@workos-inc/authkit-nextjs 0.4.0 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/session.js +23 -9
- package/dist/cjs/session.js.map +1 -1
- package/package.json +1 -1
- package/src/session.ts +30 -9
package/dist/cjs/session.js
CHANGED
|
@@ -11,6 +11,7 @@ const workos_js_1 = require("./workos.js");
|
|
|
11
11
|
const env_variables_js_1 = require("./env-variables.js");
|
|
12
12
|
const get_authorization_url_js_1 = require("./get-authorization-url.js");
|
|
13
13
|
const sessionHeaderName = 'x-workos-session';
|
|
14
|
+
const middlewareHeaderName = 'x-workos-middleware';
|
|
14
15
|
const JWKS = (0, jose_1.createRemoteJWKSet)(new URL(workos_js_1.workos.userManagement.getJwksUrl(env_variables_js_1.WORKOS_CLIENT_ID)));
|
|
15
16
|
async function encryptSession(session) {
|
|
16
17
|
return (0, iron_session_1.sealData)(session, { password: env_variables_js_1.WORKOS_COOKIE_PASSWORD });
|
|
@@ -18,19 +19,28 @@ async function encryptSession(session) {
|
|
|
18
19
|
exports.encryptSession = encryptSession;
|
|
19
20
|
async function updateSession(request, debug) {
|
|
20
21
|
const session = await getSessionFromCookie();
|
|
22
|
+
const newRequestHeaders = new Headers(request.headers);
|
|
23
|
+
// We store the current request url in a custom header, so we can always have access to it
|
|
24
|
+
// This is because on hard navigations we don't have access to `next-url` but need to get the current
|
|
25
|
+
// `pathname` to be able to return the users where they came from before sign-in
|
|
26
|
+
newRequestHeaders.set('x-url', request.url);
|
|
27
|
+
// Record that the request was routed through the middleware so we can check later for DX purposes
|
|
28
|
+
newRequestHeaders.set(middlewareHeaderName, 'true');
|
|
29
|
+
newRequestHeaders.delete(sessionHeaderName);
|
|
21
30
|
// If no session, just continue
|
|
22
31
|
if (!session) {
|
|
23
|
-
return server_1.NextResponse.next(
|
|
32
|
+
return server_1.NextResponse.next({
|
|
33
|
+
request: { headers: newRequestHeaders },
|
|
34
|
+
});
|
|
24
35
|
}
|
|
25
36
|
const hasValidSession = await verifyAccessToken(session.accessToken);
|
|
26
|
-
const newRequestHeaders = new Headers(request.headers);
|
|
27
37
|
if (hasValidSession) {
|
|
28
38
|
if (debug)
|
|
29
39
|
console.log('Session is valid');
|
|
30
40
|
// set the x-workos-session header according to the current cookie value
|
|
31
41
|
newRequestHeaders.set(sessionHeaderName, (0, headers_1.cookies)().get(cookie_js_1.cookieName).value);
|
|
32
42
|
return server_1.NextResponse.next({
|
|
33
|
-
headers: newRequestHeaders,
|
|
43
|
+
request: { headers: newRequestHeaders },
|
|
34
44
|
});
|
|
35
45
|
}
|
|
36
46
|
try {
|
|
@@ -52,9 +62,7 @@ async function updateSession(request, debug) {
|
|
|
52
62
|
});
|
|
53
63
|
newRequestHeaders.set(sessionHeaderName, encryptedSession);
|
|
54
64
|
const response = server_1.NextResponse.next({
|
|
55
|
-
request: {
|
|
56
|
-
headers: newRequestHeaders,
|
|
57
|
-
},
|
|
65
|
+
request: { headers: newRequestHeaders },
|
|
58
66
|
});
|
|
59
67
|
// update the cookie
|
|
60
68
|
response.cookies.set(cookie_js_1.cookieName, encryptedSession, cookie_js_1.cookieOptions);
|
|
@@ -62,18 +70,24 @@ async function updateSession(request, debug) {
|
|
|
62
70
|
}
|
|
63
71
|
catch (e) {
|
|
64
72
|
console.warn('Failed to refresh', e);
|
|
65
|
-
const response = server_1.NextResponse.next(
|
|
73
|
+
const response = server_1.NextResponse.next({
|
|
74
|
+
request: { headers: newRequestHeaders },
|
|
75
|
+
});
|
|
66
76
|
response.cookies.delete(cookie_js_1.cookieName);
|
|
67
77
|
return response;
|
|
68
78
|
}
|
|
69
79
|
}
|
|
70
80
|
exports.updateSession = updateSession;
|
|
71
81
|
async function getUser({ ensureSignedIn = false } = {}) {
|
|
72
|
-
|
|
82
|
+
const hasMiddleware = Boolean((0, headers_1.headers)().get(middlewareHeaderName));
|
|
83
|
+
if (!hasMiddleware) {
|
|
84
|
+
throw new Error('You are calling `getUser` on a path that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling `getUser` from by updating your middleware config in `middleware.(js|ts)`.');
|
|
85
|
+
}
|
|
73
86
|
const session = await getSessionFromHeader();
