -1
- package/dist/esm/server/helpers/getAuthProps.js.map +1 -1
- package/dist/esm/server/middleware/crossApplicationStateSynchronization.js +18 -21
- package/dist/esm/server/middleware/crossApplicationStateSynchronization.js.map +1 -1
- package/dist/esm/server/middleware/index.js +0 -15
- package/dist/esm/server/middleware/index.js.map +1 -1
- package/dist/esm/server/middleware/proactivelyRefreshAccessToken.js +0 -22
- package/dist/esm/server/middleware/proactivelyRefreshAccessToken.js.map +1 -1
- package/package.json +1 -1
|
@@ -1,11 +1,23 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
var debug = require('debug');
|
|
3
4
|
var auth0 = require('../../config/auth0.js');
|
|
4
5
|
var getUser = require('./getUser.js');
|
|
5
6
|
|
|
7
|
+
function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
|
|
8
|
+
|
|
9
|
+
var debug__default = /*#__PURE__*/_interopDefaultCompat(debug);
|
|
10
|
+
|
|
11
|
+
const log = debug__default.default('@smg-automotive/auth:user');
|
|
6
12
|
const getAuthProps = async (context) => {
|
|
7
13
|
const auth0Config = auth0.getAuth0Config();
|
|
8
|
-
|
|
14
|
+
let user = null;
|
|
15
|
+
try {
|
|
16
|
+
user = await getUser.getEnrichedUser(context);
|
|
17
|
+
}
|
|
18
|
+
catch (error) {
|
|
19
|
+
log('Error enriching user:', error);
|
|
20
|
+
}
|
|
9
21
|
return { auth0Config, user };
|
|
10
22
|
};
|
|
11
23
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getAuthProps.js","sources":["../../../../../src/server/helpers/getAuthProps.ts"],"sourcesContent":[null],"names":["getAuth0Config","getEnrichedUser"],"mappings":"
|
|
1
|
+
{"version":3,"file":"getAuthProps.js","sources":["../../../../../src/server/helpers/getAuthProps.ts"],"sourcesContent":[null],"names":["debug","getAuth0Config","getEnrichedUser"],"mappings":";;;;;;;;;;AAWA,MAAM,GAAG,GAAGA,sBAAK,CAAC,2BAA2B,CAAC;MAEjC,YAAY,GAAG,OAC1B,OAMC,KAC6B;AAC9B,IAAA,MAAM,WAAW,GAAGC,oBAAc,EAAE;IAEpC,IAAI,IAAI,GAAG,IAAI;AACf,IAAA,IAAI;AACF,QAAA,IAAI,GAAG,MAAMC,uBAAe,CAAC,OAAO,CAAC;IACvC;IAAE,OAAO,KAAK,EAAE;AACd,QAAA,GAAG,CAAC,uBAAuB,EAAE,KAAK,CAAC;IACrC;AAEA,IAAA,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE;AAC9B;;;;"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
var jose = require('jose');
|
|
3
4
|
var redirectToLogin = require('../helpers/redirectToLogin.js');
|
|
4
5
|
|
|
5
6
|
const crossApplicationStateSynchronization = async ({ request, language, auth0Instance, auth0Config, }) => {
|
|
@@ -9,43 +10,39 @@ const crossApplicationStateSynchronization = async ({ request, language, auth0In
|
|
|
9
10
|
return null;
|
|
10
11
|
}
|
|
11
12
|
const impersonatedSellerIdFromCookie = request.cookies.get(auth0Config.impersonatedSellerIdCookie.name)?.value;
|
|
12
|
-
console.log('impersonatedSellerIdFromCookie', impersonatedSellerIdFromCookie);
|
|
13
|
-
console.log('typeof impersonatedSellerIdFromCookie', typeof impersonatedSellerIdFromCookie);
|
|
14
|
-
console.log('user.sellerId', typeof session?.user.sellerId);
|
|
15
|
-
console.log('typeof user.sellerId', typeof session?.user.sellerId);
|
|
16
|
-
console.log('session?.user.isMultiTenantUser', session?.user.isMultiTenantUser);
|
|
17
|
-
console.log('user: ', session?.user);
|
|
18
13
|
if (!session?.user.isMultiTenantUser && !impersonatedSellerIdFromCookie) {
|
|
19
|
-
console.log('User is not multi-tenant and no impersonation, no action needed');
|
|
20
14
|
return null;
|
|
21
15
|
}
|
|
22
16
|
let impersonateSellerId;
|
|
23
17
|
if (impersonatedSellerIdFromCookie &&
|
|
24
18
|
session.user.sellerId !== impersonatedSellerIdFromCookie) {
|
|
25
|
-
console.log('Impersonated seller ID out of sync, redirecting to login to resync');
|
|
26
19
|
impersonateSellerId = impersonatedSellerIdFromCookie;
|
|
27
20
|
}
|
|
28
21
|
const sellerIdFromCookie = request.cookies.get(auth0Config.selectedSellerIdCookie.name)?.value;
|
|
29
|
-
|
|
30
|
-
|
|
22
|
+
const decodedToken = session?.tokenSet.accessToken
|
|
23
|
+
? jose.decodeJwt(session.tokenSet.accessToken)
|
|
24
|
+
: null;
|
|
25
|
+
const sellerIdFromSession = session?.user.sellerId || null;
|
|
26
|
+
const sellerIdFromToken = Array.isArray(decodedToken?.sellerIds)
|
|
27
|
+
? decodedToken.sellerIds[0] || null
|
|
28
|
+
: null;
|
|
29
|
+
const sessionCookieMismatch = sellerIdFromCookie && sellerIdFromSession !== sellerIdFromCookie;
|
|
30
|
+
// There is a bug when refreshing tokens where the selected sellerId is not the first available sellerId
|
|
31
|
+
// so auth0 will add the first sellerId to the token but the session will have the selected one
