@workos-inc/authkit-nextjs 0.7.0 → 0.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/authkit-callback-route.js +13 -2
- package/dist/cjs/authkit-callback-route.js.map +1 -1
- package/dist/cjs/interfaces.d.ts +2 -0
- package/dist/cjs/session.d.ts +1 -1
- package/dist/cjs/session.js +9 -4
- package/dist/cjs/session.js.map +1 -1
- package/dist/cjs/workos.d.ts +1 -1
- package/dist/cjs/workos.js +1 -1
- package/package.json +1 -1
- package/src/authkit-callback-route.ts +14 -2
- package/src/interfaces.ts +2 -0
- package/src/session.ts +12 -4
- package/src/workos.ts +1 -1
|
@@ -12,7 +12,7 @@ function handleAuth(options = {}) {
|
|
|
12
12
|
return async function GET(request) {
|
|
13
13
|
const code = request.nextUrl.searchParams.get('code');
|
|
14
14
|
const state = request.nextUrl.searchParams.get('state');
|
|
15
|
-
|
|
15
|
+
let returnPathname = state ? JSON.parse(atob(state)).returnPathname : null;
|
|
16
16
|
if (code) {
|
|
17
17
|
try {
|
|
18
18
|
// Use the code returned to us by AuthKit and authenticate the user with WorkOS
|
|
@@ -25,7 +25,18 @@ function handleAuth(options = {}) {
|
|
|
25
25
|
url.searchParams.delete('code');
|
|
26
26
|
url.searchParams.delete('state');
|
|
27
27
|
// Redirect to the requested path and store the session
|
|
28
|
-
|
|
28
|
+
returnPathname = returnPathname !== null && returnPathname !== void 0 ? returnPathname : returnPathnameOption;
|
|
29
|
+
// Extract the search params if they are present
|
|
30
|
+
if (returnPathname.includes('?')) {
|
|
31
|
+
const newUrl = new URL(returnPathname, 'https://example.com');
|
|
32
|
+
url.pathname = newUrl.pathname;
|
|
33
|
+
for (const [key, value] of newUrl.searchParams) {
|
|
34
|
+
url.searchParams.append(key, value);
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
else {
|
|
38
|
+
url.pathname = returnPathname;
|
|
39
|
+
}
|
|
29
40
|
const response = server_1.NextResponse.redirect(url);
|
|
30
41
|
if (!accessToken || !refreshToken)
|
|
31
42
|
throw new Error('response is missing tokens');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":";;;AAAA,wCAAwD;AACxD,0CAAuC;AACvC,2CAAqC;AACrC,yDAAsD;AACtD,6CAA8C;AAC9C,2CAAwD;AAGxD,SAAgB,UAAU,CAAC,UAA6B,EAAE;IACxD,MAAM,EAAE,cAAc,EAAE,oBAAoB,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC;IAE/D,OAAO,KAAK,UAAU,GAAG,CAAC,OAAoB;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACxD,
|
|
1
|
+
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":";;;AAAA,wCAAwD;AACxD,0CAAuC;AACvC,2CAAqC;AACrC,yDAAsD;AACtD,6CAA8C;AAC9C,2CAAwD;AAGxD,SAAgB,UAAU,CAAC,UAA6B,EAAE;IACxD,MAAM,EAAE,cAAc,EAAE,oBAAoB,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC;IAE/D,OAAO,KAAK,UAAU,GAAG,CAAC,OAAoB;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC;QAE3E,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC;gBACH,+EAA+E;gBAC/E,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,kBAAM,CAAC,cAAc,CAAC,oBAAoB,CAAC;oBACzG,QAAQ,EAAE,mCAAgB;oBAC1B,IAAI;iBACL,CAAC,CAAC;gBAEH,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAEpC,iBAAiB;gBACjB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAEjC,uDAAuD;gBACvD,cAAc,GAAG,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,oBAAoB,CAAC;gBAExD,gDAAgD;gBAChD,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,qBAAqB,CAAC,CAAC;oBAC9D,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