|
|
74
87
|
if (!session) {
|
|
75
88
|
if (ensureSignedIn) {
|
|
76
|
-
const
|
|
89
|
+
const url = (0, headers_1.headers)().get('x-url');
|
|
90
|
+
const returnPathname = url ? new URL(url).pathname : undefined;
|
|
77
91
|
(0, navigation_1.redirect)(await (0, get_authorization_url_js_1.getAuthorizationUrl)(returnPathname));
|
|
78
92
|
}
|
|
79
93
|
return { user: null };
|
package/dist/cjs/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":";;;AAAA,gDAA2C;AAC3C,0CAAgD;AAChD,wCAAwD;AACxD,+BAAgE;AAChE,+CAAoD;AACpD,2CAAwD;AACxD,2CAAqC;AACrC,yDAA8E;AAC9E,yEAAiE;AAGjE,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":";;;AAAA,gDAA2C;AAC3C,0CAAgD;AAChD,wCAAwD;AACxD,+BAAgE;AAChE,+CAAoD;AACpD,2CAAwD;AACxD,2CAAqC;AACrC,yDAA8E;AAC9E,yEAAiE;AAGjE,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AAEnD,MAAM,IAAI,GAAG,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,kBAAM,CAAC,cAAc,CAAC,UAAU,CAAC,mCAAgB,CAAC,CAAC,CAAC,CAAC;AAE7F,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,IAAA,uBAAQ,EAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,yCAAsB,EAAE,CAAC,CAAC;AACjE,CAAC;AA2IQ,wCAAc;AAzIvB,KAAK,UAAU,aAAa,CAAC,OAAoB,EAAE,KAAc;IAC/D,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,MAAM,iBAAiB,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,+BAA+B;IAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,qBAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,IAAI,eAAe,EAAE,CAAC;QACpB,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC3C,wEAAwE;QACxE,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAC3E,OAAO,qBAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC;QACH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAEpF,kHAAkH;QAClH,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,MAAM,kBAAM,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC7F,QAAQ,EAAE,mCAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC,CAAC;QAEH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,YAAY,CAAC,CAAC;QAE5D,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC,CAAC;QAEH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,qBAAY,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;QACH,oBAAoB;QACpB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAU,EAAE,gBAAgB,EAAE,yBAAa,CAAC,CAAC;QAClE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,qBAAY,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;QACH,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAU,CAAC,CAAC;QACpC,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAsEwB,sCAAa;AAhEtC,KAAK,UAAU,OAAO,CAAC,EAAE,cAAc,GAAG,KAAK,EAAE,GAAG,EAAE;IACpD,MAAM,aAAa,GAAG,OAAO,CAAC,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAEnE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,mNAAmN,CACpN,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,cAAc,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC/D,IAAA,qBAAQ,EAAC,MAAM,IAAA,8CAAmB,EAAC,cAAc,CAAC,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,GAAG,IAAA,gBAAS,EAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAErG,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,YAAY,EAAE,OAAO,CAAC,YAAY;KACnC,CAAC;AACJ,CAAC;AAoCuC,0BAAO;AAlC/C,KAAK,UAAU,gBAAgB;IAC7B,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,OAAO,EAAE,CAAC;IACtC,IAAI,SAAS,EAAE,CAAC;QACd,IAAA,qBAAQ,EAAC,kBAAM,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,IAAA,qBAAQ,EAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AA4BgD,4CAAgB;AA1BjE,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,IAAA,gBAAS,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,IAAI,CAAC,2BAA2B,EAAE,CAAC,CAAC,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,MAAM,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,CAAC,CAAC;IACzC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,IAAA,yBAAU,EAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,yCAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,UAAU,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACpD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,IAAA,yBAAU,EAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,yCAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC"}
