npm - @workos-inc/authkit-nextjs - Versions diffs - 0.4.0 - Mend

@workos-inc/authkit-nextjs 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/LICENSE +21 -0
package/README.md +145 -0
package/dist/cjs/auth.d.ts +3 -0
package/dist/cjs/auth.js +17 -0
package/dist/cjs/auth.js.map +1 -0
package/dist/cjs/authkit-callback-route.d.ts +3 -0
package/dist/cjs/authkit-callback-route.js +58 -0
package/dist/cjs/authkit-callback-route.js.map +1 -0
package/dist/cjs/button.d.ts +3 -0
package/dist/cjs/button.js +25 -0
package/dist/cjs/button.js.map +1 -0
package/dist/cjs/cookie.d.ts +8 -0
package/dist/cjs/cookie.js +13 -0
package/dist/cjs/cookie.js.map +1 -0
package/dist/cjs/env-variables.d.ts +5 -0
package/dist/cjs/env-variables.js +22 -0
package/dist/cjs/env-variables.js.map +1 -0
package/dist/cjs/get-authorization-url.d.ts +2 -0
package/dist/cjs/get-authorization-url.js +15 -0
package/dist/cjs/get-authorization-url.js.map +1 -0
package/dist/cjs/impersonation.d.ts +6 -0
package/dist/cjs/impersonation.js +119 -0
package/dist/cjs/impersonation.js.map +1 -0
package/dist/cjs/index.d.ts +6 -0
package/dist/cjs/index.js +15 -0
package/dist/cjs/index.js.map +1 -0
package/dist/cjs/interfaces.d.ts +33 -0
package/dist/cjs/interfaces.js +3 -0
package/dist/cjs/interfaces.js.map +1 -0
package/dist/cjs/middleware.d.ts +6 -0
package/dist/cjs/middleware.js +11 -0
package/dist/cjs/middleware.js.map +1 -0
package/dist/cjs/min-max-button.d.ts +7 -0
package/dist/cjs/min-max-button.js +15 -0
package/dist/cjs/min-max-button.js.map +1 -0
package/dist/cjs/session.d.ts +12 -0
package/dist/cjs/session.js +123 -0
package/dist/cjs/session.js.map +1 -0
package/dist/cjs/workos.d.ts +3 -0
package/dist/cjs/workos.js +10 -0
package/dist/cjs/workos.js.map +1 -0
package/package.json +55 -0
package/src/auth.ts +15 -0
package/src/authkit-callback-route.ts +69 -0
package/src/button.tsx +32 -0
package/src/cookie.ts +9 -0
package/src/env-variables.ts +18 -0
package/src/get-authorization-url.ts +13 -0
package/src/impersonation.tsx +157 -0
package/src/index.ts +17 -0
package/src/interfaces.ts +37 -0
package/src/middleware.ts +12 -0
package/src/min-max-button.tsx +23 -0
package/src/session.ts +137 -0
package/src/workos.ts +7 -0

