@workos-inc/authkit-nextjs 0.4.1 → 0.5.0

package/README.md

@@ -65,8 +65,8 @@ import { authkitMiddleware } from '@workos-inc/authkit-nextjs';
 export default authkitMiddleware();
 
 // Match against pages that require auth
-// Leave this out if you want auth on every page in your application
-export const config = { matcher: ['/admin'] };
+// Leave this out if you want auth on every resource (including images, css etc.)
+export const config = { matcher: ['/', '/admin'] };
 ```
 
 ## Usage
@@ -77,16 +77,28 @@ For pages where you want to display a signed-in and signed-out view, use `getUse
 
 ```jsx
 import Link from 'next/link';
-import { getSignInUrl, getUser, signOut } from '@workos-inc/authkit-nextjs';
+import { getSignInUrl, getSignUpUrl, getUser, signOut } from '@workos-inc/authkit-nextjs';
 
 export default async function HomePage() {
   // Retrieves the user from the session or returns `null` if no user is signed in
   const { user } = await getUser();
 
-  // Get the URL to redirect the user to AuthKit to sign in
-  const signInUrl = await getSignInUrl();
+  if (!user) {
+    // Get the URL to redirect the user to AuthKit to sign in
+    const signInUrl = await getSignInUrl();
 
-  return user ? (
+    // Get the URL to redirect the user to AuthKit to sign up
+    const signUpUrl = await getSignUpUrl();
+
+    return (
+      <>
+        <Link href={signInUrl}>Log in</Link>
+        <Link href={signUpUrl}>Sign Up</Link>
+      </>
+    );
+  }
+
+  return (
     <form
       action={async () => {
         'use server';
@@ -96,8 +108,6 @@ export default async function HomePage() {
       <p>Welcome back {user?.firstName && `, ${user?.firstName}`}</p>
       <button type="submit">Sign out</button>
     </form>
-  ) : (
-    <Link href={signInUrl}>Sign in</Link>
   );
 }
 ```
@@ -112,6 +122,29 @@ const { user } = await getUser({ ensureSignedIn: true });
 
 Enabling `ensureSignedIn` will redirect users to AuthKit if they attempt to access the page without being authenticated.
 
+### Middleware auth
+
+The default behavior of this library is to request authentication via the `getUser` method on a per-page basis. There are some use cases where you don't want to call `getUser` (e.g. you don't need user data for your page) or if you'd prefer a "secure by default" approach where every route defined in your middleware matcher is protected unless specified otherwise. In those cases you can opt-in to use middleware auth instead:
+
+```ts
+import { authkitMiddleware } from '@workos-inc/authkit-nextjs';
+
+export default authkitMiddleware({
+  middlewareAuth: {
+    enabled: true,
+    unauthenticatedPaths: ['/', '/about'],
+  },
+});
+
+// Match against pages that require auth
+// Leave this out if you want auth on every resource (including images, css etc.)
+export const config = { matcher: ['/', '/admin/:path*', '/about'] };
+```
+
+In the above example the `/admin` page will require a user to be signed in, whereas `/` and `/about` can be accessed without signing in.
+
+`unauthenticatedPaths` uses the same glob logic as the [Next.js matcher](https://nextjs.org/docs/pages/building-your-application/routing/middleware#matcher).
+
 ### Signing out
 
 Use the `signOut` method to sign out the current logged in user and redirect to your app's homepage. The homepage redirect is set in your WorkOS dashboard settings under "Redirect".
@@ -143,3 +176,9 @@ import { authkitMiddleware } from '@workos-inc/authkit-nextjs';
 
 export default authkitMiddleware({ debug: true });
 ```
+
+### Troubleshooting
+
+#### NEXT_REDIRECT error when using try/catch blocks
+
+Wrapping a `getUser({ ensureSignedIn: true })` call in a try/catch block will cause a `NEXT_REDIRECT` error. This is because `getUser` will attempt to redirect the user to AuthKit if no session is detected and redirects in Next must be [called outside a try/catch](https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions-and-mutations#redirecting).

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@workos-inc/authkit-nextjs",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "description": "Authentication and session helpers for using WorkOS & AuthKit with Next.js",
   "sideEffects": false,
   "type": "commonjs",
@@ -23,9 +23,10 @@
     "test": "echo \"Error: no test specified\" && exit 1"
   },
   "dependencies": {
-    "@workos-inc/node": "^6.7.0",
+    "@workos-inc/node": "^6.8.0",
     "iron-session": "^8.0.1",
-    "jose": "^5.2.3"
+    "jose": "^5.2.3",
+    "path-to-regexp": "^6.2.2"
   },
   "peerDependencies": {
     "next": "^13.5.4 || ^14.0.3",

package/src/auth.ts

@@ -4,7 +4,11 @@ import { cookieName } from './cookie.js';
 import { terminateSession } from './session.js';
 
 async function getSignInUrl() {
-  return getAuthorizationUrl();
+  return getAuthorizationUrl({ screenHint: 'sign-in' });
+}
+
+async function getSignUpUrl() {
+  return getAuthorizationUrl({ screenHint: 'sign-up' });
 }
 
 async function signOut() {
@@ -12,4 +16,4 @@ async function signOut() {
   await terminateSession();
 }
 
-export { getSignInUrl, signOut };
+export { getSignInUrl, getSignUpUrl, signOut };

package/src/cookie.ts

@@ -1,8 +1,13 @@
+import { WORKOS_REDIRECT_URI } from './env-variables.js';
+
+const redirectUrl = new URL(WORKOS_REDIRECT_URI);
+const isSecureProtocol = redirectUrl.protocol === 'https:';
+
 const cookieName = 'wos-session';
 const cookieOptions = {
   path: '/',
   httpOnly: true,
-  secure: true,
+  secure: isSecureProtocol,
   sameSite: 'lax' as const,
 };
 

package/src/get-authorization-url.ts

@@ -1,12 +1,16 @@
 import { workos } from './workos.js';
 import { WORKOS_CLIENT_ID, WORKOS_REDIRECT_URI } from './env-variables.js';
+import { GetAuthURLOptions } from './interfaces.js';
+
+async function getAuthorizationUrl(options: GetAuthURLOptions = {}) {
+  const { returnPathname, screenHint } = options;
 
