@workos-inc/authkit-nextjs 2.11.0 → 2.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +95 -42
- package/dist/esm/authkit-callback-route.js +15 -6
- package/dist/esm/authkit-callback-route.js.map +1 -1
- package/dist/esm/components/authkit-provider.js +15 -12
- package/dist/esm/components/authkit-provider.js.map +1 -1
- package/dist/esm/session.js +56 -2
- package/dist/esm/session.js.map +1 -1
- package/dist/esm/types/components/authkit-provider.d.ts +6 -2
- package/dist/esm/types/utils.d.ts +5 -0
- package/dist/esm/types/workos.d.ts +1 -1
- package/dist/esm/utils.js +10 -0
- package/dist/esm/utils.js.map +1 -1
- package/dist/esm/workos.js +1 -1
- package/package.json +1 -1
- package/src/authkit-callback-route.ts +17 -6
- package/src/components/authkit-provider.spec.tsx +115 -0
- package/src/components/authkit-provider.tsx +19 -13
- package/src/session.spec.ts +2 -4
- package/src/session.ts +73 -2
- package/src/utils.ts +11 -0
- package/src/workos.ts +1 -1
package/README.md
CHANGED
|
@@ -100,8 +100,9 @@ export const GET = handleAuth({
|
|
|
100
100
|
await saveAuthMethod(user.id, authenticationMethod);
|
|
101
101
|
}
|
|
102
102
|
// Access custom state data passed through the auth flow
|
|
103
|
-
|
|
104
|
-
|
|
103
|
+
const customData = state ? JSON.parse(state) : null;
|
|
104
|
+
if (customData?.teamId) {
|
|
105
|
+
await addUserToTeam(user.id, customData.teamId);
|
|
105
106
|
}
|
|
106
107
|
},
|
|
107
108
|
});
|
|
@@ -128,16 +129,16 @@ export const GET = handleAuth({
|
|
|
128
129
|
|
|
129
130
|
The `onSuccess` callback receives the following data:
|
|
130
131
|
|
|
131
|
-
| Property | Type
|
|
132
|
-
| ---------------------- |
|
|
133
|
-
| `user` | `User`
|
|
134
|
-
| `accessToken` | `string`
|
|
135
|
-
| `refreshToken` | `string`
|
|
136
|
-
| `impersonator` | `Impersonator \| undefined`
|
|
137
|
-
| `oauthTokens` | `OauthTokens \| undefined`
|
|
138
|
-
| `authenticationMethod` | `string \| undefined`
|
|
139
|
-
| `organizationId` | `string \| undefined`
|
|
140
|
-
| `state` | `
|
|
132
|
+
| Property | Type | Description |
|
|
133
|
+
| ---------------------- | --------------------------- | -------------------------------------------------------------------------------------------------- |
|
|
134
|
+
| `user` | `User` | The authenticated user object |
|
|
135
|
+
| `accessToken` | `string` | JWT access token |
|
|
136
|
+
| `refreshToken` | `string` | Refresh token for session renewal |
|
|
137
|
+
| `impersonator` | `Impersonator \| undefined` | Present if user is being impersonated |
|
|
138
|
+
| `oauthTokens` | `OauthTokens \| undefined` | OAuth tokens from upstream provider |
|
|
139
|
+
| `authenticationMethod` | `string \| undefined` | How the user authenticated (e.g., 'password', 'google-oauth'). Only available during initial login |
|
|
140
|
+
| `organizationId` | `string \| undefined` | Organization context of authentication |
|
|
141
|
+
| `state` | `string \| undefined` | Custom state string passed through the authentication flow (parse with JSON.parse if needed) |
|
|
141
142
|
|
|
142
143
|
**Note**: `authenticationMethod` is only provided during the initial authentication callback. It will not be available in subsequent requests or session refreshes.
|
|
143
144
|
|
|
@@ -208,6 +209,31 @@ export default function RootLayout({ children }: { children: React.ReactNode })
|
|
|
208
209
|
}
|
|
209
210
|
```
|
|
210
211
|
|
|
212
|
+
#### Optimizing with Server-Side Auth Data
|
|
213
|
+
|
|
214
|
+
To avoid a server action call on mount, you can pass the initial auth data from the server to the `AuthKitProvider`.
|
|
215
|
+
|
|
216
|
+
```jsx
|
|
217
|
+
import { AuthKitProvider } from '@workos-inc/authkit-nextjs/components';
|
|
218
|
+
import { withAuth } from '@workos-inc/authkit-nextjs';
|
|
219
|
+
|
|
220
|
+
export default async function RootLayout({ children }: { children: React.ReactNode }) {
|
|
221
|
+
// Fetch auth data on the server
|
|
222
|
+
const auth = await withAuth();
|
|
223
|
+
|
|
224
|
+
// Remove the accessToken from the auth object as it is not needed on the client side
|
|
225
|
+
const { accessToken, ...initialAuth } = auth;
|
|
226
|
+
|
|
227
|
+
return (
|
|
228
|
+
<html lang="en">
|
|
229
|
+
<body>
|
|
230
|
+
<AuthKitProvider initialAuth={initialAuth}>{children}</AuthKitProvider>
|
|
231
|
+
</body>
|
|
232
|
+
</html>
|
|
233
|
+
);
|
|
234
|
+
}
|
|
235
|
+
```
|
|
236
|
+
|
|
211
237
|
### Get the current user in a server component
|
|
212
238
|
|
|
213
239
|
For pages where you want to display a signed-in and signed-out view, use `withAuth` to retrieve the user session from WorkOS.
|
|
@@ -229,10 +255,10 @@ export default async function HomePage() {
|
|
|
229
255
|
|
|
230
256
|
// You can also pass custom state data through the auth flow
|
|
231
257
|
const signInUrlWithState = await getSignInUrl({
|
|
232
|
-
state: {
|
|
258
|
+
state: JSON.stringify({
|
|
233
259
|
teamId: 'team_123',
|
|
234
260
|
referrer: 'homepage',
|
|
235
|
-
},
|
|
261
|
+
}),
|
|
236
262
|
});
|
|
237
263
|
|
|
238
264
|
return (
|
|
@@ -408,41 +434,46 @@ JWT tokens are sensitive credentials and should be handled carefully:
|
|
|
408
434
|
|
|
409
435
|
### Passing Custom State Through Authentication
|
|
410
436
|
|
|
411
|
-
You can pass custom state data through the authentication flow using the `state` parameter.
|
|
437
|
+
You can pass custom state data through the authentication flow using the `state` parameter. The state parameter is a string value that gets passed through OAuth and returned in the callback. To pass complex data, serialize it as JSON:
|
|
412
438
|
|
|
413
439
|
```ts
|
|
414
|
-
// When generating sign-in/sign-up URLs
|
|
440
|
+
// When generating sign-in/sign-up URLs, serialize your data as JSON
|
|
415
441
|
const signInUrl = await getSignInUrl({
|
|
416
|
-
state: {
|
|
442
|
+
state: JSON.stringify({
|
|
417
443
|
teamId: 'team_123',
|
|
418
444
|
feature: 'billing',
|
|
419
445
|
referrer: 'pricing-page',
|
|
420
446
|
timestamp: Date.now(),
|
|
421
|
-
},
|
|
447
|
+
}),
|
|
422
448
|
});
|
|
423
449
|
|
|
424
450
|
// The state data is available in the callback handler
|
|
425
451
|
export const GET = handleAuth({
|
|
426
452
|
onSuccess: async ({ user, state }) => {
|
|
453
|
+
// Parse the state string back to an object
|
|
454
|
+
const customData = state ? JSON.parse(state) : null;
|
|
455
|
+
|
|
427
456
|
// Access your custom state data
|
|
428
|
-
if (
|
|
429
|
-
await addUserToTeam(user.id,
|
|
457
|
+
if (customData?.teamId) {
|
|
458
|
+
await addUserToTeam(user.id, customData.teamId);
|
|
430
459
|
}
|
|
431
460
|
|
|
432
|
-
if (
|
|
433
|
-
await trackFeatureActivation(user.id,
|
|
461
|
+
if (customData?.feature) {
|
|
462
|
+
await trackFeatureActivation(user.id, customData.feature);
|
|
434
463
|
}
|
|
435
464
|
|
|
436
465
|
// Track where the user came from
|
|
437
466
|
await analytics.track('sign_in_completed', {
|
|
438
467
|
userId: user.id,
|
|
439
|
-
referrer:
|
|
440
|
-
timestamp:
|
|
468
|
+
referrer: customData?.referrer,
|
|
469
|
+
timestamp: customData?.timestamp,
|
|
441
470
|
});
|
|
442
471
|
},
|
|
443
472
|
});
|
|
444
473
|
```
|
|
445
474
|
|
|
475
|
+
> **Note**: The `state` parameter is an opaque string as defined by OAuth 2.0 (RFC 6749). If you need to pass structured data, you must serialize it yourself using `JSON.stringify()` and parse it with `JSON.parse()` in the callback.