;oBAE/B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;wBAC/C,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBACtC,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,QAAQ,GAAG,cAAc,CAAC;gBAChC,CAAC;gBAED,MAAM,QAAQ,GAAG,qBAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAE5C,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY;oBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBAEjF,qGAAqG;gBACrG,0EAA0E;gBAC1E,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAc,EAAC,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;gBACxF,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,EAAE,OAAO,EAAE,yBAAa,CAAC,CAAC;gBAElD,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,QAAQ,GAAG;oBACf,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC;gBAEF,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAExB,OAAO,aAAa,EAAE,CAAC;YACzB,CAAC;QACH,CAAC;QAED,OAAO,aAAa,EAAE,CAAC;IACzB,CAAC,CAAC;IAEF,SAAS,aAAa;QACpB,OAAO,qBAAY,CAAC,IAAI,CACtB;YACE,KAAK,EAAE;gBACL,OAAO,EAAE,sBAAsB;gBAC/B,WAAW,EAAE,8FAA8F;aAC5G;SACF,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;IACJ,CAAC;AACH,CAAC;AAxED,gCAwEC"}
|
package/dist/cjs/interfaces.d.ts
CHANGED
|
@@ -17,6 +17,7 @@ export interface UserInfo {
|
|
|
17
17
|
sessionId: string;
|
|
18
18
|
organizationId?: string;
|
|
19
19
|
role?: string;
|
|
20
|
+
permissions?: string[];
|
|
20
21
|
impersonator?: Impersonator;
|
|
21
22
|
accessToken: string;
|
|
22
23
|
}
|
|
@@ -32,6 +33,7 @@ export interface AccessToken {
|
|
|
32
33
|
sid: string;
|
|
33
34
|
org_id?: string;
|
|
34
35
|
role?: string;
|
|
36
|
+
permissions?: string[];
|
|
35
37
|
}
|
|
36
38
|
export interface GetAuthURLOptions {
|
|
37
39
|
screenHint?: 'sign-up' | 'sign-in';
|
package/dist/cjs/session.d.ts
CHANGED
|
@@ -9,4 +9,4 @@ declare function getUser(options: {
|
|
|
9
9
|
ensureSignedIn: true;
|
|
10
10
|
}): Promise<UserInfo>;
|
|
11
11
|
declare function terminateSession(): Promise<void>;
|
|
12
|
-
export { encryptSession,
|
|
12
|
+
export { encryptSession, getUser, terminateSession, updateSession };
|
package/dist/cjs/session.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.updateSession = exports.terminateSession = exports.getUser = exports.encryptSession = void 0;
|
|
4
4
|
const navigation_1 = require("next/navigation");
|
|
5
5
|
const headers_1 = require("next/headers");
|
|
6
6
|
const server_1 = require("next/server");
|
|
@@ -49,7 +49,7 @@ async function updateSession(request, debug, middlewareAuth) {
|
|
|
49
49
|
if (middlewareAuth.enabled && matchedPaths.length === 0 && !session) {
|
|
50
50
|
if (debug)
|
|
51
51
|
console.log('Unauthenticated user on protected route, redirecting to AuthKit');
|
|
52
|
-
return server_1.NextResponse.redirect(await (0, get_authorization_url_js_1.getAuthorizationUrl)({ returnPathname:
|
|
52
|
+
return server_1.NextResponse.redirect(await (0, get_authorization_url_js_1.getAuthorizationUrl)({ returnPathname: getReturnPathname(request.url) }));
|
|
53
53
|
}
|
|
54
54
|
// If no session, just continue
|
|
55
55
|
if (!session) {
|
|
@@ -123,17 +123,18 @@ async function getUser({ ensureSignedIn = false } = {}) {
|
|
|
123
123
|
if (!session) {
|
|
124
124
|
if (ensureSignedIn) {
|
|
125
125
|
const url = (0, headers_1.headers)().get('x-url');
|
|
126
|
-
const returnPathname = url ?