-async function getAuthorizationUrl(returnPathname?: string) {
   return workos.userManagement.getAuthorizationUrl({
     provider: 'authkit',
     clientId: WORKOS_CLIENT_ID,
     redirectUri: WORKOS_REDIRECT_URI,
     state: returnPathname ? btoa(JSON.stringify({ returnPathname })) : undefined,
+    screenHint,
   });
 }
 

package/src/index.ts

@@ -1,7 +1,7 @@
 import { handleAuth } from './authkit-callback-route.js';
 import { authkitMiddleware } from './middleware.js';
 import { getUser } from './session.js';
-import { getSignInUrl, signOut } from './auth.js';
+import { getSignInUrl, getSignUpUrl, signOut } from './auth.js';
 import { Impersonation } from './impersonation.js';
 
 export {
@@ -10,6 +10,7 @@ export {
   authkitMiddleware,
   //
   getSignInUrl,
+  getSignUpUrl,
   getUser,
   signOut,
   //

package/src/interfaces.ts

@@ -35,3 +35,18 @@ export interface AccessToken {
   org_id?: string;
   role?: string;
 }
+
+export interface GetAuthURLOptions {
+  screenHint?: 'sign-up' | 'sign-in';
+  returnPathname?: string;
+}
+
+export interface AuthkitMiddlewareAuth {
+  enabled: boolean;
+  unauthenticatedPaths: string[];
+}
+
+export interface AuthkitMiddlewareOptions {
+  debug?: boolean;
+  middlewareAuth?: AuthkitMiddlewareAuth;
+}

package/src/middleware.ts

@@ -1,12 +1,12 @@
 import { NextMiddleware } from 'next/server';
 import { updateSession } from './session.js';
+import { AuthkitMiddlewareOptions } from './interfaces.js';
 
-interface AuthkitMiddlewareOptions {
-  debug?: boolean;
-}
-
-export function authkitMiddleware({ debug = false }: AuthkitMiddlewareOptions = {}): NextMiddleware {
+export function authkitMiddleware({
+  debug = false,
+  middlewareAuth = { enabled: false, unauthenticatedPaths: [] },
+}: AuthkitMiddlewareOptions = {}): NextMiddleware {
   return function (request) {
-    return updateSession(request, debug);
+    return updateSession(request, debug, middlewareAuth);
   };
 }

package/src/session.ts

@@ -5,9 +5,11 @@ import { jwtVerify, createRemoteJWKSet, decodeJwt } from 'jose';
 import { sealData, unsealData } from 'iron-session';
 import { cookieName, cookieOptions } from './cookie.js';
 import { workos } from './workos.js';
-import { WORKOS_CLIENT_ID, WORKOS_COOKIE_PASSWORD } from './env-variables.js';
+import { WORKOS_CLIENT_ID, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI } from './env-variables.js';
 import { getAuthorizationUrl } from './get-authorization-url.js';
-import { AccessToken, NoUserInfo, Session, UserInfo } from './interfaces.js';
+import { AccessToken, AuthkitMiddlewareAuth, NoUserInfo, Session, UserInfo } from './interfaces.js';
+
+import { parse, tokensToRegexp } from 'path-to-regexp';
 
 const sessionHeaderName = 'x-workos-session';
 const middlewareHeaderName = 'x-workos-middleware';
@@ -18,7 +20,7 @@ async function encryptSession(session: Session) {
   return sealData(session, { password: WORKOS_COOKIE_PASSWORD });
 }
 
-async function updateSession(request: NextRequest, debug: boolean) {
+async function updateSession(request: NextRequest, debug: boolean, middlewareAuth: AuthkitMiddlewareAuth) {
   const session = await getSessionFromCookie();
   const newRequestHeaders = new Headers(request.headers);
 
@@ -30,6 +32,20 @@ async function updateSession(request: NextRequest, debug: boolean) {
   // Record that the request was routed through the middleware so we can check later for DX purposes
   newRequestHeaders.set(middlewareHeaderName, 'true');
 
+  newRequestHeaders.delete(sessionHeaderName);
+
+  const matchedPaths: string[] = middlewareAuth.unauthenticatedPaths.filter((pathGlob) => {
+    const pathRegex = getMiddlewareAuthPathRegex(pathGlob);
+
+    return pathRegex.exec(request.nextUrl.pathname);
+  });
+
+  // If the user is logged out and this path isn't on the allowlist for logged out paths, redirect to AuthKit.
+  if (middlewareAuth.enabled && matchedPaths.length === 0 && !session) {
+    if (debug) console.log('Unauthenticated user on protected route, redirecting to AuthKit');
+    return NextResponse.redirect(await getAuthorizationUrl({ returnPathname: new URL(request.url).pathname }));
+  }
+
   // If no session, just continue
   if (!session) {
     return NextResponse.next({
@@ -77,12 +93,31 @@ async function updateSession(request: NextRequest, debug: boolean) {
     return response;
   } catch (e) {
     console.warn('Failed to refresh', e);
-    const response = NextResponse.next();
+    const response = NextResponse.next({
+      request: { headers: newRequestHeaders },
+    });
     response.cookies.delete(cookieName);
     return response;
   }
 }
 
+function getMiddlewareAuthPathRegex(pathGlob: string) {
+  let regex: string;
+
+  try {
+    // Redirect URI is only used to construct the URL
+    const url = new URL(pathGlob, WORKOS_REDIRECT_URI);
+    const path = `${url.pathname!}${url.hash || ''}`;
+
+    const tokens = parse(path);
+    regex = tokensToRegexp(tokens).source;
+
+    return new RegExp(regex);
+  } catch (err) {
+    throw new Error(`Error parsing routes for middleware auth. Reason: ${err.message}`);
+  }
+}
+
 async function getUser(options?: { ensureSignedIn: false }): Promise<UserInfo | NoUserInfo>;
 
 async function getUser(options: { ensureSignedIn: true }): Promise<UserInfo>;
@@ -101,7 +136,7 @@ async function getUser({ ensureSignedIn = false } = {}) {
     if (ensureSignedIn) {
       const url = headers().get('x-url');
       const returnPathname = url ? new URL(url).pathname : undefined;
-      redirect(await getAuthorizationUrl(returnPathname));
+      redirect(await getAuthorizationUrl({ returnPathname }));
     }
     return { user: null };
   }

package/dist/cjs/auth.d.ts

@@ -1,3 +0,0 @@
-declare function getSignInUrl(): Promise<string>;
-declare function signOut(): Promise<void>;
-export { getSignInUrl, signOut };

package/dist/cjs/auth.js

@@ -1,17 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.signOut = exports.getSignInUrl = void 0;
-const get_authorization_url_js_1 = require("./get-authorization-url.js");
-const headers_1 = require("next/headers");
-const cookie_js_1 = require("./cookie.js");
-const session_js_1 = require("./session.js");
-async function getSignInUrl() {
-    return (0, get_authorization_url_js_1.getAuthorizationUrl)();
-}
-exports.getSignInUrl = getSignInUrl;
-async function signOut() {
-    (0, headers_1.cookies)().delete(cookie_js_1.cookieName);
-    await (0, session_js_1.terminateSession)();
-}
-exports.signOut = signOut;
-//# sourceMappingURL=auth.js.map

package/dist/cjs/auth.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":";;;AAAA,yEAAiE;AACjE,0CAAuC;AACvC,2CAAyC;AACzC,6CAAgD;AAEhD,KAAK,UAAU,YAAY;IACzB,OAAO,IAAA,8CAAmB,GAAE,CAAC;AAC/B,CAAC;AAOQ,oCAAY;AALrB,KAAK,UAAU,OAAO;IACpB,IAAA,iBAAO,GAAE,CAAC,MAAM,CAAC,sBAAU,CAAC,CAAC;IAC7B,MAAM,IAAA,6BAAgB,GAAE,CAAC;AAC3B,CAAC;AAEsB,0BAAO"}