|
|
476
|
+
|
|
446
477
|
This is useful for:
|
|
447
478
|
|
|
448
479
|
- Tracking user journey and referral sources
|
|
@@ -597,25 +628,21 @@ export default async function middleware(request: NextRequest) {
|
|
|
597
628
|
// Control of what to do when there's no session on a protected route is left to the developer
|
|
598
629
|
if (pathname.startsWith('/account') && !session.user) {
|
|
599
630
|
console.log('No session on protected path');
|
|
600
|
-
|
|
601
|
-
// Preserve AuthKit headers on redirects (e.g., cookies)
|
|
602
|
-
const response = NextResponse.redirect(authorizationUrl);
|
|
603
|
-
for (const [key, value] of authkitHeaders) {
|
|
604
|
-
if (key.toLowerCase() === 'set-cookie') {
|
|
605
|
-
response.headers.append(key, value);
|
|
606
|
-
} else {
|
|
607
|
-
response.headers.set(key, value);
|
|
608
|
-
}
|
|
609
|
-
}
|
|
610
|
-
return response;
|
|
631
|
+
return NextResponse.redirect(authorizationUrl);
|
|
611
632
|
}
|
|
612
633
|
|
|
613
|
-
// Forward the incoming request headers (mitigation) and
|
|
634
|
+
// Forward the incoming request headers (mitigation) and pass AuthKit headers as request headers
|
|
614
635
|
const response = NextResponse.next({
|
|
615
|
-
request: { headers:
|
|
636
|
+
request: { headers: authkitHeaders },
|
|
616
637
|
});
|
|
617
638
|
|
|
639
|
+
// Copy Set-Cookie and cache control headers to the response, but exclude the internal
|
|
640
|
+
// x-workos-session header which contains encrypted session data and should never appear
|
|
641
|
+
// in HTTP responses (it's only used to pass session data between middleware and page handlers)
|
|
618
642
|
for (const [key, value] of authkitHeaders) {
|
|
643
|
+
if (key.toLowerCase() === 'x-workos-session') {
|
|
644
|
+
continue; // Internal header - must not leak to response
|
|
645
|
+
}
|
|
619
646
|
if (key.toLowerCase() === 'set-cookie') {
|
|
620
647
|
response.headers.append(key, value);
|
|
621
648
|
} else {
|
|
@@ -701,17 +728,17 @@ export default authkitMiddleware({
|
|
|
701
728
|
Use the `validateApiKey` function in your application's public API endpoints to parse a [Bearer Authentication](https://swagger.io/docs/specification/v3_0/authentication/bearer-authentication/) header and validate the [API key](https://workos.com/docs/authkit/api-keys) with WorkOS.
|
|
702
729
|
|
|
703
730
|
```ts
|
|
704
|
-
import { NextResponse } from 'next/server'
|
|
705
|
-
import { validateApiKey } from '@workos-inc/authkit-nextjs'
|
|
731
|
+
import { NextResponse } from 'next/server';
|
|
732
|
+
import { validateApiKey } from '@workos-inc/authkit-nextjs';
|
|
706
733
|
|
|
707
734
|
export async function GET() {
|
|
708
|
-
const { apiKey } = await validateApiKey()
|
|
735
|
+
const { apiKey } = await validateApiKey();
|
|
709
736
|
|
|
710
737
|
if (!apiKey) {
|
|
711
|
-
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
|
738
|
+
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
|
712
739
|
}
|
|
713
740
|
|
|
714
|
-
return NextResponse.json({ success: true })
|
|
741
|
+
return NextResponse.json({ success: true });
|
|
715
742
|
}
|
|
716
743
|
```
|
|
717
744
|
|
|
@@ -779,6 +806,32 @@ await saveSession(session, req);
|
|
|
779
806
|
await saveSession(session, 'https://example.com/callback');
|
|
780
807
|
```
|
|
781
808
|
|
|
809
|
+
### CDN Deployments and Caching
|
|
810
|
+
|
|
811
|
+
AuthKit automatically implements cache security measures to protect against session leakage in CDN environments. This is particularly important when deploying to AWS with SST/OpenNext, Cloudflare, or other CDN configurations.
|
|
812
|
+
|
|
813
|
+
#### How It Works
|
|
814
|
+
|
|
815
|
+
The library automatically sets appropriate cache headers on all authenticated requests:
|
|
816
|
+
|
|
817
|
+
- `Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0` - Aggressive cache prevention with multiple directives
|
|
818
|
+
- `Pragma: no-cache` - HTTP/1.0 compatibility
|
|
819
|
+
- `Expires: 0` - HTTP/1.0 cache expiration
|
|
820
|
+
- `Vary: Cookie` - Ensures CDNs differentiate between different users (defense-in-depth)
|
|
821
|
+
- `x-middleware-cache: no-cache` - Prevents Next.js middleware result caching
|
|
822
|
+
|
|
823
|
+
These headers are applied automatically when:
|
|
824
|
+
|
|
825
|
+
- A session cookie is present in the request
|
|
826
|
+
- An Authorization header is detected
|
|
827
|
+
- An active authenticated session exists
|
|
828
|
+
|
|
829
|
+
#### Performance Considerations
|
|
830
|
+
|
|
831
|
+
**Authenticated pages:** Will not be cached at the CDN level and will always hit your origin server. This is the correct and secure behavior for session-based authentication.
|
|
832
|
+
|
|
833
|
+
**Public pages:** Unaffected by these security measures. Public routes without authentication context can still be cached normally.
|
|
834
|
+
|
|
782
835
|
### Debugging
|
|
783
836
|
|
|
784
837
|
To enable debug logs, initialize the middleware with the debug flag enabled.
|
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
import { WORKOS_CLIENT_ID } from './env-variables.js';
|
|
2
2
|
import { saveSession } from './session.js';
|
|
3
|
-
import { errorResponseWithFallback, redirectWithFallback } from './utils.js';
|
|
3
|
+
import { errorResponseWithFallback, redirectWithFallback, setCachePreventionHeaders } from './utils.js';
|
|
4
4
|
import { getWorkOS } from './workos.js';
|
|
5
|
+
function preventCaching(headers) {
|
|
6
|
+
headers.set('Vary', 'Cookie');
|
|
7
|
+
setCachePreventionHeaders(headers);
|
|
8
|
+
}
|
|
5
9
|
function handleState(state) {
|
|
6
10
|
let returnPathname = undefined;
|
|
7
11
|
let userState;
|
|
@@ -81,6 +85,7 @@ export function handleAuth(options = {}) {
|
|
|
81
85
|
// Fall back to standard Response if NextResponse is not available.
|
|
82
86
|
// This is to support Next.js 13.