|
|
126
|
+
const returnPathname = url ? getReturnPathname(url) : undefined;
|
|
127
127
|
(0, navigation_1.redirect)(await (0, get_authorization_url_js_1.getAuthorizationUrl)({ returnPathname }));
|
|
128
128
|
}
|
|
129
129
|
return { user: null };
|
|
130
130
|
}
|
|
131
|
-
const { sid: sessionId, org_id: organizationId, role } = (0, jose_1.decodeJwt)(session.accessToken);
|
|
131
|
+
const { sid: sessionId, org_id: organizationId, role, permissions } = (0, jose_1.decodeJwt)(session.accessToken);
|
|
132
132
|
return {
|
|
133
133
|
sessionId,
|
|
134
134
|
user: session.user,
|
|
135
135
|
organizationId,
|
|
136
136
|
role,
|
|
137
|
+
permissions,
|
|
137
138
|
impersonator: session.impersonator,
|
|
138
139
|
accessToken: session.accessToken,
|
|
139
140
|
};
|
|
@@ -174,4 +175,8 @@ async function getSessionFromHeader(caller) {
|
|
|
174
175
|
return;
|
|
175
176
|
return (0, iron_session_1.unsealData)(authHeader, { password: env_variables_js_1.WORKOS_COOKIE_PASSWORD });
|
|
176
177
|
}
|
|
178
|
+
function getReturnPathname(url) {
|
|
179
|
+
const newUrl = new URL(url);
|
|
180
|
+
return `${newUrl.pathname}${newUrl.searchParams.size > 0 ? '?' + newUrl.searchParams.toString() : ''}`;
|
|
181
|
+
}
|
|
177
182
|
//# sourceMappingURL=session.js.map
|
package/dist/cjs/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":";;;AAAA,gDAA2C;AAC3C,0CAAgD;AAChD,wCAAwD;AACxD,+BAAgE;AAChE,+CAAoD;AACpD,2CAAwD;AACxD,2CAAqC;AACrC,yDAAmG;AACnG,yEAAiE;AAGjE,mDAAuD;AAEvD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AAEnD,MAAM,IAAI,GAAG,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,kBAAM,CAAC,cAAc,CAAC,UAAU,CAAC,mCAAgB,CAAC,CAAC,CAAC,CAAC;AAE7F,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,IAAA,uBAAQ,EAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,yCAAsB,EAAE,CAAC,CAAC;AACjE,CAAC;
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":";;;AAAA,gDAA2C;AAC3C,0CAAgD;AAChD,wCAAwD;AACxD,+BAAgE;AAChE,+CAAoD;AACpD,2CAAwD;AACxD,2CAAqC;AACrC,yDAAmG;AACnG,yEAAiE;AAGjE,mDAAuD;AAEvD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AAEnD,MAAM,IAAI,GAAG,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,kBAAM,CAAC,cAAc,CAAC,UAAU,CAAC,mCAAgB,CAAC,CAAC,CAAC,CAAC;AAE7F,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,IAAA,uBAAQ,EAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,yCAAsB,EAAE,CAAC,CAAC;AACjE,CAAC;AAmMQ,wCAAc;AAjMvB,KAAK,UAAU,aAAa,CAAC,OAAoB,EAAE,KAAc,EAAE,cAAqC;IACtG,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,MAAM,iBAAiB,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,sCAAmB,CAAC,CAAC;IAEzC,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACpE,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;QAE1F,OAAO,qBAAY,CAAC,QAAQ,CAAC,MAAM,IAAA,8CAAmB,EAAC,EAAE,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9G,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,qBAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,IAAI,eAAe,EAAE,CAAC;QACpB,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC3C,wEAAwE;QACxE,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAC3E,OAAO,qBAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC;QACH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAEpF,kHAAkH;QAClH,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,kBAAM,CAAC,cAAc,CAAC,4BAA4B,CAAC;YACjH,QAAQ,EAAE,mCAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC,CAAC;QAEH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,YAAY,CAAC,CAAC;QAE5D,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,qBAAY,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;QACH,oBAAoB;QACpB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAU,EAAE,gBAAgB,EAAE,yBAAa,CAAC,CAAC;QAClE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qDAAqD,EAAE,CAAC,CAAC,CAAC;QACjF,MAAM,QAAQ,GAAG,qBAAY,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;QACH,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAU,CAAC,CAAC;QACpC,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAgGmD,sCAAa;AA9FjE,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,KAAa,CAAC;IAElB,IAAI,CAAC;QACH,iDAAiD;QACjD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,sCAAmB,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,IAAA,sBAAK,EAAC,IAAI,CAAC,CAAC;QAC3B,KAAK,