package/dist/cjs/authkit-callback-route.d.ts

@@ -1,3 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { HandleAuthOptions } from './interfaces.js';
-export declare function handleAuth(options?: HandleAuthOptions): (request: NextRequest) => Promise<NextResponse<unknown>>;

package/dist/cjs/authkit-callback-route.js

@@ -1,58 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.handleAuth = void 0;
-const server_1 = require("next/server");
-const headers_1 = require("next/headers");
-const workos_js_1 = require("./workos.js");
-const env_variables_js_1 = require("./env-variables.js");
-const session_js_1 = require("./session.js");
-const cookie_js_1 = require("./cookie.js");
-function handleAuth(options = {}) {
-    const { returnPathname: returnPathnameOption = '/' } = options;
-    return async function GET(request) {
-        const code = request.nextUrl.searchParams.get('code');
-        const state = request.nextUrl.searchParams.get('state');
-        const returnPathname = state ? JSON.parse(atob(state)).returnPathname : null;
-        if (code) {
-            try {
-                // Use the code returned to us by AuthKit and authenticate the user with WorkOS
-                const { accessToken, refreshToken, user, impersonator } = await workos_js_1.workos.userManagement.authenticateWithCode({
-                    clientId: env_variables_js_1.WORKOS_CLIENT_ID,
-                    code,
-                });
-                const url = request.nextUrl.clone();
-                // Cleanup params
-                url.searchParams.delete('code');
-                url.searchParams.delete('state');
-                // Redirect to the requested path and store the session
-                url.pathname = returnPathname !== null && returnPathname !== void 0 ? returnPathname : returnPathnameOption;
-                const response = server_1.NextResponse.redirect(url);
-                if (!accessToken || !refreshToken)
-                    throw new Error('response is missing tokens');
-                // The refreshToken should never be accesible publicly, hence why we encrypt it in the cookie session
-                // Alternatively you could persist the refresh token in a backend database
-                const session = await (0, session_js_1.encryptSession)({ accessToken, refreshToken, user, impersonator });
-                (0, headers_1.cookies)().set(cookie_js_1.cookieName, session, cookie_js_1.cookieOptions);
-                return response;
-            }
-            catch (error) {
-                const errorRes = {
-                    error: error instanceof Error ? error.message : String(error),
-                };
-                console.error(errorRes);
-                return errorResponse();
-            }
-        }
-        return errorResponse();
-    };
-    function errorResponse() {
-        return server_1.NextResponse.json({
-            error: {
-                message: 'Something went wrong',
-                description: 'Couldn’t sign in. If you are not sure what happened, please contact your organization admin.',
-            },
-        }, { status: 500 });
-    }
-}
-exports.handleAuth = handleAuth;
-//# sourceMappingURL=authkit-callback-route.js.map

package/dist/cjs/authkit-callback-route.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":";;;AAAA,wCAAwD;AACxD,0CAAuC;AACvC,2CAAqC;AACrC,yDAAsD;AACtD,6CAA8C;AAC9C,2CAAwD;AAGxD,SAAgB,UAAU,CAAC,UAA6B,EAAE;IACxD,MAAM,EAAE,cAAc,EAAE,oBAAoB,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC;IAE/D,OAAO,KAAK,UAAU,GAAG,CAAC,OAAoB;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC;QAE7E,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC;gBACH,+EAA+E;gBAC/E,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,kBAAM,CAAC,cAAc,CAAC,oBAAoB,CAAC;oBACzG,QAAQ,EAAE,mCAAgB;oBAC1B,IAAI;iBACL,CAAC,CAAC;gBAEH,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAEpC,iBAAiB;gBACjB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAEjC,uDAAuD;gBACvD,GAAG,CAAC,QAAQ,GAAG,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,oBAAoB,CAAC;gBAEtD,MAAM,QAAQ,GAAG,qBAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAE5C,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY;oBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBAEjF,qGAAqG;gBACrG,0EAA0E;gBAC1E,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAc,EAAC,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;gBACxF,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,EAAE,OAAO,EAAE,yBAAa,CAAC,CAAC;gBAElD,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,QAAQ,GAAG;oBACf,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC;gBAEF,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAExB,OAAO,aAAa,EAAE,CAAC;YACzB,CAAC;QACH,CAAC;QAED,OAAO,aAAa,EAAE,CAAC;IACzB,CAAC,CAAC;IAEF,SAAS,aAAa;QACpB,OAAO,qBAAY,CAAC,IAAI,CACtB;YACE,KAAK,EAAE;gBACL,OAAO,EAAE,sBAAsB;gBAC/B,WAAW,EAAE,8FAA8F;aAC5G;SACF,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;IACJ,CAAC;AACH,CAAC;AA5DD,gCA4DC"}

package/dist/cjs/button.d.ts

@@ -1,3 +0,0 @@
-import * as React from 'react';
-declare const Button: React.ForwardRefExoticComponent<Omit<React.DetailedHTMLProps<React.ButtonHTMLAttributes<HTMLButtonElement>, HTMLButtonElement>, "ref"> & React.RefAttributes<HTMLButtonElement>>;
-export { Button };

package/dist/cjs/button.js

@@ -1,25 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Button = void 0;
-const tslib_1 = require("tslib");
-const React = tslib_1.__importStar(require("react"));
-const Button = React.forwardRef((props, forwardedRef) => {
-    return (React.createElement("button", { ref: forwardedRef, type: "button", ...props, style: {
-            display: 'inline-flex',
-            alignItems: 'center',
-            justifyContent: 'center',
-            flexShrink: 0,
-            height: '1.714em',
-            padding: '0 0.6em',
-            fontFamily: 'inherit',
-            fontSize: 'inherit',
-            borderRadius: 'min(max(calc(var(--wi-s) * 0.6), 1px), 7px)',
-            border: 'none',
-            backgroundColor: 'var(--wi-c)',
-            color: 'white',
-            ...props.style,
-        } }));
-});
-exports.Button = Button;
-Button.displayName = 'Button';
-//# sourceMappingURL=button.js.map

package/dist/cjs/button.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"button.js","sourceRoot":"","sources":["../../src/button.tsx"],"names":[],"mappings":";;;;AAAA,qDAA+B;AAE/B,MAAM,MAAM,GAAG,KAAK,CAAC,UAAU,CAA8D,CAAC,KAAK,EAAE,YAAY,EAAE,EAAE;IACnH,OAAO,CACL,gCACE,GAAG,EAAE,YAAY,EACjB,IAAI,EAAC,QAAQ,KACT,KAAK,EACT,KAAK,EAAE;YACL,OAAO,EAAE,aAAa;YACtB,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,QAAQ;YACxB,UAAU,EAAE,CAAC;YACb,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,SAAS;YAElB,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,6CAA6C;YAC3D,MAAM,EAAE,MAAM;YACd,eAAe,EAAE,aAAa;YAC9B,KAAK,EAAE,OAAO;YAEd,GAAG,KAAK,CAAC,KAAK;SACf,GACD,CACH,CAAC;AACJ,CAAC,CAAC,CAAC;AAIM,wBAAM;AAFf,MAAM,CAAC,WAAW,GAAG,QAAQ,CAAC"}