|
|
83
87
|
const response = redirectWithFallback(url.toString());
|
|
88
|
+
preventCaching(response.headers);
|
|
84
89
|
if (!accessToken || !refreshToken)
|
|
85
90
|
throw new Error('response is missing tokens');
|
|
86
91
|
await saveSession({ accessToken, refreshToken, user, impersonator }, request);
|
|
@@ -103,21 +108,25 @@ export function handleAuth(options = {}) {
|
|
|
103
108
|
error: error instanceof Error ? error.message : String(error),
|
|
104
109
|
};
|
|
105
110
|
console.error(errorRes);
|
|
106
|
-
return errorResponse(request, error);
|
|
111
|
+
return await errorResponse(request, error);
|
|
107
112
|
}
|
|
108
113
|
}
|
|
109
|
-
return errorResponse(request);
|
|
114
|
+
return await errorResponse(request);
|
|
110
115
|
};
|
|
111
|
-
function errorResponse(request, error) {
|
|
116
|
+
async function errorResponse(request, error) {
|
|
112
117
|
if (onError) {
|
|
113
|
-
|
|
118
|
+
const response = await onError({ error, request });
|
|
119
|
+
preventCaching(response.headers);
|
|
120
|
+
return response;
|
|
114
121
|
}
|
|
115
|
-
|
|
122
|
+
const response = errorResponseWithFallback({
|
|
116
123
|
error: {
|
|
117
124
|
message: 'Something went wrong',
|
|
118
125
|
description: "Couldn't sign in. If you are not sure what happened, please contact your organization admin.",
|
|
119
126
|
},
|
|
120
127
|
});
|
|
128
|
+
preventCaching(response.headers);
|
|
129
|
+
return response;
|
|
121
130
|
}
|
|
122
131
|
}
|
|
123
132
|
//# sourceMappingURL=authkit-callback-route.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AACxG,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,SAAS,cAAc,CAAC,OAAgB;IACtC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9B,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,cAAc,GAAuB,SAAS,CAAC;IACnD,IAAI,SAA6B,CAAC;IAClC,IAAI,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7C,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3B,IAAI,CAAC;YACH,mCAAmC;YACnC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC/D,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC;QAC5D,CAAC;QAAC,WAAM,CAAC;YACP,qCAAqC;QACvC,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACxC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC3B,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,SAAS,GAAG,KAAK,CAAC;YACpB,CAAC;QACH,CAAC;QAAC,WAAM,CAAC;YACP,SAAS,GAAG,KAAK,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO;QACL,cAAc;QACd,KAAK,EAAE,SAAS;KACjB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,UAA6B,EAAE;IACxD,MAAM,EAAE,cAAc,EAAE,oBAAoB,GAAG,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAE5F,iDAAiD;IACjD,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,oBAAoB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,OAAO,KAAK,UAAU,GAAG,CAAC,OAAoB;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAExD,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,mBAAmB,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QAEvF,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC;gBACH,+EAA+E;gBAC/E,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,cAAc,EAAE,GACxG,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,oBAAoB,CAAC;oBACpD,QAAQ,EAAE,gBAAgB;oBAC1B,IAAI;iBACL,CAAC,CAAC;gBAEL,4DAA4D;gBAC5D,0EAA0E;gBAC1E,4DAA4D;gBAC5D,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAEjE,iBAAiB;gBACjB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAEjC,uDAAuD;gBACvD,MAAM,cAAc,GAAG,mBAAmB,aAAnB,mBAAmB,cAAnB,mBAAmB,GAAI,oBAAoB,CAAC;gBAEnE,gDAAgD;gBAChD,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,qBAAqB,CAAC,CAAC;oBAC9D,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;oBAE/B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;wBAC/C,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBACtC,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,QAAQ,GAAG,cAAc,CAAC;gBAChC,CAAC;gBAED,mEAAmE;gBACnE,iCAAiC;gBACjC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACtD,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAEjC,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY;oBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBAEjF,MAAM,WAAW,CAAC,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,OAAO,CAAC,CAAC;gBAE9E,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,SAAS,CAAC;wBACd,WAAW;wBACX,YAAY;wBACZ,IAAI;wBACJ,YAAY;wBACZ,WAAW;wBACX,oBAAoB;wBACpB,cAAc;wBACd,KAAK,EAAE,WAAW;qBACnB,CAAC,CAAC;gBACL,CAAC;gBAED,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,QAAQ,GAAG;oBACf,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC;gBAEF,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAExB,OAAO,MAAM,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAED,OAAO,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC,CAAC;IAEF,KAAK,UAAU,aAAa,CAAC,OAAoB,EAAE,KAAe;QAChE,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YACnD,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACjC,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,MAAM,QAAQ,GAAG,yBAAyB,CAAC;YACzC,KAAK,EAAE;gBACL,OAAO,EAAE,sBAAsB;gBAC/B,WAAW,EAAE,8FAA8F;aAC5G;SACF,CAAC,CAAC;QAEH,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjC,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC"}
|
|
@@ -2,17 +2,18 @@
|
|
|
2
2
|
import React, { createContext, useCallback, useContext, useEffect, useState } from 'react';
|
|
3
3
|
import { checkSessionAction, getAuthAction, handleSignOutAction, refreshAuthAction, switchToOrganizationAction, } from '../actions.js';
|
|
4
4
|
const AuthContext = createContext(undefined);
|
|
5
|
-
export const AuthKitProvider = ({ children, onSessionExpired }) => {
|
|
6
|
-
|
|
7
|
-
const [
|
|
8
|
-
const [
|
|
9
|
-
const [
|
|
10
|
-
const [
|
|
11
|
-
const [
|
|
12
|
-
const [
|
|
13
|
-
const [
|
|
14
|
-
const [
|
|
15
|
-
const [
|
|
5
|
+
export const AuthKitProvider = ({ children, onSessionExpired, initialAuth }) => {
|
|
6
|
+
var _a;
|
|
7
|
+
const [user, setUser] = useState((_a = initialAuth === null || initialAuth === void 0 ? void 0 : initialAuth.user) !== null && _a !== void 0 ? _a : null);
|
|
8
|
+
const [sessionId, setSessionId] = useState(initialAuth === null || initialAuth === void 0 ? void 0 : initialAuth.sessionId);
|
|
9
|
+
const [organizationId, setOrganizationId] = useState(initialAuth === null || initialAuth === void 0 ? void 0 : initialAuth.organizationId);
|
|
10
|
+
const [role, setRole] = useState(initialAuth === null || initialAuth === void 0 ? void 0 : initialAuth.role);
|
|
11
|
+
const [roles, setRoles] = useState(initialAuth === null || initialAuth === void 0 ? void 0 : initialAuth.roles);
|
|
12
|
+
const [permissions, setPermissions] = useState(initialAuth === null || initialAuth === void 0 ? void 0 : initialAuth.permissions);
|
|
13
|
+
const [entitlements, setEntitlements] = useState(initialAuth === null || initialAuth === void 0 ? void 0 : initialAuth.entitlements);
|
|
14
|
+
const [featureFlags, setFeatureFlags] = useState(initialAuth === null || initialAuth === void 0 ? void 0 : initialAuth.featureFlags);
|
|
15
|
+
const [impersonator, setImpersonator] = useState(initialAuth === null || initialAuth === void 0 ? void 0 : initialAuth.impersonator);
|
|
16
|
+
const [loading, setLoading] = useState(!initialAuth);
|
|
16
17
|
const getAuth = useCallback(async ({ ensureSignedIn = false } = {}) => {
|
|
17
18
|
setLoading(true);
|
|
18
19
|
try {
|
|
@@ -78,7 +79,9 @@ export const AuthKitProvider = ({ children, onSessionExpired }) => {
|
|
|
78
79
|
await handleSignOutAction({ returnTo });
|
|
79
80
|
}, []);
|
|
80
81
|
useEffect(() => {
|
|
81
|
-
|
|
82
|
+
if (!initialAuth) {
|
|
83
|
+
getAuth();
|
|
84
|
+
}
|
|
82
85
|
// Return early if the session expired checks are disabled.
|
|
83
86
|
if (onSessionExpired === false) {
|
|
84
87
|
return;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authkit-provider.js","sourceRoot":"","sources":["../../../src/components/authkit-provider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAa,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACtG,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,mBAAmB,EACnB,iBAAiB,EACjB,0BAA0B,GAC3B,MAAM,eAAe,CAAC;AAwBvB,MAAM,WAAW,GAAG,aAAa,CAA8B,SAAS,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"authkit-provider.js","sourceRoot":"","sources":["../../../src/components/authkit-provider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAa,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACtG,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,mBAAmB,EACnB,iBAAiB,EACjB,0BAA0B,GAC3B,MAAM,eAAe,CAAC;AAwBvB,MAAM,WAAW,GAAG,aAAa,CAA8B,SAAS,CAAC,CAAC;AAe1E,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,gBAAgB,EAAE,WAAW,EAAwB,EAAE,EAAE;;IACnG,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAc,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,IAAI,mCAAI,IAAI,CAAC,CAAC;IACzE,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAqB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,SAAS,CAAC,CAAC;IACvF,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,GAAG,QAAQ,CAAqB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,cAAc,CAAC,CAAC;IACtG,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAqB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,IAAI,CAAC,CAAC;IACxE,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAuB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,KAAK,CAAC,CAAC;IAC7E,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAuB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,WAAW,CAAC,CAAC;IAC/F,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAuB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,YAAY,CAAC,CAAC;IAClG,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAuB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,YAAY,CAAC,CAAC;IAClG,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAA2B,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,YAAY,CAAC,CAAC;IACtG,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAC,CAAC,WAAW,CAAC,CAAC;IAErD,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,cAAc,GAAG,KAAK,KAAmC,EAAE,EAAE,EAAE;QAClG,UAAU,CAAC,IAAI,CAAC,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7B,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,CAAC;YACd,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAC7B,OAAO,CAAC,SAAS,CAAC,CAAC;YACnB,QAAQ,CAAC,SAAS,CAAC,CAAC;YACpB,cAAc,CAAC,SAAS