|
|
32
|
+
// leading to unauthorized API errors
|
|
33
|
+
// Note: The sessionTokenMismatch can be removed in case we migrate to a session store and re-enable all sellerIds in the token
|
|
34
|
+
const sessionTokenMismatch = !sessionCookieMismatch &&
|
|
35
|
+
sellerIdFromToken &&
|
|
36
|
+
sellerIdFromToken !== sellerIdFromCookie;
|
|
31
37
|
let selectedSellerId;
|
|
32
38
|
if (sellerIdFromCookie &&
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
console.log('Selected seller ID out of sync, redirecting to login to resync');
|
|
39
|
+
!impersonateSellerId &&
|
|
40
|
+
(sessionCookieMismatch || sessionTokenMismatch)) {
|
|
36
41
|
selectedSellerId = sellerIdFromCookie;
|
|
37
42
|
}
|
|
38
43
|
if (!selectedSellerId && !impersonateSellerId) {
|
|
39
|
-
console.log('All in sync, no action needed');
|
|
40
44
|
return null;
|
|
41
45
|
}
|
|
42
|
-
console.log('Redirecting to login for resynchronization', {
|
|
43
|
-
impersonateSellerId,
|
|
44
|
-
selectedSellerId,
|
|
45
|
-
currentSellerId: session.user.sellerId,
|
|
46
|
-
});
|
|
47
|
-
// Like that???
|
|
48
|
-
console.log(redirectToLogin.redirectToLogin);
|
|
49
46
|
const response = redirectToLogin.redirectToLogin({
|
|
50
47
|
auth0Config,
|
|
51
48
|
language,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crossApplicationStateSynchronization.js","sources":["../../../../../src/server/middleware/crossApplicationStateSynchronization.ts"],"sourcesContent":[null],"names":["redirectToLogin"],"mappings":"
|
|
1
|
+
{"version":3,"file":"crossApplicationStateSynchronization.js","sources":["../../../../../src/server/middleware/crossApplicationStateSynchronization.ts"],"sourcesContent":[null],"names":["decodeJwt","redirectToLogin"],"mappings":";;;;;AASO,MAAM,oCAAoC,GAAG,OAAO,EACzD,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,GAMZ,KAAkC;IACjC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IACvD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;AAEpD,IAAA,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE;AAClB,QAAA,OAAO,IAAI;IACb;AAEA,IAAA,MAAM,8BAA8B,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CACxD,WAAW,CAAC,0BAA0B,CAAC,IAAI,CAC5C,EAAE,KAAK;IAER,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,iBAAiB,IAAI,CAAC,8BAA8B,EAAE;AACvE,QAAA,OAAO,IAAI;IACb;AAEA,IAAA,IAAI,mBAAuC;AAC3C,IAAA,IACE,8BAA8B;AAC9B,QAAA,OAAO,CAAC,IAAI,CAAC,QAAQ,KAAK,8BAA8B,EACxD;QACA,mBAAmB,GAAG,8BAA8B;IACtD;AAEA,IAAA,MAAM,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAC5C,WAAW,CAAC,sBAAsB,CAAC,IAAI,CACxC,EAAE,KAAK;AAER,IAAA,MAAM,YAAY,GAAG,OAAO,EAAE,QAAQ,CAAC;UACnCA,cAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW;UACtC,IAAI;IACR,MAAM,mBAAmB,GAAG,OAAO,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI;IAC1D,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,EAAE,SAAS;UAC3D,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;UAC7B,IAAI;AAER,IAAA,MAAM,qBAAqB,GACzB,kBAAkB,IAAI,mBAAmB,KAAK,kBAAkB;;;;;IAKlE,MAAM,oBAAoB,GACxB,CAAC,qBAAqB;QACtB,iBAAiB;QACjB,iBAAiB,KAAK,kBAAkB;AAE1C,IAAA,IAAI,gBAAoC;AACxC,IAAA,IACE,kBAAkB;AAClB,QAAA,CAAC,mBAAmB;AACpB,SAAC,qBAAqB,IAAI,oBAAoB,CAAC,EAC/C;QACA,gBAAgB,GAAG,kBAAkB;IACvC;AAEA,IAAA,IAAI,CAAC,gBAAgB,IAAI,CAAC,mBAAmB,EAAE;AAC7C,QAAA,OAAO,IAAI;IACb;IAEA,MAAM,QAAQ,GAAGC,+BAAe,CAAC;QAC/B,WAAW;QACX,QAAQ;AACR,QAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;QAChC,MAAM;QACN,mBAAmB;QACnB,gBAAgB;AACjB,KAAA,CAAC;;IAGF,OAAO,CAAC,QAAQ,GAAG;AACjB,QAAA,WAAW,EAAE,EAAE;AACf,QAAA,SAAS,EAAE,CAAC;KACb;AACD,IAAA,MAAM,aAAa,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,EAAE;AACnD,QAAA,GAAG,OAAO;AACV,QAAA,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;AACtB,KAAA,CAAC;AAEF,IAAA,OAAO,QAAQ;AACjB;;;;"}
|
|
@@ -72,9 +72,6 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
72
72
|
response: authResponse,
|
|
73
73
|
auth0Config,
|
|
74
74
|
});
|
|
75
|
-
// FIXME: if we are out of since while using force refresh / the token is expired,
|
|
76
|
-
// the token set will get rotated with the wrong sellerId reusulting in a bad session where
|
|
77
|
-
// we detect the missmatch on a page route the but the XHR chain rotates with the outdated seller
|
|
78
75
|
// Access token handling - /api/auth/access-token
|
|
79
76
|
const accessTokenRequestResult = await token.handleAccessTokenRequest({
|
|
80
77
|
request,
|
|
@@ -104,18 +101,6 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
104
101
|
log('Auth route, returning response', { requestId: requestId$1 });
|
|
105
102
|
return authResponse;
|
|
106
103
|
}
|
|
107
|
-
// // Like that???