package/dist/cjs/cookie.d.ts

@@ -1,8 +0,0 @@
-declare const cookieName = "wos-session";
-declare const cookieOptions: {
-    path: string;
-    httpOnly: boolean;
-    secure: boolean;
-    sameSite: "lax";
-};
-export { cookieName, cookieOptions };

package/dist/cjs/cookie.js

@@ -1,13 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.cookieOptions = exports.cookieName = void 0;
-const cookieName = 'wos-session';
-exports.cookieName = cookieName;
-const cookieOptions = {
-    path: '/',
-    httpOnly: true,
-    secure: true,
-    sameSite: 'lax',
-};
-exports.cookieOptions = cookieOptions;
-//# sourceMappingURL=cookie.js.map

package/dist/cjs/cookie.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"cookie.js","sourceRoot":"","sources":["../../src/cookie.ts"],"names":[],"mappings":";;;AAAA,MAAM,UAAU,GAAG,aAAa,CAAC;AAQxB,gCAAU;AAPnB,MAAM,aAAa,GAAG;IACpB,IAAI,EAAE,GAAG;IACT,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,KAAc;CACzB,CAAC;AAEmB,sCAAa"}

package/dist/cjs/env-variables.d.ts

@@ -1,5 +0,0 @@
-declare const WORKOS_CLIENT_ID: string;
-declare const WORKOS_API_KEY: string;
-declare const WORKOS_REDIRECT_URI: string;
-declare const WORKOS_COOKIE_PASSWORD: string;
-export { WORKOS_CLIENT_ID, WORKOS_API_KEY, WORKOS_REDIRECT_URI, WORKOS_COOKIE_PASSWORD };

package/dist/cjs/env-variables.js

@@ -1,22 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.WORKOS_COOKIE_PASSWORD = exports.WORKOS_REDIRECT_URI = exports.WORKOS_API_KEY = exports.WORKOS_CLIENT_ID = void 0;
-function getEnvVariable(name) {
-    const envVariable = process.env[name];
-    if (!envVariable) {
-        throw new Error(`${name} environment variable is not set`);
-    }
-    return envVariable;
-}
-const WORKOS_CLIENT_ID = getEnvVariable('WORKOS_CLIENT_ID');
-exports.WORKOS_CLIENT_ID = WORKOS_CLIENT_ID;
-const WORKOS_API_KEY = getEnvVariable('WORKOS_API_KEY');
-exports.WORKOS_API_KEY = WORKOS_API_KEY;
-const WORKOS_REDIRECT_URI = getEnvVariable('WORKOS_REDIRECT_URI');
-exports.WORKOS_REDIRECT_URI = WORKOS_REDIRECT_URI;
-const WORKOS_COOKIE_PASSWORD = getEnvVariable('WORKOS_COOKIE_PASSWORD');
-exports.WORKOS_COOKIE_PASSWORD = WORKOS_COOKIE_PASSWORD;
-if (WORKOS_COOKIE_PASSWORD.length < 32) {
-    throw new Error('WORKOS_COOKIE_PASSWORD must be at least 32 characters long');
-}
-//# sourceMappingURL=env-variables.js.map

package/dist/cjs/env-variables.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"env-variables.js","sourceRoot":"","sources":["../../src/env-variables.ts"],"names":[],"mappings":";;;AAAA,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,kCAAkC,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,MAAM,gBAAgB,GAAG,cAAc,CAAC,kBAAkB,CAAC,CAAC;AASnD,4CAAgB;AARzB,MAAM,cAAc,GAAG,cAAc,CAAC,gBAAgB,CAAC,CAAC;AAQ7B,wCAAc;AAPzC,MAAM,mBAAmB,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;AAOvB,kDAAmB;AAN9D,MAAM,sBAAsB,GAAG,cAAc,CAAC,wBAAwB,CAAC,CAAC;AAMR,wDAAsB;AAJtF,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;IACvC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;AAChF,CAAC"}

package/dist/cjs/get-authorization-url.d.ts

@@ -1,2 +0,0 @@
-declare function getAuthorizationUrl(returnPathname?: string): Promise<string>;
-export { getAuthorizationUrl };

package/dist/cjs/get-authorization-url.js

@@ -1,15 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAuthorizationUrl = void 0;
-const workos_js_1 = require("./workos.js");
-const env_variables_js_1 = require("./env-variables.js");
-async function getAuthorizationUrl(returnPathname) {
-    return workos_js_1.workos.userManagement.getAuthorizationUrl({
-        provider: 'authkit',
-        clientId: env_variables_js_1.WORKOS_CLIENT_ID,
-        redirectUri: env_variables_js_1.WORKOS_REDIRECT_URI,
-        state: returnPathname ? btoa(JSON.stringify({ returnPathname })) : undefined,
-    });
-}
-exports.getAuthorizationUrl = getAuthorizationUrl;
-//# sourceMappingURL=get-authorization-url.js.map

package/dist/cjs/get-authorization-url.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":";;;AAAA,2CAAqC;AACrC,yDAA2E;AAE3E,KAAK,UAAU,mBAAmB,CAAC,cAAuB;IACxD,OAAO,kBAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC;QAC/C,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,mCAAgB;QAC1B,WAAW,EAAE,sCAAmB;QAChC,KAAK,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;KAC7E,CAAC,CAAC;AACL,CAAC;AAEQ,kDAAmB"}

package/dist/cjs/impersonation.d.ts

@@ -1,6 +0,0 @@
-import * as React from 'react';
-interface ImpersonationProps extends React.ComponentPropsWithoutRef<'div'> {
-    side?: 'top' | 'bottom';
-}
-export declare function Impersonation({ side, ...props }: ImpersonationProps): Promise<React.JSX.Element | null>;
-export {};