,CAAC,CAAC;YAC1B,eAAe,CAAC,SAAS,CAAC,CAAC;YAC3B,eAAe,CAAC,SAAS,CAAC,CAAC;YAC3B,eAAe,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,oBAAoB,GAAG,WAAW,CACtC,KAAK,EAAE,cAAsB,EAAE,UAAuC,EAAE,EAAE,EAAE;QAC1E,MAAM,IAAI,GAAG,EAAE,oBAAoB,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,MAAM,0BAA0B,CAAC,cAAc,EAAE;YAC9D,oBAAoB,EAAE,MAAM;YAC5B,GAAG,OAAO;SACX,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,oBAAoB,KAAK,MAAM,EAAE,CAAC;YACzC,MAAM,OAAO,CAAC,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC,EACD,EAAE,CACH,CAAC;IAEF,MAAM,WAAW,GAAG,WAAW,CAC7B,KAAK,EAAE,EAAE,cAAc,GAAG,KAAK,EAAE,cAAc,KAA4D,EAAE,EAAE,EAAE;QAC/G,IAAI,CAAC;YACH,UAAU,CAAC,IAAI,CAAC,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,EAAE,cAAc,EAAE,cAAc,EAAE,CAAC,CAAC;YAEzE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7B,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QACtF,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,EACD,EAAE,CACH,CAAC;IAEF,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,QAAQ,KAA4B,EAAE,EAAE,EAAE;QAC7E,MAAM,mBAAmB,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC1C,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,2DAA2D;QAC3D,IAAI,gBAAgB,KAAK,KAAK,EAAE,CAAC;YAC/B,OAAO;QACT,CAAC;QAED,IAAI,uBAAuB,GAAG,KAAK,CAAC;QAEpC,MAAM,sBAAsB,GAAG,KAAK,IAAI,EAAE;YACxC,IAAI,uBAAuB,EAAE,CAAC;gBAC5B,OAAO;YACT,CAAC;YAED,oGAAoG;YACpG,qFAAqF;YACrF,oGAAoG;YACpG,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBAC3C,uBAAuB,GAAG,IAAI,CAAC;gBAE/B,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MAAM,kBAAkB,EAAE,CAAC;oBAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;oBACrC,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,wEAAwE;oBACxE,+EAA+E;oBAC/E,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;wBACxE,IAAI,gBAAgB,EAAE,CAAC;4BACrB,gBAAgB,EAAE,CAAC;wBACrB,CAAC;6BAAM,CAAC;4BACN,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;wBAC3B,CAAC;oBACH,CAAC;gBACH,CAAC;wBAAS,CAAC;oBACT,uBAAuB,GAAG,KAAK,CAAC;gBAClC,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;QACpE,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;QAEzD,OAAO,GAAG,EAAE;YACV,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;YAC5D,MAAM,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;QACzE,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAEvB,OAAO,CACL,oBAAC,WAAW,CAAC,QAAQ,IACnB,KAAK,EAAE;YACL,IAAI;YACJ,SAAS;YACT,cAAc;YACd,IAAI;YACJ,KAAK;YACL,WAAW;YACX,YAAY;YACZ,YAAY;YACZ,YAAY;YACZ,OAAO;YACP,OAAO;YACP,WAAW;YACX,OAAO;YACP,oBAAoB;SACrB,IAEA,QAAQ,CACY,CACxB,CAAC;AACJ,CAAC,CAAC;AAMF,MAAM,UAAU,OAAO,CAAC,EAAE,cAAc,GAAG,KAAK,KAAmC,EAAE;IACnF,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;IAExC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,IAAI,cAAc,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACnE,OAAO,CAAC,OAAO,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,EAAE,CAAC,cAAc,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,CAAC,CAAC;IAExE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
package/dist/esm/session.js
CHANGED
|
@@ -9,12 +9,43 @@ import { WORKOS_CLIENT_ID, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_RE
|
|
|
9
9
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
10
10
|
import { getWorkOS } from './workos.js';
|
|
11
11
|
import { parse, tokensToRegexp } from 'path-to-regexp';
|
|
12
|
-
import { lazy, redirectWithFallback } from './utils.js';
|
|
12
|
+
import { lazy, redirectWithFallback, setCachePreventionHeaders } from './utils.js';
|
|
13
13
|
const sessionHeaderName = 'x-workos-session';
|
|
14
14
|
const middlewareHeaderName = 'x-workos-middleware';
|
|
15
15
|
const signUpPathsHeaderName = 'x-sign-up-paths';
|
|
16
16
|
const jwtCookieName = 'workos-access-token';
|
|
17
17
|
const JWKS = lazy(() => createRemoteJWKSet(new URL(getWorkOS().userManagement.getJwksUrl(WORKOS_CLIENT_ID))));
|
|
18
|
+
/**
|
|
19
|
+
* Applies cache security headers with Vary header deduplication.
|
|
20
|
+
* Only applies headers if the request is authenticated (has session, cookie, or Authorization header).
|
|
21
|
+
* Used in middleware where existing Vary headers may already be present.
|
|
22
|
+
* @param headers - The Headers object to set the cache security headers on.
|
|
23
|
+
* @param request - The NextRequest object to check for authentication.
|
|
24
|
+
* @param sessionData - Optional session data to check for authentication.
|
|
25
|
+
*/
|
|
26
|
+
function applyCacheSecurityHeaders(headers, request, sessionData) {
|
|
27
|
+
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
28
|
+
// Only apply cache headers for authenticated requests
|
|
29
|
+
if (!(sessionData === null || sessionData === void 0 ? void 0 : sessionData.accessToken) && !request.cookies.has(cookieName) && !request.headers.has('authorization')) {
|
|
30
|
+
return;
|
|
31
|
+
}
|
|
32
|
+
const varyValues = new Set(['cookie']);
|
|
33
|
+
if (request.headers.has('authorization')) {
|
|
34
|
+
varyValues.add('authorization');
|
|
35
|
+
}
|
|
36
|
+
const currentVary = headers.get('Vary');
|
|
37
|
+
if (currentVary) {
|
|
38
|
+
currentVary.split(',').forEach((v) => {
|
|
39
|
+
const trimmed = v.trim().toLowerCase();
|
|
40
|
+
if (trimmed)
|
|
41
|
+
varyValues.add(trimmed);
|
|
42
|
+
});
|
|
43
|
+
}
|
|
44
|
+
headers.set('Vary', Array.from(varyValues)
|
|
45
|
+
.map((v) => v.charAt(0).toUpperCase() + v.slice(1))
|
|
46
|
+
.join(', '));
|
|
47
|
+
setCachePreventionHeaders(headers);
|
|
48
|
+
}
|
|
18
49
|
/**
|
|
19
50
|
* Determines if a request is for an initial document load (not API/RSC/prefetch)
|
|
20
51
|
*/
|
|
@@ -80,7 +111,29 @@ async function updateSessionMiddleware(request, debug, middlewareAuth, redirectU
|
|
|
80
111
|
if (signUpPaths.length > 0) {
|
|
81
112
|
headers.set(signUpPathsHeaderName, signUpPaths.join(','));
|
|
82
113
|
}
|
|
114
|
+
applyCacheSecurityHeaders(headers, request, session);
|
|
115
|
+
// Create a new request with modified headers (for page handlers)
|
|
116
|
+
const requestHeaders = new Headers(request.headers);
|
|
117
|
+
requestHeaders.set(middlewareHeaderName, headers.get(middlewareHeaderName));
|
|
118
|
+
requestHeaders.set('x-url', headers.get('x-url'));
|
|
119
|
+
if (headers.has('x-redirect-uri')) {
|
|
120
|
+
requestHeaders.set('x-redirect-uri', headers.get('x-redirect-uri'));
|
|
121
|
+
}
|
|
122
|
+
if (headers.has(signUpPathsHeaderName)) {
|
|
123
|
+
requestHeaders.set(signUpPathsHeaderName, headers.get(signUpPathsHeaderName));
|
|
124
|
+
}
|
|
125
|
+
// Pass session to page handlers via request header
|
|
126
|
+
// This ensures handlers see refreshed sessions immediately (before Set-Cookie reaches browser)
|
|
127
|
+
const sessionHeader = headers.get(sessionHeaderName);
|
|
128
|
+
if (sessionHeader) {
|
|
129
|
+
requestHeaders.set(sessionHeaderName, sessionHeader);
|
|
130
|
+
}
|
|
131
|
+
// Remove session header from response headers to prevent leakage
|
|
132
|
+
headers.delete(sessionHeaderName);
|
|
83
133
|
return NextResponse.next({
|
|
134
|
+
request: {
|
|
135
|
+
headers: requestHeaders,
|
|
136
|
+
},
|
|
84
137
|
headers,
|
|
85
138
|
});
|
|
86
139
|
}
|
|
@@ -119,6 +172,7 @@ async function updateSession(request, options = { debug: false }) {
|
|
|
119
172
|
}
|
|
120
173
|
const hasValidSession = await verifyAccessToken(session.accessToken);
|
|
121
174
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
175
|
+
applyCacheSecurityHeaders(newRequestHeaders, request, session);
|
|
122
176
|
if (hasValidSession) {
|
|
123
177
|
newRequestHeaders.set(sessionHeaderName, request.cookies.get(cookieName).value);
|
|
124
178
|
const { sid: sessionId, org_id: organizationId, role, roles, permissions, entitlements, feature_flags: featureFlags, } = decodeJwt(session.accessToken);
|
|
@@ -343,7 +397,7 @@ async function getSessionFromHeader() {
|
|
|
343
397
|
const hasMiddleware = Boolean(headersList.get(middlewareHeaderName));
|
|
344
398
|
if (!hasMiddleware) {
|
|
345
399
|
const url = headersList.get('x-url');
|
|
346
|
-
throw new Error(`You are calling 'withAuth' on ${url !== null && url !== void 0 ? url : 'a route'} that isn
|
|
400
|
+
throw new Error(`You are calling 'withAuth' on ${url !== null && url !== void 0 ? url : 'a route'} that isn't covered by the AuthKit middleware. Make sure it is running on all paths you are calling 'withAuth' from by updating your middleware config in 'middleware.(js|ts)'.`);
|
|
347
401
|
}
|
|
348
402
|
const authHeader = headersList.get(sessionHeaderName);
|
|
349
403
|
if (!authHeader)
|
package/dist/esm/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAc,kBAAkB,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAC5E,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAUjE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAExD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACnD,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AAChD,MAAM,aAAa,GAAG,qBAAqB,CAAC;AAE5C,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9G;;GAEG;AACH,SAAS,wBAAwB,CAAC,OAAoB;IACpD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnD,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACjG,MAAM,UAAU,GACd,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,UAAU;QAC7C,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,UAAU;QACjD,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAE9C,OAAO,iBAAiB,IAAI,CAAC,YAAY,IAAI,CAAC,UAAU,CAAC;AAC3D,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,QAAQ,CAAC,OAAO,EAAE;QACvB,QAAQ,EAAE,sBAAsB;QAChC,GAAG,EAAE,CAAC;KACP,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,OAAoB,EACpB,KAAc,EACd,cAAqC,EACrC,WAAmB,EACnB,WAAqB,EACrB,SAAS,GAAG,KAAK;IAEjB,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAChH,CAAC;IAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC;IAER,IAAI,WAAW,EAAE,CAAC;QAChB,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACrC,CAAC;IAED,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE;QAC1E,KAAK;QACL,WAAW;QACX,UAAU,EAAE,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QAChE,SAAS;KACV,CAAC,CAAC;IAEH,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACzE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,2CAA2C,OAAO,CAAC,GAAG,0BAA0B,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,oBAAoB,CAAC,gBAA0B,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IAED,oDAAoD;IACpD