|
|
108
|
-
// console.log(redirectToLogin);
|
|
109
|
-
// const response = redirectToLogin({
|
|
110
|
-
// auth0Config,
|
|
111
|
-
// language,
|
|
112
|
-
// returnTo: `${pathname}${search}`,
|
|
113
|
-
// origin,
|
|
114
|
-
// impersonateSellerId,
|
|
115
|
-
// selectedSellerId,
|
|
116
|
-
// });
|
|
117
|
-
// await auth0Instance.updateSession(request, response, session);
|
|
118
|
-
// return response;
|
|
119
104
|
// Check if selected and impersonated seller are in sync across applications
|
|
120
105
|
const syncResponse = await crossApplicationStateSynchronization.crossApplicationStateSynchronization({
|
|
121
106
|
request,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":["debug","requestId","getOrCreateRequestId","getAuth0Instance","getAuth0Config","handleCrossDomainLogout","requestIdHeader","addLoginParams","deleteRelatedSessionCookies","handleAccessTokenRequest","handleUserProfile","crossApplicationStateSynchronization","protectRoute","combineHeaders","NextResponse"],"mappings":";;;;;;;;;;;;;;;;;;;AAkBA,MAAM,GAAG,GAAGA,sBAAK,CAAC,iCAAiC,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,KAAK,GASN,KAA2B;AAC1B,IAAA,MAAMC,WAAS,GAAGC,8BAAoB,CAAC,OAAO,CAAC;AAE/C,IAAA,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO;IACpC,GAAG,CAAC,oBAAoB,EAAE;mBACxBD,WAAS;QACT,QAAQ;QACR,IAAI;QACJ,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;AACvB,KAAA,CAAC;IAEF,MAAM,aAAa,GAAGE,iCAAgB,CAAC;QACrC,IAAI;QACJ,QAAQ;AACT,KAAA,CAAC;AAEF,IAAA,MAAM,WAAW,GAAGC,oBAAc,EAAE;IACpC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAC3E,GAAG,CAAC,kBAAkB,EAAE,aAAEH,WAAS,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAElE,MAAM,uBAAuB,GAAGI,8BAAuB,CAAC;QACtD,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;QAC3B,uBAAuB,CAAC,OAAO,CAAC,GAAG,CAACC,yBAAe,EAAEL,WAAS,CAAC;AAC/D,QAAA,GAAG,CAAC,2CAA2C,EAAE,aAAEA,WAAS,EAAE,CAAC;AAC/D,QAAA,OAAO,uBAAuB;IAChC;;AAGA,IAAAM,oBAAc,CAAC;QACb,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;AAEF,IAAA,GAAG,CAAC,0BAA0B,EAAE,aAAEN,WAAS,EAAE,CAAC;IAC9C,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAC5D,YAAY,CAAC,OAAO,CAAC,GAAG,CAACK,yBAAe,EAAEL,WAAS,CAAC;AACpD,IAAA,GAAG,CAAC,4BAA4B,EAAE,aAAEA,WAAS,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;;AAG7E,IAAAO,kCAA2B,CAAC;QAC1B,IAAI;QACJ,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,WAAW;AACZ,KAAA,CAAC
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":["debug","requestId","getOrCreateRequestId","getAuth0Instance","getAuth0Config","handleCrossDomainLogout","requestIdHeader","addLoginParams","deleteRelatedSessionCookies","handleAccessTokenRequest","handleUserProfile","crossApplicationStateSynchronization","protectRoute","combineHeaders","NextResponse"],"mappings":";;;;;;;;;;;;;;;;;;;AAkBA,MAAM,GAAG,GAAGA,sBAAK,CAAC,iCAAiC,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,KAAK,GASN,KAA2B;AAC1B,IAAA,MAAMC,WAAS,GAAGC,8BAAoB,CAAC,OAAO,CAAC;AAE/C,IAAA,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO;IACpC,GAAG,CAAC,oBAAoB,EAAE;mBACxBD,WAAS;QACT,QAAQ;QACR,IAAI;QACJ,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;AACvB,KAAA,CAAC;IAEF,MAAM,aAAa,GAAGE,iCAAgB,CAAC;QACrC,IAAI;QACJ,QAAQ;AACT,KAAA,CAAC;AAEF,IAAA,MAAM,WAAW,GAAGC,oBAAc,EAAE;IACpC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAC3E,GAAG,CAAC,kBAAkB,EAAE,aAAEH,WAAS,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAElE,MAAM,uBAAuB,GAAGI,8BAAuB,CAAC;QACtD,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;QAC3B,uBAAuB,CAAC,OAAO,CAAC,GAAG,CAACC,yBAAe,EAAEL,WAAS,CAAC;AAC/D,QAAA,GAAG,CAAC,2CAA2C,EAAE,aAAEA,WAAS,EAAE,CAAC;AAC/D,QAAA,OAAO,uBAAuB;IAChC;;AAGA,IAAAM,oBAAc,CAAC;QACb,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;AAEF,IAAA,GAAG,CAAC,0BAA0B,EAAE,aAAEN,WAAS,EAAE,CAAC;IAC9C,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAC5D,YAAY,CAAC,OAAO,CAAC,GAAG,CAACK,yBAAe,EAAEL,WAAS,CAAC;AACpD,IAAA,GAAG,CAAC,4BAA4B,EAAE,aAAEA,WAAS,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;;AAG7E,IAAAO,kCAA2B,CAAC;QAC1B,IAAI;QACJ,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,WAAW;AACZ,KAAA,CAAC;;AAGF,IAAA,MAAM,wBAAwB,GAAG,MAAMC,8BAAwB,CAAC;QAC9D,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,OAAO;AACR,KAAA,CAAC;IACF,IAAI,wBAAwB,EAAE;AAC5B,QAAA,GAAG,CAAC,8BAA8B,EAAE,aAAER,WAAS,EAAE,CAAC;AAClD,QAAA,OAAO,wBAAwB;IACjC;;AAGA,IAAA,MAAM,uBAAuB,GAAG,MAAMS,yBAAiB,CAAC;QACtD,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,KAAK;AACN,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;AAC3B,QAAA,GAAG,CAAC,8BAA8B,EAAE,aAAET,WAAS,EAAE,CAAC;AAClD,QAAA,OAAO,uBAAuB;IAChC;;IAGA,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,gBAAgB,EAAE;AAC1D,QAAA,GAAG,CAAC,gCAAgC,EAAE,aAAEA,WAAS,EAAE,CAAC;AACpD,QAAA,OAAO,YAAY;IACrB;;AAGA,IAAA,MAAM,YAAY,GAAG,MAAMU,yEAAoC,CAAC;QAC9D,OAAO;QACP,QAAQ;QACR,aAAa;QACb,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,YAAY,EAAE;AAChB,QAAA,OAAO,YAAY;IACrB;;IAGA,MAAM,WAAW,GAAG,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,CAAC;IACnE,GAAG,CAAC,wBAAwB,EAAE,aAAEV,WAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;AACnE,IAAA,MAAM,kBAAkB,GAAG,MAAMW,yBAAY,CAAC;QAC5C,WAAW;QACX,aAAa;QACb,WAAW;QACX,QAAQ;QACR,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,OAAO;AACR,KAAA,CAAC;IACF,IAAI,kBAAkB,EAAE;QACtB,GAAG,CAAC,0BAA0B,EAAE;uBAC9BX,WAAS;AACT,YAAA,UAAU,EAAE,kBAAkB,CAAC,MAAM,KAAK,GAAG;AAC9C,SAAA,CAAC;AACF,QAAA,OAAO,kBAAkB;IAC3B;AAEA,IAAA,GAAG,CAAC,sCAAsC,EAAE,aAAEA,WAAS,EAAE,CAAC;IAC1D,MAAM,aAAa,GAAGY,6BAAc,CAAC;AACnC,QAAA,kBAAkB,EAAEC,mBAAY,CAAC,IAAI,CAAC;AACpC,YAAA,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,aAAA;SACF,CAAC;QACF,YAAY;AACb,KAAA,CAAC;IACF,aAAa,CAAC,OAAO,CAAC,GAAG,CAACR,yBAAe,EAAEL,WAAS,CAAC;AACrD,IAAA,OAAO,aAAa;AACtB;;;;"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var jose = require('jose');
|
|
4
3
|
var debug = require('debug');
|
|
5
4
|
var requestId = require('./requestId.js');
|
|
6
5
|
|
|
@@ -23,27 +22,6 @@ const proactivelyRefreshAccessToken = async ({ request, response, auth0Instance,
|
|
|
23
22
|
debugForceRefresh: auth0Config.debugForceTokenRefresh,
|
|
24
23
|
hasSession: !!session,
|
|
25
24
|
});
|
|
26
|
-
const decodedToken = session?.tokenSet.accessToken
|
|
27
|
-
? jose.decodeJwt(session.tokenSet.accessToken)
|
|
28
|
-
: null;
|
|
29
|
-
// eslint-disable-next-line no-console
|
|
30
|
-
console.log('Decoded token info', {
|
|
31
|
-
requestId: requestId$1,
|
|
32
|
-
decodedToken,
|
|
33
|
-
});
|
|
34
|
-
const sellerIdFromCookie = request.cookies.get(auth0Config.selectedSellerIdCookie.name)?.value;
|
|
35
|
-
const sellerIdFromToken = decodedToken?.sellerId;
|
|
36
|
-
if (shouldRefresh && sellerIdFromCookie !== sellerIdFromToken) {
|
|
37
|
-
const staleResult = {
|
|
38
|
-
expiresAt: session?.tokenSet.expiresAt || 0,
|
|
39
|
-
token: session?.tokenSet.accessToken || '',
|
|
40
|
-
};
|
|
41
|
-
log('Out of sync token detected returning stale token', {
|
|
42
|
-
requestId: requestId$1,
|
|
43
|
-
...staleResult,
|
|
44
|
-
});
|
|
45
|
-
return staleResult;
|
|
46
|
-
}
|
|
47
25
|
const result = await auth0Instance.getAccessToken(request, response, {
|
|
48
26
|
refresh: shouldRefresh,
|
|
49
27
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"proactivelyRefreshAccessToken.js","sources":["../../../../../src/server/middleware/proactivelyRefreshAccessToken.ts"],"sourcesContent":[null],"names":["debug","requestId","getOrCreateRequestId"
|
|
1
|
+
{"version":3,"file":"proactivelyRefreshAccessToken.js","sources":["../../../../../src/server/middleware/proactivelyRefreshAccessToken.ts"],"sourcesContent":[null],"names":["debug","requestId","getOrCreateRequestId"],"mappings":";;;;;;;;;AAQA,MAAM,GAAG,GAAGA,sBAAK,CAAC,4BAA4B,CAAC;AAExC,MAAM,6BAA6B,GAAG,OAAO,EAClD,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,GAMZ,KAAmD;AAClD,IAAA,MAAMC,WAAS,GAAGC,8BAAoB,CAAC,OAAO,CAAC;AAC/C,IAAA,GAAG,CAAC,qCAAqC,EAAE,aAAED,WAAS,EAAE,CAAC;IACzD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,MAAM,SAAS,GAAG,OAAO,EAAE,QAAQ,CAAC,SAAS,IAAI,CAAC;IAClD,MAAM,gBAAgB,GAAG,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI;AACtD,IAAA,MAAM,aAAa,GACjB,WAAW,CAAC,sBAAsB,IAAI,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE;IAE1E,GAAG,CAAC,wBAAwB,EAAE;mBAC5BA,WAAS;QACT,aAAa;AACb,QAAA,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC;QAC9C,iBAAiB,EAAE,WAAW,CAAC,sBAAsB;QACrD,UAAU,EAAE,CAAC,CAAC,OAAO;AACtB,KAAA,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE;AACnE,QAAA,OAAO,EAAE,aAAa;AACvB,KAAA,CAAC;IAEF,GAAG,CAAC,wBAAwB,EAAE;mBAC5BA,WAAS;QACT,SAAS,EAAE,MAAM,CAAC,SAAS;AAC3B,QAAA,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;AACjC,KAAA,CAAC;AAEF,IAAA,OAAO,MAAM;AACf;;;;"}