package/dist/cjs/impersonation.js

@@ -1,119 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Impersonation = void 0;
-const tslib_1 = require("tslib");
-const React = tslib_1.__importStar(require("react"));
-const session_js_1 = require("./session.js");
-const auth_js_1 = require("./auth.js");
-const workos_js_1 = require("./workos.js");
-const button_js_1 = require("./button.js");
-const min_max_button_js_1 = require("./min-max-button.js");
-async function Impersonation({ side = 'bottom', ...props }) {
-    const { impersonator, user, organizationId } = await (0, session_js_1.getUser)();
-    if (!impersonator)
-        return null;
-    const organization = organizationId ? await workos_js_1.workos.organizations.getOrganization(organizationId) : null;
-    return (React.createElement("div", { ...props, "data-workos-impersonation-root": "", style: {
-            'position': 'fixed',
-            'inset': 0,
-            'pointerEvents': 'none',
-            'zIndex': 9999,
-            // short properties with defaults for authoring convenience
-            '--wi-minimized': '0',
-            '--wi-s': 'min(max(var(--workos-impersonation-size, 4px), 2px), 15px)',
-            '--wi-bgc': 'var(--workos-impersonation-background-color, #fce654)',
-            '--wi-c': 'var(--workos-impersonation-color, #1a1600)',
-            '--wi-bc': 'var(--workos-impersonation-border-color, #e0c36c)',
-            '--wi-bw': 'var(--workos-impersonation-border-width, 1px)',
-            ...props.style,
-        } },
-        React.createElement("div", { style: {
-                '--wi-frame-size': 'calc(var(--wi-s) * (1 - var(--wi-minimized)) + var(--wi-minimized) * var(--wi-bw) * -1)',
-                'position': 'absolute',
-                'inset': 'calc(var(--wi-frame-size) * -1)',
-                'borderRadius': 'calc(var(--wi-frame-size) * 3)',
-                'boxShadow': `
-						inset 0 0 0 calc(var(--wi-frame-size) * 2) var(--wi-bgc),
-						inset 0 0 0 calc(var(--wi-frame-size) * 2 + var(--wi-bw)) var(--wi-bc)
-					`,
-                'transition': 'all 500ms cubic-bezier(0.16, 1, 0.3, 1)',
-            } }),
-        React.createElement("div", { style: {
-                display: 'flex',
-                justifyContent: 'center',
-                position: 'fixed',
-                left: 0,
-                right: 0,
-                ...(side === 'top' && { top: 'var(--wi-s)' }),
-                ...(side === 'bottom' && { bottom: 'var(--wi-s)' }),
-                fontFamily: "system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif",
-                fontSize: 'calc(12px + var(--wi-s) * 0.5)',
-                lineHeight: '1.4',
-            } },
-            React.createElement("form", { action: async () => {
-                    'use server';
-                    await (0, auth_js_1.signOut)();
-                }, style: {
-                    display: 'flex',
-                    alignItems: 'baseline',
-                    paddingLeft: 'var(--wi-s)',
-                    paddingRight: 'var(--wi-s)',
-                    position: 'relative',
-                    marginLeft: 'calc(var(--wi-s) * 2)',
-                    marginRight: 'calc(var(--wi-s) * 2)',
-                    pointerEvents: 'auto',
-                    backgroundColor: 'var(--wi-bgc)',
-                    borderStyle: 'solid',
-                    borderColor: 'var(--wi-bc)',
-                    borderLeftWidth: 'var(--wi-bw)',
-                    borderRightWidth: 'var(--wi-bw)',
-                    transition: 'all 500ms cubic-bezier(0.16, 1, 0.3, 1)',
-                    transform: `translateX(calc(var(--wi-minimized) * (var(--wi-s) * 10 - 5%)))`,
-                    opacity: 'calc(1 - var(--wi-minimized))',
-                    zIndex: 'calc(1 - var(--wi-minimized))',
-                    ...(side === 'top' && {
-                        paddingTop: 0,
-                        paddingBottom: 'var(--wi-s)',
-                        borderTopWidth: 0,
-                        borderBottomWidth: 'var(--wi-bw)',
-                        borderBottomLeftRadius: 'var(--wi-s)',
-                        borderBottomRightRadius: 'var(--wi-s)',
-                    }),
-                    ...(side === 'bottom' && {
-                        paddingTop: 'var(--wi-s)',
-                        paddingBottom: 0,
-                        borderTopWidth: 'var(--wi-bw)',
-                        borderBottomWidth: 0,
-                        borderTopLeftRadius: 'var(--wi-s)',
-                        borderTopRightRadius: 'var(--wi-s)',
-                    }),
-                } },
-                React.createElement("p", { style: { all: 'unset', color: 'var(--wi-c)', textWrap: 'balance', marginLeft: 'var(--wi-s)' } },
-                    "You are impersonating ",
-                    React.createElement("b", null, user.email),
-                    ' ',
-                    organization !== null && (React.createElement(React.Fragment, null,
-                        "within the ",
-                        React.createElement("b", null, organization.name),
-                        " organization"))),
-                React.createElement(button_js_1.Button, { type: "submit", style: { marginLeft: 'calc(var(--wi-s) * 2)', marginRight: 'var(--wi-s)' } }, "Stop"),
-                React.createElement(min_max_button_js_1.MinMaxButton, { minimizedValue: "1" }, side === 'top' ? '↗' : '↘')),
-            React.createElement("div", { style: {
-                    padding: 'var(--wi-s)',
-                    position: 'fixed',
-                    right: 'var(--wi-s)',
-                    pointerEvents: 'auto',
-                    backgroundColor: 'var(--wi-bgc)',
-                    border: 'var(--wi-bw) solid var(--wi-bc)',
-                    borderRadius: 'var(--wi-s)',
-                    transition: 'all 500ms cubic-bezier(0.16, 1, 0.3, 1)',
-                    transform: 'translateX(calc((1 - var(--wi-minimized)) * var(--wi-s) * -5))',
-                    opacity: 'var(--wi-minimized)',
-                    zIndex: 'var(--wi-minimized)',
-                    ...(side === 'top' && { top: 'var(--wi-s)' }),
-                    ...(side === 'bottom' && { bottom: 'var(--wi-s)' }),
-                } },
-                React.createElement(min_max_button_js_1.MinMaxButton, { minimizedValue: "0" }, side === 'top' ? '↙' : '↖')))));
-}
-exports.Impersonation = Impersonation;
-//# sourceMappingURL=impersonation.js.map