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,YAAY,CAAC,IAAI,CAAC;QACvB,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,UAA0B,EAAE,KAAK,EAAE,KAAK,EAAE;;IAE1C,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAEpD,0GAA0G;IAC1G,uBAAuB;IACvB,6EAA6E;IAC7E,MAAM,iBAAiB,GAAG,IAAI,OAAO,EAAE,CAAC;IAExC,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,mGAAmG;QACnG,gEAAgE;QAChE,iBAAiB,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC/D,CAAC;IAED,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;gBACvD,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;SACH,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,IAAI,eAAe,EAAE,CAAC;QACpB,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAEjF,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAEhD,yCAAyC;QACzC,8EAA8E;QAC9E,IAAI,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAC7D,0DAA0D;YAC1D,IAAI,CAAC,iBAAiB,IAAI,iBAAiB,CAAC,KAAK,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC1E,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;YACzF,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,uBAAuB;YACvB,OAAO,CAAC,GAAG,CACT,oBAAoB,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,wCAAwC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,uBAAuB,EAAE,CAC/I,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GACrD,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5D,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,6BAA6B;SAC9C,CAAC,CAAC;QAEL,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAChD,CAAC;QACD,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,UAAU,IAAI,gBAAgB,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACpH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,yCAAyC;QACzC,8EAA8E;QAC9E,IAAI,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;QAExC,MAAA,OAAO,CAAC,uBAAuB,wDAAG,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvF,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI;gBACJ,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,YAAY;gBACZ,WAAW;aACZ;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,0GAA0G;QAC1G,MAAM,YAAY,GAAG,GAAG,UAAU,cAAc,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QAC1H,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAErD,4CAA4C;QAC5C,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,MAAM,eAAe,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC9D,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAC1D,CAAC;QAED,MAAA,OAAO,CAAC,qBAAqB,wDAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QAEvD,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;aACxD,CAAC;SACH,CAAC;IACJ,CAAC;AACH,CAAC;AAOD,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,IAAI,aAAa,CAAC;IAElB,IAAI,CAAC;QACH,aAAa,GAAG,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5E,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;SACpE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE;YACtG,KAAK,EAAE,KAAK;SACb,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,WAAW,CAAC,aAAa,EAAE,GAAG,IAAI,mBAAmB,CAAC,CAAC;IAE7D,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IAE1D,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;IAExC,OAAO;QACL,SAAS;QACT,IAAI;QACJ,cAAc;QACd,IAAI;QACJ,KAAK;QACL,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAE5C,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;;IAC7B,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IAED,yDAAyD;IACzD,MAAM,WAAW,GAAG,MAAA,WAAW,CAAC,GAAG,CAAC,qBAAqB,CAAC,0CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACvC,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAExD,MAAM,cAAc,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAE9C,QAAQ,CAAC,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAoB;IAEpB,MAAM,KAAK,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,CAAC,MAAM,QAAQ,EAAE,CAAC,CAAC,WAAW,CAAC;IAC5D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,SAAS,CAAI,KAAK,CAAC,CAAC;AAC7B,CAAC;AAID,KAAK,UAAU,QAAQ,CAAC,OAAsC;IAC5D,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAE7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,EAAE,CAAC;YAC5B,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAEhD,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,KAAK;QACL,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAAqB;IAC9D,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,IAAI,MAAM,CAAC;IAEX,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,UAAU,CAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,sBAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,iCAAiC,GAAG,aAAH,GAAG,cAAH,GAAG,GAAI,SAAS,iLAAiL,CACnO,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,UAAU,CAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC;AAED,SAAS,aAAa,CAAC,WAAiC,EAAE,QAAgB;IACxE,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IAEnC,MAAM,eAAe,GAAa,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChE,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACvD,OAAO,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5D,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,iBAAmD,EACnD,OAA6B;IAE7B,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC,iBAAiB,CAAC,CAAC;IACjE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAChE,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAc,kBAAkB,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAC5E,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAUjE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAEnF,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACnD,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AAChD,MAAM,aAAa,GAAG,qBAAqB,CAAC;AAE5C,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9G;;;;;;;GAOG;AACH,SAAS,yBAAyB,CAChC,OAAgB,EAChB,OAAoB,EACpB,WAAgD;IAEhD,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,sDAAsD;IACtD,IAAI,CAAC,CAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,WAAW,CAAA,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/C,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACzC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,WAAW,EAAE,CAAC;QAChB,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YACnC,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACvC,IAAI,OAAO;gBAAE,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,CACT,MAAM,EACN,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;SACnB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAClD,IAAI,CAAC,IAAI,CAAC,CACd,CAAC;IAEF,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,OAAoB;IACpD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnD,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACjG,MAAM,UAAU,GACd,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,UAAU;QAC7C,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,UAAU;QACjD,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAE9C,OAAO,iBAAiB,IAAI,CAAC,YAAY,IAAI,CAAC,UAAU,CAAC;AAC3D,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,QAAQ,CAAC,OAAO,EAAE;QACvB,QAAQ,EAAE,sBAAsB;QAChC,GAAG,EAAE,CAAC;KACP,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,OAAoB,EACpB,KAAc,EACd,cAAqC,EACrC,WAAmB,EACnB,WAAqB,EACrB,SAAS,GAAG,KAAK;IAEjB,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAChH,CAAC;IAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC;IAER,IAAI,WAAW,EAAE,CAAC;QAChB,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACrC,CAAC;IAED,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE;QAC1E,KAAK;QACL,WAAW;QACX,UAAU,EAAE,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QAChE,SAAS;KACV,CAAC,CAAC;IAEH,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACzE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,2CAA2C,OAAO,CAAC,GAAG,0BAA0B,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,oBAAoB,CAAC,gBAA0B,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IAED,oDAAoD;IACpD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAErD,iEAAiE;IACjE,MAAM,cAAc,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACpD,cAAc,CAAC,GAAG,CAAC,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAE,CAAC,CAAC;IAC7E,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,CAAC;IACnD,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClC,cAAc,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAE,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACvC,cAAc,CAAC,GAAG,CAAC,qBAAqB,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAE,CAAC,CAAC;IACjF,CAAC;IAED,mDAAmD;IACnD,+FAA+F;IAC/F,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACrD,IAAI,aAAa,EAAE,CAAC;QAClB,cAAc,CAAC,GAAG,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;IACvD,CAAC;IAED,iEAAiE;IACjE,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAElC,OAAO,YAAY,CAAC,IAAI,CAAC;QACvB,OAAO,EAAE;YACP,OAAO,EAAE,cAAc;SACxB;QACD,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,UAA0B,EAAE,KAAK,EAAE,KAAK,EAAE;;IAE1C,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAEpD,0GAA0G;IAC1G,uBAAuB;IACvB,6EAA6E;IAC7E,MAAM,iBAAiB,GAAG,IAAI,OAAO,EAAE,CAAC;IAExC,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,mGAAmG;QACnG,gEAAgE;QAChE,iBAAiB,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC/D,CAAC;IAED,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;gBACvD,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;SACH,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,yBAAyB,CAAC,iBAAiB,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAE/D,IAAI,eAAe,EAAE,CAAC;QACpB,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAEjF,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAEhD,yCAAyC;QACzC,8EAA8E;QAC9E,IAAI,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAC7D,0DAA0D;YAC1D,IAAI,CAAC,iBAAiB,IAAI,iBAAiB,CAAC,KAAK,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC1E,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;YACzF,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,uBAAuB;YACvB,OAAO,CAAC,GAAG,CACT,oBAAoB,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,wCAAwC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,uBAAuB,EAAE,CAC/I,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GACrD,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5D,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,6BAA6B;SAC9C,CAAC,CAAC;QAEL,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAChD,CAAC;QACD,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,UAAU,IAAI,gBAAgB,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACpH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,yCAAyC;QACzC,8EAA8E;QAC9E,IAAI,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;QAExC,MAAA,OAAO,CAAC,uBAAuB,wDAAG,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvF,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI;gBACJ,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,YAAY;gBACZ,WAAW;aACZ;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,0GAA0G;QAC1G,MAAM,YAAY,GAAG,GAAG,UAAU,cAAc,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QAC1H,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAErD,4CAA4C;QAC5C,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,MAAM,eAAe,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC9D,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAC1D,CAAC;QAED,MAAA,OAAO,CAAC,qBAAqB,wDAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QAEvD,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;aACxD,CAAC;SACH,CAAC;IACJ,CAAC;AACH,CAAC;AAOD,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,IAAI,aAAa,CAAC;IAElB,IAAI,CAAC;QACH,aAAa,GAAG,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5E,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;SACpE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE;YACtG,KAAK,EAAE,KAAK;SACb,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,WAAW,CAAC,aAAa,EAAE,GAAG,IAAI,mBAAmB,CAAC,CAAC;IAE7D,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IAE1D,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;IAExC,OAAO;QACL,SAAS;QACT,IAAI;QACJ,cAAc;QACd,IAAI;QACJ,KAAK;QACL,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAE5C,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;;IAC7B,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IAED,yDAAyD;IACzD,MAAM,WAAW,GAAG,MAAA,WAAW,CAAC,GAAG,CAAC,qBAAqB,CAAC,0CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACvC,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAExD,MAAM,cAAc,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAE9C,QAAQ,CAAC,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAoB;IAEpB,MAAM,KAAK,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,CAAC,MAAM,QAAQ,EAAE,CAAC,CAAC,WAAW,CAAC;IAC5D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,SAAS,CAAI,KAAK,CAAC,CAAC;AAC7B,CAAC;AAID,KAAK,UAAU,QAAQ,CAAC,OAAsC;IAC5D,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAE7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,EAAE,CAAC;YAC5B,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAEhD,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,KAAK;QACL,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAAqB;IAC9D,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,IAAI,MAAM,CAAC;IAEX,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,UAAU,CAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,sBAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,iCAAiC,GAAG,aAAH,GAAG,cAAH,GAAG,GAAI,SAAS,iLAAiL,CACnO,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,UAAU,CAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC;AAED,SAAS,aAAa,CAAC,WAAiC,EAAE,QAAgB;IACxE,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IAEnC,MAAM,eAAe,GAAa,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChE,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACvD,OAAO,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5D,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,iBAAmD,EACnD,OAA6B;IAE7B,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC,iBAAiB,CAAC,CAAC;IACjE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAChE,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import React, { ReactNode } from 'react';
|
|
2
2
|
import type { Impersonator, User } from '@workos-inc/node';
|
|
3
|
-
import type { UserInfo, SwitchToOrganizationOptions } from '../interfaces.js';
|
|
3
|
+
import type { UserInfo, SwitchToOrganizationOptions, NoUserInfo } from '../interfaces.js';
|
|
4
4
|
type AuthContextType = {
|
|
5
5
|
user: User | null;
|
|
6
6
|
sessionId: string | undefined;
|
|
@@ -35,8 +35,12 @@ interface AuthKitProviderProps {
|
|
|
35
35
|
* You can also pass this as `false` to disable the expired session checks.
|
|
36
36
|
*/
|
|
37
37
|
onSessionExpired?: false | (() => void);
|
|
38
|
+
/**
|
|
39
|
+
* Initial auth data from the server. If provided, the provider will skip the initial client-side fetch.
|
|
40
|
+
*/
|
|
41
|
+
initialAuth?: Omit<UserInfo | NoUserInfo, 'accessToken'>;
|
|
38
42
|
}
|
|
39
|
-
export declare const AuthKitProvider: ({ children, onSessionExpired }: AuthKitProviderProps) => React.JSX.Element;
|
|
43
|
+
export declare const AuthKitProvider: ({ children, onSessionExpired, initialAuth }: AuthKitProviderProps) => React.JSX.Element;
|
|
40
44
|
export declare function useAuth(options: {
|
|
41
45
|
ensureSignedIn: true;
|
|
42
46
|
}): AuthContextType & ({
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sets cache prevention headers to prevent CDN/proxy caching.
|
|
3
|
+
* @param headers - The Headers object to set the cache prevention headers on.
|
|
4
|
+
*/
|
|
5
|
+
export declare function setCachePreventionHeaders(headers: Headers): void;
|
|
1
6
|
export declare function redirectWithFallback(redirectUri: string, headers?: Headers): Response;
|
|
2
7
|
export declare function errorResponseWithFallback(errorBody: {
|
|
3
8
|
error: {
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { WorkOS } from '@workos-inc/node';
|
|
2
|
-
export declare const VERSION = "2.
|
|
2
|
+
export declare const VERSION = "2.12.0";
|
|
3
3
|
/**
|
|
4
4
|
* Create a WorkOS instance with the provided API key and options.
|
|
5
5
|
* If an instance already exists, it returns the existing instance.
|
package/dist/esm/utils.js
CHANGED
|
@@ -1,4 +1,14 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
|
+
/**
|
|
3
|
+
* Sets cache prevention headers to prevent CDN/proxy caching.
|
|
4
|
+
* @param headers - The Headers object to set the cache prevention headers on.
|
|
5
|
+
*/
|
|
6
|
+
export function setCachePreventionHeaders(headers) {
|
|
7
|
+
headers.set('Cache-Control', 'private, no-cache, no-store, must-revalidate, max-age=0');
|
|
8
|
+
headers.set('Pragma', 'no-cache');
|
|
9
|
+
headers.set('Expires', '0');
|
|
10
|
+
headers.set('x-middleware-cache', 'no-cache');
|
|
11
|
+
}
|
|
2
12
|
export function redirectWithFallback(redirectUri, headers) {
|
|
3
13
|
const newHeaders = headers ? new Headers(headers) : new Headers();
|
|
4
14
|
newHeaders.set('Location', redirectUri);
|
package/dist/esm/utils.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,MAAM,UAAU,oBAAoB,CAAC,WAAmB,EAAE,OAAiB;IACzE,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,EAAE,CAAC;IAClE,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAExC,mEAAmE;IACnE,iCAAiC;IACjC,OAAO,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,QAAQ;QAC3B,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,OAAO,EAAE,CAAC;QACjD,CAAC,CAAC,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,SAA8D;IACtG,mEAAmE;IACnE,iCAAiC;IACjC,OAAO,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,IAAI;QACvB,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;QAC/C,CAAC,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE;YACtC,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CAAC,CAAC;AACT,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,IAAI,CAAI,EAAW;IACjC,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,MAAS,CAAC;IACd,OAAO,GAAG,EAAE;QACV,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,EAAE,EAAE,CAAC;YACd,MAAM,GAAG,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAAgB;IACxD,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,yDAAyD,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,UAAU,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,WAAmB,EAAE,OAAiB;IACzE,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,EAAE,CAAC;IAClE,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAExC,mEAAmE;IACnE,iCAAiC;IACjC,OAAO,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,QAAQ;QAC3B,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,OAAO,EAAE,CAAC;QACjD,CAAC,CAAC,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,SAA8D;IACtG,mEAAmE;IACnE,iCAAiC;IACjC,OAAO,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,IAAI;QACvB,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;QAC/C,CAAC,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE;YACtC,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CAAC,CAAC;AACT,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,IAAI,CAAI,EAAW;IACjC,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,MAAS,CAAC;IACd,OAAO,GAAG,EAAE;QACV,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,EAAE,EAAE,CAAC;YACd,MAAM,GAAG,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/esm/workos.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { WorkOS } from '@workos-inc/node';
|
|
2
2
|
import { WORKOS_API_HOSTNAME, WORKOS_API_KEY, WORKOS_API_HTTPS, WORKOS_API_PORT } from './env-variables.js';
|
|
3
3
|
import { lazy } from './utils.js';
|
|
4
|
-
export const VERSION = '2.
|
|
4
|
+
export const VERSION = '2.12.0';
|
|
5
5
|
const options = {
|
|
6
6
|
apiHostname: WORKOS_API_HOSTNAME,
|
|
7
7
|
https: WORKOS_API_HTTPS ? WORKOS_API_HTTPS === 'true' : true,
|
package/package.json
CHANGED
|
@@ -2,9 +2,14 @@ import { NextRequest } from 'next/server';
|
|
|
2
2
|
import { WORKOS_CLIENT_ID } from './env-variables.js';
|
|
3
3
|
import { HandleAuthOptions } from './interfaces.js';
|
|
4
4
|
import { saveSession } from './session.js';
|
|
5
|
-
import { errorResponseWithFallback, redirectWithFallback } from './utils.js';
|
|
5
|
+
import { errorResponseWithFallback, redirectWithFallback, setCachePreventionHeaders } from './utils.js';
|
|
6
6
|
import { getWorkOS } from './workos.js';
|
|
7
7
|
|
|
8
|
+
function preventCaching(headers: Headers): void {
|
|
9
|
+
headers.set('Vary', 'Cookie');
|
|
10
|
+
setCachePreventionHeaders(headers);
|
|
11
|
+
}
|
|
12
|
+
|
|
8
13
|
function handleState(state: string | null) {
|
|
9
14
|
let returnPathname: string | undefined = undefined;
|
|
10
15
|
let userState: string | undefined;
|
|
@@ -90,6 +95,7 @@ export function handleAuth(options: HandleAuthOptions = {}) {
|
|
|
90
95
|
// Fall back to standard Response if NextResponse is not available.
|
|
91
96
|
// This is to support Next.js 13.