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAEtC,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAMD,KAAK,UAAU,OAAO,CAAC,EAAE,cAAc,GAAG,KAAK,EAAE,GAAG,EAAE;IACpD,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACtD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,cAAc,GAAG,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,IAAA,qBAAQ,EAAC,MAAM,IAAA,8CAAmB,EAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,gBAAS,EAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAElH,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAiDwB,0BAAO;AA/ChC,KAAK,UAAU,gBAAgB;IAC7B,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,OAAO,EAAE,CAAC;IACtC,IAAI,SAAS,EAAE,CAAC;QACd,IAAA,qBAAQ,EAAC,kBAAM,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,IAAA,qBAAQ,EAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAyCiC,4CAAgB;AAvClD,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,IAAA,gBAAS,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,MAAM,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,CAAC,CAAC;IACzC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,IAAA,yBAAU,EAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,yCAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,MAAc;IAChD,MAAM,aAAa,GAAG,OAAO,CAAC,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAEnE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,qBAAqB,MAAM,qHAAqH,MAAM,uEAAuE,CAC9N,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACpD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,IAAA,yBAAU,EAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,yCAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC"}
|
package/dist/cjs/workos.d.ts
CHANGED
package/dist/cjs/workos.js
CHANGED
|
@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.workos = exports.VERSION = void 0;
|
|
4
4
|
const node_1 = require("@workos-inc/node");
|
|
5
5
|
const env_variables_js_1 = require("./env-variables.js");
|
|
6
|
-
exports.VERSION = '0.
|
|
6
|
+
exports.VERSION = '0.8.1';
|
|
7
7
|
const options = {
|
|
8
8
|
apiHostname: env_variables_js_1.WORKOS_API_HOSTNAME,
|
|
9
9
|
https: env_variables_js_1.WORKOS_API_HTTPS ? env_variables_js_1.WORKOS_API_HTTPS === 'true' : true,
|
package/package.json
CHANGED
|
@@ -12,7 +12,7 @@ export function handleAuth(options: HandleAuthOptions = {}) {
|
|
|
12
12
|
return async function GET(request: NextRequest) {
|
|
13
13
|
const code = request.nextUrl.searchParams.get('code');
|
|
14
14
|
const state = request.nextUrl.searchParams.get('state');
|
|
15
|
-
|
|
15
|
+
let returnPathname = state ? JSON.parse(atob(state)).returnPathname : null;
|
|
16
16
|
|
|
17
17
|
if (code) {
|
|
18
18
|
try {
|
|
@@ -29,7 +29,19 @@ export function handleAuth(options: HandleAuthOptions = {}) {
|
|
|
29
29
|
url.searchParams.delete('state');
|
|
30
30
|
|
|
31
31
|
// Redirect to the requested path and store the session
|
|
32
|
-
|
|
32
|
+
returnPathname = returnPathname ?? returnPathnameOption;
|
|
33
|
+
|
|
34
|
+
// Extract the search params if they are present
|
|
35
|
+
if (returnPathname.includes('?')) {
|
|
36
|
+
const newUrl = new URL(returnPathname, 'https://example.com');
|
|
37
|
+
url.pathname = newUrl.pathname;
|
|
38
|
+
|
|
39
|
+
for (const [key, value] of newUrl.searchParams) {
|
|
40
|
+
url.searchParams.append(key, value);
|
|
41
|
+
}
|
|
42
|
+
} else {
|
|
43
|
+
url.pathname = returnPathname;
|
|
44
|
+
}
|
|
33
45
|
|
|
34
46
|
const response = NextResponse.redirect(url);
|
|
35
47
|
|
package/src/interfaces.ts
CHANGED
|
@@ -20,6 +20,7 @@ export interface UserInfo {
|
|
|
20
20
|
sessionId: string;
|
|
21
21
|
organizationId?: string;
|
|
22
22
|
role?: string;
|
|
23
|
+
permissions?: string[];
|
|
23
24
|
impersonator?: Impersonator;
|
|
24
25
|
accessToken: string;
|
|
25
26
|
}
|
|
@@ -36,6 +37,7 @@ export interface AccessToken {
|
|
|
36
37
|
sid: string;
|
|
37
38
|
org_id?: string;
|
|
38
39
|
role?: string;
|
|
40
|
+
permissions?: string[];
|
|
39
41
|
}
|
|
40
42
|
|
|
41
43
|
export interface GetAuthURLOptions {
|
package/src/session.ts
CHANGED
|
@@ -60,7 +60,8 @@ async function updateSession(request: NextRequest, debug: boolean, middlewareAut
|
|
|
60
60
|
// If the user is logged out and this path isn't on the allowlist for logged out paths, redirect to AuthKit.