|
|
@@ -1,9 +1,17 @@
|
|
|
1
|
+
import debug from 'debug';
|
|
1
2
|
import { getAuth0Config } from '../../config/auth0.js';
|
|
2
3
|
import { getEnrichedUser } from './getUser.js';
|
|
3
4
|
|
|
5
|
+
const log = debug('@smg-automotive/auth:user');
|
|
4
6
|
const getAuthProps = async (context) => {
|
|
5
7
|
const auth0Config = getAuth0Config();
|
|
6
|
-
|
|
8
|
+
let user = null;
|
|
9
|
+
try {
|
|
10
|
+
user = await getEnrichedUser(context);
|
|
11
|
+
}
|
|
12
|
+
catch (error) {
|
|
13
|
+
log('Error enriching user:', error);
|
|
14
|
+
}
|
|
7
15
|
return { auth0Config, user };
|
|
8
16
|
};
|
|
9
17
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getAuthProps.js","sources":["../../../../../src/server/helpers/getAuthProps.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"getAuthProps.js","sources":["../../../../../src/server/helpers/getAuthProps.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AAWA,MAAM,GAAG,GAAG,KAAK,CAAC,2BAA2B,CAAC;MAEjC,YAAY,GAAG,OAC1B,OAMC,KAC6B;AAC9B,IAAA,MAAM,WAAW,GAAG,cAAc,EAAE;IAEpC,IAAI,IAAI,GAAG,IAAI;AACf,IAAA,IAAI;AACF,QAAA,IAAI,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC;IACvC;IAAE,OAAO,KAAK,EAAE;AACd,QAAA,GAAG,CAAC,uBAAuB,EAAE,KAAK,CAAC;IACrC;AAEA,IAAA,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE;AAC9B;;;;"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { decodeJwt } from 'jose';
|
|
1
2
|
import { redirectToLogin } from '../helpers/redirectToLogin.js';
|
|
2
3
|
|
|
3
4
|
const crossApplicationStateSynchronization = async ({ request, language, auth0Instance, auth0Config, }) => {
|
|
@@ -7,43 +8,39 @@ const crossApplicationStateSynchronization = async ({ request, language, auth0In
|
|
|
7
8
|
return null;
|
|
8
9
|
}
|
|
9
10
|
const impersonatedSellerIdFromCookie = request.cookies.get(auth0Config.impersonatedSellerIdCookie.name)?.value;
|
|
10
|
-
console.log('impersonatedSellerIdFromCookie', impersonatedSellerIdFromCookie);
|
|
11
|
-
console.log('typeof impersonatedSellerIdFromCookie', typeof impersonatedSellerIdFromCookie);
|
|
12
|
-
console.log('user.sellerId', typeof session?.user.sellerId);
|
|
13
|
-
console.log('typeof user.sellerId', typeof session?.user.sellerId);
|
|
14
|
-
console.log('session?.user.isMultiTenantUser', session?.user.isMultiTenantUser);
|
|
15
|
-
console.log('user: ', session?.user);
|
|
16
11
|
if (!session?.user.isMultiTenantUser && !impersonatedSellerIdFromCookie) {
|
|
17
|
-
console.log('User is not multi-tenant and no impersonation, no action needed');
|
|
18
12
|
return null;
|
|
19
13
|
}
|
|
20
14
|
let impersonateSellerId;
|
|
21
15
|
if (impersonatedSellerIdFromCookie &&
|
|
22
16
|
session.user.sellerId !== impersonatedSellerIdFromCookie) {
|
|
23
|
-
console.log('Impersonated seller ID out of sync, redirecting to login to resync');
|
|
24
17
|
impersonateSellerId = impersonatedSellerIdFromCookie;
|
|
25
18
|
}
|
|
26
19
|
const sellerIdFromCookie = request.cookies.get(auth0Config.selectedSellerIdCookie.name)?.value;
|
|
27
|
-
|
|
28
|
-
|
|
20
|
+
const decodedToken = session?.tokenSet.accessToken
|
|
21
|
+
? decodeJwt(session.tokenSet.accessToken)
|
|
22
|
+
: null;
|
|
23
|
+
const sellerIdFromSession = session?.user.sellerId || null;
|
|
24
|
+
const sellerIdFromToken = Array.isArray(decodedToken?.sellerIds)
|
|
25
|
+
? decodedToken.sellerIds[0] || null
|
|
26
|
+
: null;
|
|
27
|
+
const sessionCookieMismatch = sellerIdFromCookie && sellerIdFromSession !== sellerIdFromCookie;
|
|
28
|
+
// There is a bug when refreshing tokens where the selected sellerId is not the first available sellerId
|
|
29
|
+
// so auth0 will add the first sellerId to the token but the session will have the selected one
|
|
30
|
+
// leading to unauthorized API errors
|
|
31
|
+
// Note: The sessionTokenMismatch can be removed in case we migrate to a session store and re-enable all sellerIds in the token
|
|
32
|
+