|
|
92
97
|
const response = redirectWithFallback(url.toString());
|
|
98
|
+
preventCaching(response.headers);
|
|
93
99
|
|
|
94
100
|
if (!accessToken || !refreshToken) throw new Error('response is missing tokens');
|
|
95
101
|
|
|
@@ -116,23 +122,28 @@ export function handleAuth(options: HandleAuthOptions = {}) {
|
|
|
116
122
|
|
|
117
123
|
console.error(errorRes);
|
|
118
124
|
|
|
119
|
-
return errorResponse(request, error);
|
|
125
|
+
return await errorResponse(request, error);
|
|
120
126
|
}
|
|
121
127
|
}
|
|
122
128
|
|
|
123
|
-
return errorResponse(request);
|
|
129
|
+
return await errorResponse(request);
|
|
124
130
|
};
|
|
125
131
|
|
|
126
|
-
function errorResponse(request: NextRequest, error?: unknown) {
|
|
132
|
+
async function errorResponse(request: NextRequest, error?: unknown) {
|
|
127
133
|
if (onError) {
|
|
128
|
-
|
|
134
|
+
const response = await onError({ error, request });
|
|
135
|
+
preventCaching(response.headers);
|
|
136
|
+
return response;
|
|
129
137
|
}
|
|
130
138
|
|
|
131
|
-
|
|
139
|
+
const response = errorResponseWithFallback({
|
|
132
140
|
error: {
|
|
133
141
|
message: 'Something went wrong',
|
|
134
142
|
description: "Couldn't sign in. If you are not sure what happened, please contact your organization admin.",
|
|
135
143
|
},
|
|
136
144
|
});
|
|
145
|
+
|
|
146
|
+
preventCaching(response.headers);
|
|
147
|
+
return response;
|
|
137
148
|
}
|
|
138
149
|
}
|
|
@@ -35,6 +35,121 @@ describe('AuthKitProvider', () => {
|
|
|
35
35
|
expect(getByText('Test Child')).toBeInTheDocument();
|
|
36
36
|
});
|
|
37
37
|
|
|
38
|
+
it('should skip initial getAuthAction call when initialAuth is provided', async () => {
|
|
39
|
+
const initialAuth = {
|
|
40
|
+
user: {
|
|
41
|
+
id: 'user-123',
|
|
42
|
+
email: 'test@example.com',
|
|
43
|
+
emailVerified: true,
|
|
44
|
+
profilePictureUrl: null,
|
|
45
|
+
firstName: 'Test',
|
|
46
|
+
lastName: 'User',
|
|
47
|
+
object: 'user' as const,
|
|
48
|
+
createdAt: '2024-01-01T00:00:00Z',
|
|
49
|
+
updatedAt: '2024-01-01T00:00:00Z',
|
|
50
|
+
lastSignInAt: '2024-01-01T00:00:00Z',
|
|
51
|
+
externalId: null,
|
|
52
|
+
locale: 'en-US',
|
|
53
|
+
metadata: {},
|
|
54
|
+
},
|
|
55
|
+
sessionId: 'test-session',
|
|
56
|
+
organizationId: 'test-org',
|
|
57
|
+
role: 'admin',
|
|
58
|
+
roles: ['admin'],
|
|
59
|
+
permissions: ['read', 'write'],
|
|
60
|
+
entitlements: ['feature1'],
|
|
61
|
+
featureFlags: ['test-flag'],
|
|
62
|
+
impersonator: undefined,
|
|
63
|
+
};
|
|
64
|
+
|
|
65
|
+
render(
|
|
66
|
+
<AuthKitProvider initialAuth={initialAuth}>
|
|
67
|
+
<div>Test Child</div>
|
|
68
|
+
</AuthKitProvider>,
|
|
69
|
+
);
|
|
70
|
+
|
|
71
|
+
// Wait a bit to ensure no call is made
|
|
72
|
+
await waitFor(
|
|
73
|
+
() => {
|
|
74
|
+
expect(getAuthAction).not.toHaveBeenCalled();
|
|
75
|
+
},
|
|
76
|
+
{ timeout: 100 },
|
|
77
|
+
);
|
|
78
|
+
});
|
|
79
|
+
|
|
80
|
+
it('should initialize state with initialAuth values', async () => {
|
|
81
|
+
const initialAuth = {
|
|
82
|
+
user: {
|
|
83
|
+
id: 'user-123',
|
|
84
|
+
email: 'test@example.com',
|
|
85
|
+
emailVerified: true,
|
|
86
|
+
profilePictureUrl: null,
|
|
87
|
+
firstName: 'Test',
|
|
88
|
+
lastName: 'User',
|
|
89
|
+
object: 'user' as const,
|
|
90
|
+
createdAt: '2024-01-01T00:00:00Z',
|
|
91
|
+
updatedAt: '2024-01-01T00:00:00Z',
|
|
92
|
+
lastSignInAt: '2024-01-01T00:00:00Z',
|
|
93
|
+
locale: 'en-US',
|
|
94
|
+
externalId: null,
|
|
95
|
+
metadata: {},
|
|
96
|
+
},
|
|
97
|
+
sessionId: 'test-session',
|
|
98
|
+
organizationId: 'test-org',
|
|
99
|
+
role: 'admin',
|
|
100
|
+
roles: ['admin'],
|
|
101
|
+
permissions: ['read', 'write'],
|
|
102
|
+
entitlements: ['feature1'],
|
|
103
|
+
featureFlags: ['test-flag'],
|
|
104
|
+
impersonator: { email: 'admin@example.com', reason: 'Support request' },
|
|
105
|
+
};
|
|
106
|
+
|
|
107
|
+
const TestComponent = () => {
|
|
108
|
+
const auth = useAuth();
|
|
109
|
+
return (
|
|
110
|
+
<div>
|
|
111
|
+
<div data-testid="loading">{auth.loading.toString()}</div>
|
|
112
|
+
<div data-testid="email">{auth.user?.email}</div>
|
|
113
|
+
<div data-testid="session">{auth.sessionId}</div>
|
|
114
|
+
<div data-testid="org">{auth.organizationId}</div>
|
|
115
|
+
<div data-testid="role">{auth.role}</div>
|
|
116
|
+
<div data-testid="impersonator">{auth.impersonator?.email}</div>
|
|
117
|
+
</div>
|
|
118
|
+
);
|
|
119
|
+
};
|
|
120
|
+
|
|
121
|
+
const { getByTestId } = render(
|
|
122
|
+
<AuthKitProvider initialAuth={initialAuth}>
|
|
123
|
+
<TestComponent />
|
|
124
|
+
</AuthKitProvider>,
|
|
125
|
+
);
|
|
126
|
+
|
|
127
|
+
// Should not be loading when initialAuth is provided
|
|
128
|
+
expect(getByTestId('loading')).toHaveTextContent('false');
|
|
129
|
+
expect(getByTestId('email')).toHaveTextContent('test@example.com');
|
|
130
|
+
expect(getByTestId('session')).toHaveTextContent('test-session');
|
|
131
|
+
expect(getByTestId('org')).toHaveTextContent('test-org');
|
|
132
|
+
expect(getByTestId('role')).toHaveTextContent('admin');
|
|
133
|
+
expect(getByTestId('impersonator')).toHaveTextContent('admin@example.com');
|
|
134
|
+
});
|
|
135
|
+
|
|
136
|
+
it('should call getAuthAction when initialAuth is not provided', async () => {
|
|
137
|
+
(getAuthAction as jest.Mock).mockResolvedValueOnce({
|
|
138
|
+
user: { email: 'test@example.com' },
|
|
139
|
+
sessionId: 'test-session',
|
|
140
|
+
});
|
|
141
|
+
|
|
142
|
+
render(
|
|
143
|
+
<AuthKitProvider>
|
|
144
|
+
<div>Test Child</div>
|
|
145
|
+
</AuthKitProvider>,
|
|
146
|
+
);
|
|
147
|
+
|
|
148
|
+
await waitFor(() => {
|
|
149
|
+
expect(getAuthAction).toHaveBeenCalledTimes(1);
|
|
150
|
+
});
|
|
151
|
+
});
|
|
152
|
+
|
|
38
153
|
it('should do nothing if onSessionExpired is false', async () => {
|
|
39
154
|
jest.spyOn(window, 'addEventListener');
|
|
40
155
|
|
|
@@ -9,7 +9,7 @@ import {
|
|
|
9
9
|
switchToOrganizationAction,
|
|
10
10
|
} from '../actions.js';
|
|
11
11
|
import type { Impersonator, User } from '@workos-inc/node';
|
|
12
|
-
import type { UserInfo, SwitchToOrganizationOptions } from '../interfaces.js';
|
|
12
|
+
import type { UserInfo, SwitchToOrganizationOptions, NoUserInfo } from '../interfaces.js';
|
|
13
13
|
|
|
14
14
|
type AuthContextType = {
|
|
15
15
|
user: User | null;
|
|
@@ -40,19 +40,23 @@ interface AuthKitProviderProps {
|
|
|
40
40
|
* You can also pass this as `false` to disable the expired session checks.