|
|
61
61
|
if (middlewareAuth.enabled && matchedPaths.length === 0 && !session) {
|
|
62
62
|
if (debug) console.log('Unauthenticated user on protected route, redirecting to AuthKit');
|
|
63
|
-
|
|
63
|
+
|
|
64
|
+
return NextResponse.redirect(await getAuthorizationUrl({ returnPathname: getReturnPathname(request.url) }));
|
|
64
65
|
}
|
|
65
66
|
|
|
66
67
|
// If no session, just continue
|
|
@@ -146,19 +147,20 @@ async function getUser({ ensureSignedIn = false } = {}) {
|
|
|
146
147
|
if (!session) {
|
|
147
148
|
if (ensureSignedIn) {
|
|
148
149
|
const url = headers().get('x-url');
|
|
149
|
-
const returnPathname = url ?
|
|
150
|
+
const returnPathname = url ? getReturnPathname(url) : undefined;
|
|
150
151
|
redirect(await getAuthorizationUrl({ returnPathname }));
|
|
151
152
|
}
|
|
152
153
|
return { user: null };
|
|
153
154
|
}
|
|
154
155
|
|
|
155
|
-
const { sid: sessionId, org_id: organizationId, role } = decodeJwt<AccessToken>(session.accessToken);
|
|
156
|
+
const { sid: sessionId, org_id: organizationId, role, permissions } = decodeJwt<AccessToken>(session.accessToken);
|
|
156
157
|
|
|
157
158
|
return {
|
|
158
159
|
sessionId,
|
|
159
160
|
user: session.user,
|
|
160
161
|
organizationId,
|
|
161
162
|
role,
|
|
163
|
+
permissions,
|
|
162
164
|
impersonator: session.impersonator,
|
|
163
165
|
accessToken: session.accessToken,
|
|
164
166
|
};
|
|
@@ -205,4 +207,10 @@ async function getSessionFromHeader(caller: string): Promise<Session | undefined
|
|
|
205
207
|
return unsealData<Session>(authHeader, { password: WORKOS_COOKIE_PASSWORD });
|
|
206
208
|
}
|
|
207
209
|
|
|
208
|
-
|
|
210
|
+
function getReturnPathname(url: string): string {
|
|
211
|
+
const newUrl = new URL(url);
|
|
212
|
+
|
|
213
|
+
return `${newUrl.pathname}${newUrl.searchParams.size > 0 ? '?' + newUrl.searchParams.toString() : ''}`;
|
|
214
|
+
}
|
|
215
|
+
|
|
216
|
+
export { encryptSession, getUser, terminateSession, updateSession };
|
package/src/workos.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { WorkOS } from '@workos-inc/node';
|
|
2
2
|
import { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT } from './env-variables.js';
|
|
3
3
|
|
|
4
|
-
export const VERSION = '0.
|
|
4
|
+
export const VERSION = '0.8.1';
|
|
5
5
|
|
|
6
6
|
const options = {
|
|
7
7
|
apiHostname: WORKOS_API_HOSTNAME,
|