package/dist/cjs/impersonation.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"impersonation.js","sourceRoot":"","sources":["../../src/impersonation.tsx"],"names":[],"mappings":";;;;AAAA,qDAA+B;AAC/B,6CAAuC;AACvC,uCAAoC;AACpC,2CAAqC;AACrC,2CAAqC;AACrC,2DAAmD;AAM5C,KAAK,UAAU,aAAa,CAAC,EAAE,IAAI,GAAG,QAAQ,EAAE,GAAG,KAAK,EAAsB;IACnF,MAAM,EAAE,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,MAAM,IAAA,oBAAO,GAAE,CAAC;IAE/D,IAAI,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IAE/B,MAAM,YAAY,GAAG,cAAc,CAAC,CAAC,CAAC,MAAM,kBAAM,CAAC,aAAa,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAExG,OAAO,CACL,gCACM,KAAK,oCACsB,EAAE,EACjC,KAAK,EAAE;YACL,UAAU,EAAE,OAAO;YACnB,OAAO,EAAE,CAAC;YACV,eAAe,EAAE,MAAM;YACvB,QAAQ,EAAE,IAAI;YAEd,2DAA2D;YAC3D,gBAAgB,EAAE,GAAG;YACrB,QAAQ,EAAE,4DAA4D;YACtE,UAAU,EAAE,uDAAuD;YACnE,QAAQ,EAAE,4CAA4C;YACtD,SAAS,EAAE,mDAAmD;YAC9D,SAAS,EAAE,+CAA+C;YAE1D,GAAG,KAAK,CAAC,KAAK;SACf;QAED,6BACE,KAAK,EAAE;gBACL,iBAAiB,EAAE,yFAAyF;gBAC5G,UAAU,EAAE,UAAU;gBACtB,OAAO,EAAE,iCAAiC;gBAC1C,cAAc,EAAE,gCAAgC;gBAChD,WAAW,EAAE;;;MAGjB;gBACI,YAAY,EAAE,yCAAyC;aACxD,GACD;QAEF,6BACE,KAAK,EAAE;gBACL,OAAO,EAAE,MAAM;gBACf,cAAc,EAAE,QAAQ;gBAExB,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,CAAC;gBACP,KAAK,EAAE,CAAC;gBACR,GAAG,CAAC,IAAI,KAAK,KAAK,IAAI,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC;gBAC7C,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;gBAEnD,UAAU,EACR,wIAAwI;gBAC1I,QAAQ,EAAE,gCAAgC;gBAC1C,UAAU,EAAE,KAAK;aAClB;YAED,8BACE,MAAM,EAAE,KAAK,IAAI,EAAE;oBACjB,YAAY,CAAC;oBACb,MAAM,IAAA,iBAAO,GAAE,CAAC;gBAClB,CAAC,EACD,KAAK,EAAE;oBACL,OAAO,EAAE,MAAM;oBACf,UAAU,EAAE,UAAU;oBACtB,WAAW,EAAE,aAAa;oBAC1B,YAAY,EAAE,aAAa;oBAE3B,QAAQ,EAAE,UAAU;oBACpB,UAAU,EAAE,uBAAuB;oBACnC,WAAW,EAAE,uBAAuB;oBAEpC,aAAa,EAAE,MAAM;oBACrB,eAAe,EAAE,eAAe;oBAChC,WAAW,EAAE,OAAO;oBACpB,WAAW,EAAE,cAAc;oBAC3B,eAAe,EAAE,cAAc;oBAC/B,gBAAgB,EAAE,cAAc;oBAEhC,UAAU,EAAE,yCAAyC;oBACrD,SAAS,EAAE,iEAAiE;oBAC5E,OAAO,EAAE,+BAA+B;oBACxC,MAAM,EAAE,+BAA+B;oBAEvC,GAAG,CAAC,IAAI,KAAK,KAAK,IAAI;wBACpB,UAAU,EAAE,CAAC;wBACb,aAAa,EAAE,aAAa;wBAC5B,cAAc,EAAE,CAAC;wBACjB,iBAAiB,EAAE,cAAc;wBACjC,sBAAsB,EAAE,aAAa;wBACrC,uBAAuB,EAAE,aAAa;qBACvC,CAAC;oBAEF,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI;wBACvB,UAAU,EAAE,aAAa;wBACzB,aAAa,EAAE,CAAC;wBAChB,cAAc,EAAE,cAAc;wBAC9B,iBAAiB,EAAE,CAAC;wBACpB,mBAAmB,EAAE,aAAa;wBAClC,oBAAoB,EAAE,aAAa;qBACpC,CAAC;iBACH;gBAED,2BAAG,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE;;oBACxE,+BAAI,IAAI,CAAC,KAAK,CAAK;oBAAC,GAAG;oBAC5C,YAAY,KAAK,IAAI,IAAI,CACxB;;wBACa,+BAAI,YAAY,CAAC,IAAI,CAAK;wCACpC,CACJ,CACC;gBACJ,oBAAC,kBAAM,IAAC,IAAI,EAAC,QAAQ,EAAC,KAAK,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE,WAAW,EAAE,aAAa,EAAE,WAEvF;gBACT,oBAAC,gCAAY,IAAC,cAAc,EAAC,GAAG,IAAE,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAgB,CACvE;YAEP,6BACE,KAAK,EAAE;oBACL,OAAO,EAAE,aAAa;oBAEtB,QAAQ,EAAE,OAAO;oBACjB,KAAK,EAAE,aAAa;oBAEpB,aAAa,EAAE,MAAM;oBACrB,eAAe,EAAE,eAAe;oBAChC,MAAM,EAAE,iCAAiC;oBACzC,YAAY,EAAE,aAAa;oBAE3B,UAAU,EAAE,yCAAyC;oBACrD,SAAS,EAAE,gEAAgE;oBAC3E,OAAO,EAAE,qBAAqB;oBAC9B,MAAM,EAAE,qBAAqB;oBAE7B,GAAG,CAAC,IAAI,KAAK,KAAK,IAAI,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC;oBAC7C,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;iBACpD;gBAED,oBAAC,gCAAY,IAAC,cAAc,EAAC,GAAG,IAAE,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAgB,CACxE,CACF,CACF,CACP,CAAC;AACJ,CAAC;AAjJD,sCAiJC"}

package/dist/cjs/index.d.ts

@@ -1,6 +0,0 @@
-import { handleAuth } from './authkit-callback-route.js';
-import { authkitMiddleware } from './middleware.js';
-import { getUser } from './session.js';
-import { getSignInUrl, signOut } from './auth.js';
-import { Impersonation } from './impersonation.js';
-export { handleAuth, authkitMiddleware, getSignInUrl, getUser, signOut, Impersonation, };

package/dist/cjs/index.js

@@ -1,15 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Impersonation = exports.signOut = exports.getUser = exports.getSignInUrl = exports.authkitMiddleware = exports.handleAuth = void 0;
-const authkit_callback_route_js_1 = require("./authkit-callback-route.js");
-Object.defineProperty(exports, "handleAuth", { enumerable: true, get: function () { return authkit_callback_route_js_1.handleAuth; } });
-const middleware_js_1 = require("./middleware.js");
-Object.defineProperty(exports, "authkitMiddleware", { enumerable: true, get: function () { return middleware_js_1.authkitMiddleware; } });
-const session_js_1 = require("./session.js");
-Object.defineProperty(exports, "getUser", { enumerable: true, get: function () { return session_js_1.getUser; } });
-const auth_js_1 = require("./auth.js");
-Object.defineProperty(exports, "getSignInUrl", { enumerable: true, get: function () { return auth_js_1.getSignInUrl; } });
-Object.defineProperty(exports, "signOut", { enumerable: true, get: function () { return auth_js_1.signOut; } });
-const impersonation_js_1 = require("./impersonation.js");
-Object.defineProperty(exports, "Impersonation", { enumerable: true, get: function () { return impersonation_js_1.Impersonation; } });
-//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,2EAAyD;AAOvD,2FAPO,sCAAU,OAOP;AANZ,mDAAoD;AAQlD,kGARO,iCAAiB,OAQP;AAPnB,6CAAuC;AAUrC,wFAVO,oBAAO,OAUP;AATT,uCAAkD;AAQhD,6FARO,sBAAY,OAQP;AAEZ,wFAVqB,iBAAO,OAUrB;AATT,yDAAmD;AAWjD,8FAXO,gCAAa,OAWP"}