|
package/package.json
CHANGED
package/src/session.ts
CHANGED
|
@@ -10,6 +10,7 @@ import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
|
10
10
|
import { AccessToken, NoUserInfo, Session, UserInfo } from './interfaces.js';
|
|
11
11
|
|
|
12
12
|
const sessionHeaderName = 'x-workos-session';
|
|
13
|
+
const middlewareHeaderName = 'x-workos-middleware';
|
|
13
14
|
|
|
14
15
|
const JWKS = createRemoteJWKSet(new URL(workos.userManagement.getJwksUrl(WORKOS_CLIENT_ID)));
|
|
15
16
|
|
|
@@ -19,22 +20,33 @@ async function encryptSession(session: Session) {
|
|
|
19
20
|
|
|
20
21
|
async function updateSession(request: NextRequest, debug: boolean) {
|
|
21
22
|
const session = await getSessionFromCookie();
|
|
23
|
+
const newRequestHeaders = new Headers(request.headers);
|
|
24
|
+
|
|
25
|
+
// We store the current request url in a custom header, so we can always have access to it
|
|
26
|
+
// This is because on hard navigations we don't have access to `next-url` but need to get the current
|
|
27
|
+
// `pathname` to be able to return the users where they came from before sign-in
|
|
28
|
+
newRequestHeaders.set('x-url', request.url);
|
|
29
|
+
|
|
30
|
+
// Record that the request was routed through the middleware so we can check later for DX purposes
|
|
31
|
+
newRequestHeaders.set(middlewareHeaderName, 'true');
|
|
32
|
+
|
|
33
|
+
newRequestHeaders.delete(sessionHeaderName);
|
|
22
34
|
|
|
23
35
|
// If no session, just continue
|
|
24
36
|
if (!session) {
|
|
25
|
-
return NextResponse.next(
|
|
37
|
+
return NextResponse.next({
|
|
38
|
+
request: { headers: newRequestHeaders },
|
|
39
|
+
});
|
|
26
40
|
}
|
|
27
41
|
|
|
28
42
|
const hasValidSession = await verifyAccessToken(session.accessToken);
|
|
29
43
|
|
|
30
|
-
const newRequestHeaders = new Headers(request.headers);
|
|
31
|
-
|
|
32
44
|
if (hasValidSession) {
|
|
33
45
|
if (debug) console.log('Session is valid');
|
|
34
46
|
// set the x-workos-session header according to the current cookie value
|
|
35
47
|
newRequestHeaders.set(sessionHeaderName, cookies().get(cookieName)!.value);
|
|
36
48
|
return NextResponse.next({
|
|
37
|
-
headers: newRequestHeaders,
|
|
49
|
+
request: { headers: newRequestHeaders },
|
|
38
50
|
});
|
|
39
51
|
}
|
|
40
52
|
|
|
@@ -60,16 +72,16 @@ async function updateSession(request: NextRequest, debug: boolean) {
|
|
|
60
72
|
newRequestHeaders.set(sessionHeaderName, encryptedSession);
|
|
61
73
|
|
|
62
74
|
const response = NextResponse.next({
|
|
63
|
-
request: {
|
|
64
|
-
headers: newRequestHeaders,
|
|
65
|
-
},
|
|
75
|
+
request: { headers: newRequestHeaders },
|
|
66
76
|
});
|
|
67
77
|
// update the cookie
|
|
68
78
|
response.cookies.set(cookieName, encryptedSession, cookieOptions);
|
|
69
79
|
return response;
|
|
70
80
|
} catch (e) {
|
|
71
81
|
console.warn('Failed to refresh', e);
|
|
72
|
-
const response = NextResponse.next(
|
|
82
|
+
const response = NextResponse.next({
|
|
83
|
+
request: { headers: newRequestHeaders },
|
|
84
|
+
});
|
|
73
85
|
response.cookies.delete(cookieName);
|
|
74
86
|
return response;
|
|
75
87
|
}
|
|
@@ -80,10 +92,19 @@ async function getUser(options?: { ensureSignedIn: false }): Promise<UserInfo |
|
|
|
80
92
|
async function getUser(options: { ensureSignedIn: true }): Promise<UserInfo>;
|
|
81
93
|
|
|
82
94
|
async function getUser({ ensureSignedIn = false } = {}) {
|
|
95
|
+
const hasMiddleware = Boolean(headers().get(middlewareHeaderName));
|
|
96
|
+
|
|
97
|
+
if (!hasMiddleware) {
|
|
98
|
+
throw new Error(
|
|
99
|
+
'You are calling `getUser` on a path that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling `getUser` from by updating your middleware config in `middleware.(js|ts)`.',
|
|
100
|
+
);
|
|
101
|
+
}
|
|
102
|
+
|
|
83
103
|
const session = await getSessionFromHeader();
|
|
84
104
|
if (!session) {
|
|
85
105
|
if (ensureSignedIn) {
|
|
86
|
-
const
|
|
106
|
+
const url = headers().get('x-url');
|
|
107
|
+
const returnPathname = url ? new URL(url).pathname : undefined;
|
|
87
108
|
redirect(await getAuthorizationUrl(returnPathname));
|
|
88
109
|
}
|
|
89
110
|
return { user: null };
|