const sessionTokenMismatch = !sessionCookieMismatch &&
|
|
33
|
+
sellerIdFromToken &&
|
|
34
|
+
sellerIdFromToken !== sellerIdFromCookie;
|
|
29
35
|
let selectedSellerId;
|
|
30
36
|
if (sellerIdFromCookie &&
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
console.log('Selected seller ID out of sync, redirecting to login to resync');
|
|
37
|
+
!impersonateSellerId &&
|
|
38
|
+
(sessionCookieMismatch || sessionTokenMismatch)) {
|
|
34
39
|
selectedSellerId = sellerIdFromCookie;
|
|
35
40
|
}
|
|
36
41
|
if (!selectedSellerId && !impersonateSellerId) {
|
|
37
|
-
console.log('All in sync, no action needed');
|
|
38
42
|
return null;
|
|
39
43
|
}
|
|
40
|
-
console.log('Redirecting to login for resynchronization', {
|
|
41
|
-
impersonateSellerId,
|
|
42
|
-
selectedSellerId,
|
|
43
|
-
currentSellerId: session.user.sellerId,
|
|
44
|
-
});
|
|
45
|
-
// Like that???
|
|
46
|
-
console.log(redirectToLogin);
|
|
47
44
|
const response = redirectToLogin({
|
|
48
45
|
auth0Config,
|
|
49
46
|
language,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crossApplicationStateSynchronization.js","sources":["../../../../../src/server/middleware/crossApplicationStateSynchronization.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"crossApplicationStateSynchronization.js","sources":["../../../../../src/server/middleware/crossApplicationStateSynchronization.ts"],"sourcesContent":[null],"names":[],"mappings":";;;AASO,MAAM,oCAAoC,GAAG,OAAO,EACzD,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,GAMZ,KAAkC;IACjC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IACvD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;AAEpD,IAAA,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE;AAClB,QAAA,OAAO,IAAI;IACb;AAEA,IAAA,MAAM,8BAA8B,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CACxD,WAAW,CAAC,0BAA0B,CAAC,IAAI,CAC5C,EAAE,KAAK;IAER,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,iBAAiB,IAAI,CAAC,8BAA8B,EAAE;AACvE,QAAA,OAAO,IAAI;IACb;AAEA,IAAA,IAAI,mBAAuC;AAC3C,IAAA,IACE,8BAA8B;AAC9B,QAAA,OAAO,CAAC,IAAI,CAAC,QAAQ,KAAK,8BAA8B,EACxD;QACA,mBAAmB,GAAG,8BAA8B;IACtD;AAEA,IAAA,MAAM,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAC5C,WAAW,CAAC,sBAAsB,CAAC,IAAI,CACxC,EAAE,KAAK;AAER,IAAA,MAAM,YAAY,GAAG,OAAO,EAAE,QAAQ,CAAC;UACnC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW;UACtC,IAAI;IACR,MAAM,mBAAmB,GAAG,OAAO,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI;IAC1D,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,EAAE,SAAS;UAC3D,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;UAC7B,IAAI;AAER,IAAA,MAAM,qBAAqB,GACzB,kBAAkB,IAAI,mBAAmB,KAAK,kBAAkB;;;;;IAKlE,MAAM,oBAAoB,GACxB,CAAC,qBAAqB;QACtB,iBAAiB;QACjB,iBAAiB,KAAK,kBAAkB;AAE1C,IAAA,IAAI,gBAAoC;AACxC,IAAA,IACE,kBAAkB;AAClB,QAAA,CAAC,mBAAmB;AACpB,SAAC,qBAAqB,IAAI,oBAAoB,CAAC,EAC/C;QACA,gBAAgB,GAAG,kBAAkB;IACvC;AAEA,IAAA,IAAI,CAAC,gBAAgB,IAAI,CAAC,mBAAmB,EAAE;AAC7C,QAAA,OAAO,IAAI;IACb;IAEA,MAAM,QAAQ,GAAG,eAAe,CAAC;QAC/B,WAAW;QACX,QAAQ;AACR,QAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;QAChC,MAAM;QACN,mBAAmB;QACnB,gBAAgB;AACjB,KAAA,CAAC;;IAGF,OAAO,CAAC,QAAQ,GAAG;AACjB,QAAA,WAAW,EAAE,EAAE;AACf,QAAA,SAAS,EAAE,CAAC;KACb;AACD,IAAA,MAAM,aAAa,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,EAAE;AACnD,QAAA,GAAG,OAAO;AACV,QAAA,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;AACtB,KAAA,CAAC;AAEF,IAAA,OAAO,QAAQ;AACjB;;;;"}
|
|
@@ -66,9 +66,6 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
66
66
|
response: authResponse,
|
|
67
67
|
auth0Config,
|
|
68
68
|
});
|
|
69
|
-
// FIXME: if we are out of since while using force refresh / the token is expired,
|
|
70
|
-
// the token set will get rotated with the wrong sellerId reusulting in a bad session where
|
|
71
|
-
// we detect the missmatch on a page route the but the XHR chain rotates with the outdated seller
|
|
72
69
|
// Access token handling - /api/auth/access-token
|
|
73
70
|
const accessTokenRequestResult = await handleAccessTokenRequest({
|
|
74
71
|
request,
|
|
@@ -98,18 +95,6 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
98
95
|
log('Auth route, returning response', { requestId });
|
|
99
96
|
return authResponse;
|
|
100
97
|
}
|
|
101
|
-
// // Like that???