package/dist/cjs/interfaces.d.ts

@@ -1,33 +0,0 @@
-import { User } from '@workos-inc/node';
-export interface HandleAuthOptions {
-    returnPathname?: string;
-}
-export interface Impersonator {
-    email: string;
-    reason: string | null;
-}
-export interface Session {
-    accessToken: string;
-    refreshToken: string;
-    user: User;
-    impersonator?: Impersonator;
-}
-export interface UserInfo {
-    user: User;
-    sessionId: string;
-    organizationId?: string;
-    role?: string;
-    impersonator?: Impersonator;
-}
-export interface NoUserInfo {
-    user: null;
-    sessionId?: undefined;
-    organizationId?: undefined;
-    role?: undefined;
-    impersonator?: undefined;
-}
-export interface AccessToken {
-    sid: string;
-    org_id?: string;
-    role?: string;
-}

package/dist/cjs/interfaces.js

@@ -1,3 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=interfaces.js.map

package/dist/cjs/interfaces.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../../src/interfaces.ts"],"names":[],"mappings":""}

package/dist/cjs/middleware.d.ts

@@ -1,6 +0,0 @@
-import { NextMiddleware } from 'next/server';
-interface AuthkitMiddlewareOptions {
-    debug?: boolean;
-}
-export declare function authkitMiddleware({ debug }?: AuthkitMiddlewareOptions): NextMiddleware;
-export {};

package/dist/cjs/middleware.js

@@ -1,11 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.authkitMiddleware = void 0;
-const session_js_1 = require("./session.js");
-function authkitMiddleware({ debug = false } = {}) {
-    return function (request) {
-        return (0, session_js_1.updateSession)(request, debug);
-    };
-}
-exports.authkitMiddleware = authkitMiddleware;
-//# sourceMappingURL=middleware.js.map

package/dist/cjs/middleware.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/middleware.ts"],"names":[],"mappings":";;;AACA,6CAA6C;AAM7C,SAAgB,iBAAiB,CAAC,EAAE,KAAK,GAAG,KAAK,KAA+B,EAAE;IAChF,OAAO,UAAU,OAAO;QACtB,OAAO,IAAA,0BAAa,EAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACvC,CAAC,CAAC;AACJ,CAAC;AAJD,8CAIC"}

package/dist/cjs/min-max-button.d.ts

@@ -1,7 +0,0 @@
-import * as React from 'react';
-interface MinMaxButtonProps {
-    children?: React.ReactNode;
-    minimizedValue: '0' | '1';
-}
-export declare function MinMaxButton({ children, minimizedValue }: MinMaxButtonProps): React.JSX.Element;
-export {};

package/dist/cjs/min-max-button.js

@@ -1,15 +0,0 @@
-"use strict";
-'use client';
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.MinMaxButton = void 0;
-const tslib_1 = require("tslib");
-const React = tslib_1.__importStar(require("react"));
-const button_js_1 = require("./button.js");
-function MinMaxButton({ children, minimizedValue }) {
-    return (React.createElement(button_js_1.Button, { onClick: () => {
-            const root = document.querySelector('[data-workos-impersonation-root]');
-            root === null || root === void 0 ? void 0 : root.style.setProperty('--wi-minimized', minimizedValue);
-        }, style: { padding: 0, width: '1.714em' } }, children));
-}
-exports.MinMaxButton = MinMaxButton;
-//# sourceMappingURL=min-max-button.js.map

package/dist/cjs/min-max-button.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"min-max-button.js","sourceRoot":"","sources":["../../src/min-max-button.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;AAEb,qDAA+B;AAC/B,2CAAqC;AAOrC,SAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAqB;IAC1E,OAAO,CACL,oBAAC,kBAAM,IACL,OAAO,EAAE,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CAAC,kCAAkC,CAAuB,CAAC;YAC9F,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,KAAK,CAAC,WAAW,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC;QAC5D,CAAC,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,IAEtC,QAAQ,CACF,CACV,CAAC;AACJ,CAAC;AAZD,oCAYC"}

package/dist/cjs/session.d.ts

@@ -1,12 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { NoUserInfo, Session, UserInfo } from './interfaces.js';
-declare function encryptSession(session: Session): Promise<string>;
-declare function updateSession(request: NextRequest, debug: boolean): Promise<NextResponse<unknown>>;
-declare function getUser(options?: {
-    ensureSignedIn: false;
-}): Promise<UserInfo | NoUserInfo>;
-declare function getUser(options: {
-    ensureSignedIn: true;
-}): Promise<UserInfo>;
-declare function terminateSession(): Promise<void>;
-export { encryptSession, updateSession, getUser, terminateSession };