package/src/session.ts ADDED Viewed

@@ -0,0 +1,137 @@
+import { redirect } from 'next/navigation';
+import { cookies, headers } from 'next/headers';
+import { NextRequest, NextResponse } from 'next/server';
+import { jwtVerify, createRemoteJWKSet, decodeJwt } from 'jose';
+import { sealData, unsealData } from 'iron-session';
+import { cookieName, cookieOptions } from './cookie.js';
+import { workos } from './workos.js';
+import { WORKOS_CLIENT_ID, WORKOS_COOKIE_PASSWORD } from './env-variables.js';
+import { getAuthorizationUrl } from './get-authorization-url.js';
+import { AccessToken, NoUserInfo, Session, UserInfo } from './interfaces.js';
+const sessionHeaderName = 'x-workos-session';
+const JWKS = createRemoteJWKSet(new URL(workos.userManagement.getJwksUrl(WORKOS_CLIENT_ID)));
+async function encryptSession(session: Session) {
+  return sealData(session, { password: WORKOS_COOKIE_PASSWORD });
+}
+async function updateSession(request: NextRequest, debug: boolean) {
+  const session = await getSessionFromCookie();
+  // If no session, just continue
+  if (!session) {
+    return NextResponse.next();
+  }
+  const hasValidSession = await verifyAccessToken(session.accessToken);
+  const newRequestHeaders = new Headers(request.headers);
+  if (hasValidSession) {
+    if (debug) console.log('Session is valid');
+    // set the x-workos-session header according to the current cookie value
+    newRequestHeaders.set(sessionHeaderName, cookies().get(cookieName)!.value);
+    return NextResponse.next({
+      headers: newRequestHeaders,
+    });
+  }
+  try {
+    if (debug) console.log('Session invalid. Attempting refresh', session.refreshToken);
+    // If the session is invalid (i.e. the access token has expired) attempt to re-authenticate with the refresh token
+    const { accessToken, refreshToken } = await workos.userManagement.authenticateWithRefreshToken({
+      clientId: WORKOS_CLIENT_ID,
+      refreshToken: session.refreshToken,
+    });
+    if (debug) console.log('Refresh successful:', refreshToken);
+    // Encrypt session with new access and refresh tokens
+    const encryptedSession = await encryptSession({
+      accessToken,
+      refreshToken,
+      user: session.user,
+      impersonator: session.impersonator,
+    });
+    newRequestHeaders.set(sessionHeaderName, encryptedSession);
+    const response = NextResponse.next({
+      request: {
+        headers: newRequestHeaders,
+      },
+    });
+    // update the cookie
+    response.cookies.set(cookieName, encryptedSession, cookieOptions);
+    return response;
+  } catch (e) {
+    console.warn('Failed to refresh', e);
+    const response = NextResponse.next();
+    response.cookies.delete(cookieName);
+    return response;
+  }
+}
+async function getUser(options?: { ensureSignedIn: false }): Promise<UserInfo | NoUserInfo>;
+async function getUser(options: { ensureSignedIn: true }): Promise<UserInfo>;
+async function getUser({ ensureSignedIn = false } = {}) {
+  const session = await getSessionFromHeader();
+  if (!session) {
+    if (ensureSignedIn) {
+      const returnPathname = headers().get('next-url') ?? undefined;
+      redirect(await getAuthorizationUrl(returnPathname));
+    }
+    return { user: null };
+  }
+  const { sid: sessionId, org_id: organizationId, role } = decodeJwt<AccessToken>(session.accessToken);
+  return {
+    sessionId,
+    user: session.user,
+    organizationId,
+    role,
+    impersonator: session.impersonator,
+  };
+}
+async function terminateSession() {
+  const { sessionId } = await getUser();
+  if (sessionId) {
+    redirect(workos.userManagement.getLogoutUrl({ sessionId }));
+  }
+  redirect('/');
+}
+async function verifyAccessToken(accessToken: string) {
+  try {
+    await jwtVerify(accessToken, JWKS);
+    return true;
+  } catch (e) {
+    console.warn('Failed to verify session:', e);
+    return false;
+  }
+}
+async function getSessionFromCookie() {
+  const cookie = cookies().get(cookieName);
+  if (cookie) {
+    return unsealData<Session>(cookie.value, {
+      password: WORKOS_COOKIE_PASSWORD,
+    });
+  }
+}
+async function getSessionFromHeader(): Promise<Session | undefined> {
+  const authHeader = headers().get(sessionHeaderName);
+  if (!authHeader) return;
+  return unsealData<Session>(authHeader, { password: WORKOS_COOKIE_PASSWORD });
+}
+export { encryptSession, updateSession, getUser, terminateSession };

package/src/workos.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import WorkOS from '@workos-inc/node';
+import { WORKOS_API_KEY } from './env-variables.js';
+// Initialize the WorkOS client
+const workos = new WorkOS(WORKOS_API_KEY);
+export { workos };