|
|
102
|
-
// console.log(redirectToLogin);
|
|
103
|
-
// const response = redirectToLogin({
|
|
104
|
-
// auth0Config,
|
|
105
|
-
// language,
|
|
106
|
-
// returnTo: `${pathname}${search}`,
|
|
107
|
-
// origin,
|
|
108
|
-
// impersonateSellerId,
|
|
109
|
-
// selectedSellerId,
|
|
110
|
-
// });
|
|
111
|
-
// await auth0Instance.updateSession(request, response, session);
|
|
112
|
-
// return response;
|
|
113
98
|
// Check if selected and impersonated seller are in sync across applications
|
|
114
99
|
const syncResponse = await crossApplicationStateSynchronization({
|
|
115
100
|
request,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;;;;AAkBA,MAAM,GAAG,GAAG,KAAK,CAAC,iCAAiC,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,KAAK,GASN,KAA2B;AAC1B,IAAA,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC;AAE/C,IAAA,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO;IACpC,GAAG,CAAC,oBAAoB,EAAE;QACxB,SAAS;QACT,QAAQ;QACR,IAAI;QACJ,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;AACvB,KAAA,CAAC;IAEF,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,IAAI;QACJ,QAAQ;AACT,KAAA,CAAC;AAEF,IAAA,MAAM,WAAW,GAAG,cAAc,EAAE;IACpC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAC3E,GAAG,CAAC,kBAAkB,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAElE,MAAM,uBAAuB,GAAG,uBAAuB,CAAC;QACtD,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;QAC3B,uBAAuB,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC;AAC/D,QAAA,GAAG,CAAC,2CAA2C,EAAE,EAAE,SAAS,EAAE,CAAC;AAC/D,QAAA,OAAO,uBAAuB;IAChC;;AAGA,IAAA,cAAc,CAAC;QACb,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;AAEF,IAAA,GAAG,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,CAAC;IAC9C,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAC5D,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC;AACpD,IAAA,GAAG,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;;AAG7E,IAAA,2BAA2B,CAAC;QAC1B,IAAI;QACJ,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,WAAW;AACZ,KAAA,CAAC
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;;;;AAkBA,MAAM,GAAG,GAAG,KAAK,CAAC,iCAAiC,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,KAAK,GASN,KAA2B;AAC1B,IAAA,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC;AAE/C,IAAA,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO;IACpC,GAAG,CAAC,oBAAoB,EAAE;QACxB,SAAS;QACT,QAAQ;QACR,IAAI;QACJ,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;AACvB,KAAA,CAAC;IAEF,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,IAAI;QACJ,QAAQ;AACT,KAAA,CAAC;AAEF,IAAA,MAAM,WAAW,GAAG,cAAc,EAAE;IACpC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAC3E,GAAG,CAAC,kBAAkB,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAElE,MAAM,uBAAuB,GAAG,uBAAuB,CAAC;QACtD,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;QAC3B,uBAAuB,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC;AAC/D,QAAA,GAAG,CAAC,2CAA2C,EAAE,EAAE,SAAS,EAAE,CAAC;AAC/D,QAAA,OAAO,uBAAuB;IAChC;;AAGA,IAAA,cAAc,CAAC;QACb,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;AAEF,IAAA,GAAG,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,CAAC;IAC9C,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAC5D,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC;AACpD,IAAA,GAAG,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;;AAG7E,IAAA,2BAA2B,CAAC;QAC1B,IAAI;QACJ,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,WAAW;AACZ,KAAA,CAAC;;AAGF,IAAA,MAAM,wBAAwB,GAAG,MAAM,wBAAwB,CAAC;QAC9D,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,OAAO;AACR,KAAA,CAAC;IACF,IAAI,wBAAwB,EAAE;AAC5B,QAAA,GAAG,CAAC,8BAA8B,EAAE,EAAE,SAAS,EAAE,CAAC;AAClD,QAAA,OAAO,wBAAwB;IACjC;;AAGA,IAAA,MAAM,uBAAuB,GAAG,MAAM,iBAAiB,CAAC;QACtD,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,KAAK;AACN,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;AAC3B,QAAA,GAAG,CAAC,8BAA8B,EAAE,EAAE,SAAS,EAAE,CAAC;AAClD,QAAA,OAAO,uBAAuB;IAChC;;IAGA,