package/dist/cjs/session.js

@@ -1,134 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.terminateSession = exports.getUser = exports.updateSession = exports.encryptSession = void 0;
-const navigation_1 = require("next/navigation");
-const headers_1 = require("next/headers");
-const server_1 = require("next/server");
-const jose_1 = require("jose");
-const iron_session_1 = require("iron-session");
-const cookie_js_1 = require("./cookie.js");
-const workos_js_1 = require("./workos.js");
-const env_variables_js_1 = require("./env-variables.js");
-const get_authorization_url_js_1 = require("./get-authorization-url.js");
-const sessionHeaderName = 'x-workos-session';
-const middlewareHeaderName = 'x-workos-middleware';
-const JWKS = (0, jose_1.createRemoteJWKSet)(new URL(workos_js_1.workos.userManagement.getJwksUrl(env_variables_js_1.WORKOS_CLIENT_ID)));
-async function encryptSession(session) {
-    return (0, iron_session_1.sealData)(session, { password: env_variables_js_1.WORKOS_COOKIE_PASSWORD });
-}
-exports.encryptSession = encryptSession;
-async function updateSession(request, debug) {
-    const session = await getSessionFromCookie();
-    const newRequestHeaders = new Headers(request.headers);
-    // We store the current request url in a custom header, so we can always have access to it
-    // This is because on hard navigations we don't have access to `next-url` but need to get the current
-    // `pathname` to be able to return the users where they came from before sign-in
-    newRequestHeaders.set('x-url', request.url);
-    // Record that the request was routed through the middleware so we can check later for DX purposes
-    newRequestHeaders.set(middlewareHeaderName, 'true');
-    // If no session, just continue
-    if (!session) {
-        return server_1.NextResponse.next({
-            request: { headers: newRequestHeaders },
-        });
-    }
-    const hasValidSession = await verifyAccessToken(session.accessToken);
-    if (hasValidSession) {
-        if (debug)
-            console.log('Session is valid');
-        // set the x-workos-session header according to the current cookie value
-        newRequestHeaders.set(sessionHeaderName, (0, headers_1.cookies)().get(cookie_js_1.cookieName).value);
-        return server_1.NextResponse.next({
-            request: { headers: newRequestHeaders },
-        });
-    }
-    try {
-        if (debug)
-            console.log('Session invalid. Attempting refresh', session.refreshToken);
-        // If the session is invalid (i.e. the access token has expired) attempt to re-authenticate with the refresh token
-        const { accessToken, refreshToken } = await workos_js_1.workos.userManagement.authenticateWithRefreshToken({
-            clientId: env_variables_js_1.WORKOS_CLIENT_ID,
-            refreshToken: session.refreshToken,
-        });
-        if (debug)
-            console.log('Refresh successful:', refreshToken);
-        // Encrypt session with new access and refresh tokens
-        const encryptedSession = await encryptSession({
-            accessToken,
-            refreshToken,
-            user: session.user,
-            impersonator: session.impersonator,
-        });
-        newRequestHeaders.set(sessionHeaderName, encryptedSession);
-        const response = server_1.NextResponse.next({
-            request: { headers: newRequestHeaders },
-        });
-        // update the cookie
-        response.cookies.set(cookie_js_1.cookieName, encryptedSession, cookie_js_1.cookieOptions);
-        return response;
-    }
-    catch (e) {
-        console.warn('Failed to refresh', e);
-        const response = server_1.NextResponse.next();
-        response.cookies.delete(cookie_js_1.cookieName);
-        return response;
-    }
-}
-exports.updateSession = updateSession;
-async function getUser({ ensureSignedIn = false } = {}) {
-    const hasMiddleware = Boolean((0, headers_1.headers)().get(middlewareHeaderName));
-    if (!hasMiddleware) {
-        throw new Error('You are calling `getUser` on a path that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling `getUser` from by updating your middleware config in `middleware.(js|ts)`.');
-    }
-    const session = await getSessionFromHeader();
-    if (!session) {
-        if (ensureSignedIn) {
-            const url = (0, headers_1.headers)().get('x-url');
-            const returnPathname = url ? new URL(url).pathname : undefined;
-            (0, navigation_1.redirect)(await (0, get_authorization_url_js_1.getAuthorizationUrl)(returnPathname));
-        }
-        return { user: null };
-    }
-    const { sid: sessionId, org_id: organizationId, role } = (0, jose_1.decodeJwt)(session.accessToken);
-    return {
-        sessionId,
-        user: session.user,
-        organizationId,
-        role,
-        impersonator: session.impersonator,
-    };
-}
-exports.getUser = getUser;
-async function terminateSession() {
-    const { sessionId } = await getUser();
-    if (sessionId) {
-        (0, navigation_1.redirect)(workos_js_1.workos.userManagement.getLogoutUrl({ sessionId }));
-    }
-    (0, navigation_1.redirect)('/');
-}
-exports.terminateSession = terminateSession;
-async function verifyAccessToken(accessToken) {
-    try {
-        await (0, jose_1.jwtVerify)(accessToken, JWKS);
-        return true;
-    }
-    catch (e) {
-        console.warn('Failed to verify session:', e);
-        return false;
-    }
-}
-async function getSessionFromCookie() {
-    const cookie = (0, headers_1.cookies)().get(cookie_js_1.cookieName);
-    if (cookie) {
-        return (0, iron_session_1.unsealData)(cookie.value, {
-            password: env_variables_js_1.WORKOS_COOKIE_PASSWORD,
-        });
-    }
-}
-async function getSessionFromHeader() {
-    const authHeader = (0, headers_1.headers)().get(sessionHeaderName);
-    if (!authHeader)
-        return;
-    return (0, iron_session_1.unsealData)(authHeader, { password: env_variables_js_1.WORKOS_COOKIE_PASSWORD });
-}
-//# sourceMappingURL=session.js.map

package/dist/cjs/session.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":";;;AAAA,gDAA2C;AAC3C,0CAAgD;AAChD,wCAAwD;AACxD,+BAAgE;AAChE,+CAAoD;AACpD,2CAAwD;AACxD,2CAAqC;AACrC,yDAA8E;AAC9E,yEAAiE;AAGjE,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AAEnD,MAAM,IAAI,GAAG,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,kBAAM,CAAC,cAAc,CAAC,UAAU,CAAC,mCAAgB,CAAC,CAAC,CAAC,CAAC;AAE7F,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,IAAA,uBAAQ,EAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,yCAAsB,EAAE,CAAC,CAAC;AACjE,CAAC;AAuIQ,wCAAc;AArIvB,KAAK,UAAU,aAAa,CAAC,OAAoB,EAAE,KAAc;IAC/D,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,MAAM,iBAAiB,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,+BAA+B;IAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,qBAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,IAAI,eAAe,EAAE,CAAC;QACpB,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC3C,wEAAwE;QACxE,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAC3E,OAAO,qBAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC;QACH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAEpF,kHAAkH;QAClH,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,MAAM,kBAAM,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC7F,QAAQ,EAAE,mCAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC,CAAC;QAEH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,YAAY,CAAC,CAAC;QAE5D,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC,CAAC;QAEH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,qBAAY,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;QACH,oBAAoB;QACpB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAU,EAAE,gBAAgB,EAAE,yBAAa,CAAC,CAAC;QAClE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,qBAAY,CAAC,IAAI,EAAE,CAAC;QACrC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAU,CAAC,CAAC;QACpC,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAsEwB,sCAAa;AAhEtC,KAAK,UAAU,OAAO,CAAC,EAAE,cAAc,GAAG,KAAK,EAAE,GAAG,EAAE;IACpD,MAAM,aAAa,GAAG,OAAO,CAAC,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAEnE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,mNAAmN,CACpN,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,cAAc,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC/D,IAAA,qBAAQ,EAAC,MAAM,IAAA,8CAAmB,EAAC,cAAc,CAAC,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,GAAG,IAAA,gBAAS,EAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAErG,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,YAAY,EAAE,OAAO,CAAC,YAAY;KACnC,CAAC;AACJ,CAAC;AAoCuC,0BAAO;AAlC/C,KAAK,UAAU,gBAAgB;IAC7B,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,OAAO,EAAE,CAAC;IACtC,IAAI,SAAS,EAAE,CAAC;QACd,IAAA,qBAAQ,EAAC,kBAAM,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,IAAA,qBAAQ,EAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AA4BgD,4CAAgB;AA1BjE,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,IAAA,gBAAS,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,IAAI,CAAC,2BAA2B,EAAE,CAAC,CAAC,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,MAAM,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,CAAC,CAAC;IACzC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,IAAA,yBAAU,EAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,yCAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,UAAU,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACpD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,IAAA,yBAAU,EAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,yCAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC"}

package/dist/cjs/workos.d.ts

@@ -1,3 +0,0 @@
-import WorkOS from '@workos-inc/node';
-declare const workos: WorkOS;
-export { workos };

package/dist/cjs/workos.js

@@ -1,10 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.workos = void 0;
-const tslib_1 = require("tslib");
-const node_1 = tslib_1.__importDefault(require("@workos-inc/node"));
-const env_variables_js_1 = require("./env-variables.js");
-// Initialize the WorkOS client
-const workos = new node_1.default(env_variables_js_1.WORKOS_API_KEY);
-exports.workos = workos;
-//# sourceMappingURL=workos.js.map

package/dist/cjs/workos.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"workos.js","sourceRoot":"","sources":["../../src/workos.ts"],"names":[],"mappings":";;;;AAAA,oEAAsC;AACtC,yDAAoD;AAEpD,+BAA+B;AAC/B,MAAM,MAAM,GAAG,IAAI,cAAM,CAAC,iCAAc,CAAC,CAAC;AAEjC,wBAAM"}