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,gBAAgB,EAAE;AAC1D,QAAA,GAAG,CAAC,gCAAgC,EAAE,EAAE,SAAS,EAAE,CAAC;AACpD,QAAA,OAAO,YAAY;IACrB;;AAGA,IAAA,MAAM,YAAY,GAAG,MAAM,oCAAoC,CAAC;QAC9D,OAAO;QACP,QAAQ;QACR,aAAa;QACb,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,YAAY,EAAE;AAChB,QAAA,OAAO,YAAY;IACrB;;IAGA,MAAM,WAAW,GAAG,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,CAAC;IACnE,GAAG,CAAC,wBAAwB,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;AACnE,IAAA,MAAM,kBAAkB,GAAG,MAAM,YAAY,CAAC;QAC5C,WAAW;QACX,aAAa;QACb,WAAW;QACX,QAAQ;QACR,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,OAAO;AACR,KAAA,CAAC;IACF,IAAI,kBAAkB,EAAE;QACtB,GAAG,CAAC,0BAA0B,EAAE;YAC9B,SAAS;AACT,YAAA,UAAU,EAAE,kBAAkB,CAAC,MAAM,KAAK,GAAG;AAC9C,SAAA,CAAC;AACF,QAAA,OAAO,kBAAkB;IAC3B;AAEA,IAAA,GAAG,CAAC,sCAAsC,EAAE,EAAE,SAAS,EAAE,CAAC;IAC1D,MAAM,aAAa,GAAG,cAAc,CAAC;AACnC,QAAA,kBAAkB,EAAE,YAAY,CAAC,IAAI,CAAC;AACpC,YAAA,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,aAAA;SACF,CAAC;QACF,YAAY;AACb,KAAA,CAAC;IACF,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC;AACrD,IAAA,OAAO,aAAa;AACtB;;;;"}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { decodeJwt } from 'jose';
|
|
2
1
|
import debug from 'debug';
|
|
3
2
|
import { getOrCreateRequestId } from './requestId.js';
|
|
4
3
|
|
|
@@ -17,27 +16,6 @@ const proactivelyRefreshAccessToken = async ({ request, response, auth0Instance,
|
|
|
17
16
|
debugForceRefresh: auth0Config.debugForceTokenRefresh,
|
|
18
17
|
hasSession: !!session,
|
|
19
18
|
});
|
|
20
|
-
const decodedToken = session?.tokenSet.accessToken
|
|
21
|
-
? decodeJwt(session.tokenSet.accessToken)
|
|
22
|
-
: null;
|
|
23
|
-
// eslint-disable-next-line no-console
|
|
24
|
-
console.log('Decoded token info', {
|
|
25
|
-
requestId,
|
|
26
|
-
decodedToken,
|
|
27
|
-
});
|
|
28
|
-
const sellerIdFromCookie = request.cookies.get(auth0Config.selectedSellerIdCookie.name)?.value;
|
|
29
|
-
const sellerIdFromToken = decodedToken?.sellerId;
|
|
30
|
-
if (shouldRefresh && sellerIdFromCookie !== sellerIdFromToken) {
|
|
31
|
-
const staleResult = {
|
|
32
|
-
expiresAt: session?.tokenSet.expiresAt || 0,
|
|
33
|
-
token: session?.tokenSet.accessToken || '',
|
|
34
|
-
};
|
|
35
|
-
log('Out of sync token detected returning stale token', {
|
|
36
|
-
requestId,
|
|
37
|
-
...staleResult,
|
|
38
|
-
});
|
|
39
|
-
return staleResult;
|
|
40
|
-
}
|
|
41
19
|
const result = await auth0Instance.getAccessToken(request, response, {
|
|
42
20
|
refresh: shouldRefresh,
|
|
43
21
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"proactivelyRefreshAccessToken.js","sources":["../../../../../src/server/middleware/proactivelyRefreshAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"proactivelyRefreshAccessToken.js","sources":["../../../../../src/server/middleware/proactivelyRefreshAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":";;;AAQA,MAAM,GAAG,GAAG,KAAK,CAAC,4BAA4B,CAAC;AAExC,MAAM,6BAA6B,GAAG,OAAO,EAClD,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,GAMZ,KAAmD;AAClD,IAAA,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC;AAC/C,IAAA,GAAG,CAAC,qCAAqC,EAAE,EAAE,SAAS,EAAE,CAAC;IACzD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,MAAM,SAAS,GAAG,OAAO,EAAE,QAAQ,CAAC,SAAS,IAAI,CAAC;IAClD,MAAM,gBAAgB,GAAG,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI;AACtD,IAAA,MAAM,aAAa,GACjB,WAAW,CAAC,sBAAsB,IAAI,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE;IAE1E,GAAG,CAAC,wBAAwB,EAAE;QAC5B,SAAS;QACT,aAAa;AACb,QAAA,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC;QAC9C,iBAAiB,EAAE,WAAW,CAAC,sBAAsB;QACrD,UAAU,EAAE,CAAC,CAAC,OAAO;AACtB,KAAA,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE;AACnE,QAAA,OAAO,EAAE,aAAa;AACvB,KAAA,CAAC;IAEF,GAAG,CAAC,wBAAwB,EAAE;QAC5B,SAAS;QACT,SAAS,EAAE,MAAM,CAAC,SAAS;AAC3B,QAAA,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;AACjC,KAAA,CAAC;AAEF,IAAA,OAAO,MAAM;AACf;;;;"}
|