|
|
41
41
|
*/
|
|
42
42
|
onSessionExpired?: false | (() => void);
|
|
43
|
+
/**
|
|
44
|
+
* Initial auth data from the server. If provided, the provider will skip the initial client-side fetch.
|
|
45
|
+
*/
|
|
46
|
+
initialAuth?: Omit<UserInfo | NoUserInfo, 'accessToken'>;
|
|
43
47
|
}
|
|
44
48
|
|
|
45
|
-
export const AuthKitProvider = ({ children, onSessionExpired }: AuthKitProviderProps) => {
|
|
46
|
-
const [user, setUser] = useState<User | null>(null);
|
|
47
|
-
const [sessionId, setSessionId] = useState<string | undefined>(
|
|
48
|
-
const [organizationId, setOrganizationId] = useState<string | undefined>(
|
|
49
|
-
const [role, setRole] = useState<string | undefined>(
|
|
50
|
-
const [roles, setRoles] = useState<string[] | undefined>(
|
|
51
|
-
const [permissions, setPermissions] = useState<string[] | undefined>(
|
|
52
|
-
const [entitlements, setEntitlements] = useState<string[] | undefined>(
|
|
53
|
-
const [featureFlags, setFeatureFlags] = useState<string[] | undefined>(
|
|
54
|
-
const [impersonator, setImpersonator] = useState<Impersonator | undefined>(
|
|
55
|
-
const [loading, setLoading] = useState(
|
|
49
|
+
export const AuthKitProvider = ({ children, onSessionExpired, initialAuth }: AuthKitProviderProps) => {
|
|
50
|
+
const [user, setUser] = useState<User | null>(initialAuth?.user ?? null);
|
|
51
|
+
const [sessionId, setSessionId] = useState<string | undefined>(initialAuth?.sessionId);
|
|
52
|
+
const [organizationId, setOrganizationId] = useState<string | undefined>(initialAuth?.organizationId);
|
|
53
|
+
const [role, setRole] = useState<string | undefined>(initialAuth?.role);
|
|
54
|
+
const [roles, setRoles] = useState<string[] | undefined>(initialAuth?.roles);
|
|
55
|
+
const [permissions, setPermissions] = useState<string[] | undefined>(initialAuth?.permissions);
|
|
56
|
+
const [entitlements, setEntitlements] = useState<string[] | undefined>(initialAuth?.entitlements);
|
|
57
|
+
const [featureFlags, setFeatureFlags] = useState<string[] | undefined>(initialAuth?.featureFlags);
|
|
58
|
+
const [impersonator, setImpersonator] = useState<Impersonator | undefined>(initialAuth?.impersonator);
|
|
59
|
+
const [loading, setLoading] = useState(!initialAuth);
|
|
56
60
|
|
|
57
61
|
const getAuth = useCallback(async ({ ensureSignedIn = false }: { ensureSignedIn?: boolean } = {}) => {
|
|
58
62
|
setLoading(true);
|
|
@@ -128,7 +132,9 @@ export const AuthKitProvider = ({ children, onSessionExpired }: AuthKitProviderP
|
|
|
128
132
|
}, []);
|
|
129
133
|
|
|
130
134
|
useEffect(() => {
|
|
131
|
-
|
|
135
|
+
if (!initialAuth) {
|
|
136
|
+
getAuth();
|
|
137
|
+
}
|
|
132
138
|
|
|
133
139
|
// Return early if the session expired checks are disabled.
|
|
134
140
|
if (onSessionExpired === false) {
|
package/src/session.spec.ts
CHANGED
|
@@ -116,7 +116,7 @@ describe('session.ts', () => {
|
|
|
116
116
|
await expect(async () => {
|
|
117
117
|
await withAuth();
|
|
118
118
|
}).rejects.toThrow(
|
|
119
|
-
|
|
119
|
+
/You are calling 'withAuth' on https:\/\/example\.com\/ that isn't covered by the AuthKit middleware/,
|
|
120
120
|
);
|
|
121
121
|
});
|
|
122
122
|
|
|
@@ -126,9 +126,7 @@ describe('session.ts', () => {
|
|
|
126
126
|
|
|
127
127
|
await expect(async () => {
|
|
128
128
|
await withAuth({ ensureSignedIn: true });
|
|
129
|
-
}).rejects.toThrow(
|
|
130
|
-
"You are calling 'withAuth' on a route that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling 'withAuth' from by updating your middleware config in 'middleware.(js|ts)'.",
|
|
131
|
-
);
|
|
129
|
+
}).rejects.toThrow(/You are calling 'withAuth' on a route that isn't covered by the AuthKit middleware/);
|
|
132
130
|
});
|
|
133
131
|
|
|
134
132
|
it('should throw an error if the URL is not found in the headers', async () => {
|
package/src/session.ts
CHANGED
|
@@ -21,7 +21,7 @@ import { getWorkOS } from './workos.js';
|
|
|
21
21
|
|
|
22
22
|
import type { AuthenticationResponse } from '@workos-inc/node';
|
|
23
23
|
import { parse, tokensToRegexp } from 'path-to-regexp';
|
|
24
|
-
import { lazy, redirectWithFallback } from './utils.js';
|
|
24
|
+
import { lazy, redirectWithFallback, setCachePreventionHeaders } from './utils.js';
|
|
25
25
|
|
|
26
26
|
const sessionHeaderName = 'x-workos-session';
|
|
27
27
|
const middlewareHeaderName = 'x-workos-middleware';
|
|
@@ -30,6 +30,49 @@ const jwtCookieName = 'workos-access-token';
|
|
|
30
30
|
|
|
31
31
|
const JWKS = lazy(() => createRemoteJWKSet(new URL(getWorkOS().userManagement.getJwksUrl(WORKOS_CLIENT_ID))));
|
|
32
32
|
|
|
33
|
+
/**
|
|
34
|
+
* Applies cache security headers with Vary header deduplication.
|
|
35
|
+
* Only applies headers if the request is authenticated (has session, cookie, or Authorization header).
|
|
36
|
+
* Used in middleware where existing Vary headers may already be present.
|
|
37
|
+
* @param headers - The Headers object to set the cache security headers on.
|
|
38
|
+
* @param request - The NextRequest object to check for authentication.
|
|
39
|
+
* @param sessionData - Optional session data to check for authentication.
|
|
40
|
+
*/
|
|
41
|
+
function applyCacheSecurityHeaders(
|
|
42
|
+
headers: Headers,
|
|
43
|
+
request: NextRequest,
|
|
44
|
+
sessionData?: { accessToken?: string } | Session,
|
|
45
|
+
): void {
|
|
46
|
+
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
47
|
+
|
|
48
|
+
// Only apply cache headers for authenticated requests
|
|
49
|
+
if (!sessionData?.accessToken && !request.cookies.has(cookieName) && !request.headers.has('authorization')) {
|
|
50
|
+
return;
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
const varyValues = new Set<string>(['cookie']);
|
|
54
|
+
if (request.headers.has('authorization')) {
|
|
55
|
+
varyValues.add('authorization');
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
const currentVary = headers.get('Vary');
|
|
59
|
+
if (currentVary) {
|
|
60
|
+
currentVary.split(',').forEach((v) => {
|
|
61
|
+
const trimmed = v.trim().toLowerCase();
|
|
62
|
+
if (trimmed) varyValues.add(trimmed);
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
headers.set(
|
|
67
|
+
'Vary',
|
|
68
|
+
Array.from(varyValues)
|
|
69
|
+
.map((v) => v.charAt(0).toUpperCase() + v.slice(1))
|
|
70
|
+
.join(', '),
|
|
71
|
+
);
|
|
72
|
+
|
|
73
|
+
setCachePreventionHeaders(headers);
|
|
74
|
+
}
|
|
75
|
+
|
|
33
76
|
/**
|
|
34
77
|
* Determines if a request is for an initial document load (not API/RSC/prefetch)
|
|
35
78
|
*/
|
|
@@ -120,7 +163,33 @@ async function updateSessionMiddleware(
|
|
|
120
163
|
headers.set(signUpPathsHeaderName, signUpPaths.join(','));
|
|
121
164
|
}
|
|
122
165
|
|
|
166
|
+
applyCacheSecurityHeaders(headers, request, session);
|
|
167
|
+
|
|
168
|
+
// Create a new request with modified headers (for page handlers)
|
|
169
|
+
const requestHeaders = new Headers(request.headers);
|
|
170
|
+
requestHeaders.set(middlewareHeaderName, headers.get(middlewareHeaderName)!);
|
|
171
|
+
requestHeaders.set('x-url', headers.get('x-url')!);
|
|
172
|
+
if (headers.has('x-redirect-uri')) {
|
|
173
|
+
requestHeaders.set('x-redirect-uri', headers.get('x-redirect-uri')!);
|
|
174
|
+
}
|
|
175
|
+
if (headers.has(signUpPathsHeaderName)) {
|
|
176
|
+
requestHeaders.set(signUpPathsHeaderName, headers.get(signUpPathsHeaderName)!);
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
// Pass session to page handlers via request header
|
|
180
|
+
// This ensures handlers see refreshed sessions immediately (before Set-Cookie reaches browser)
|
|
181
|
+
const sessionHeader = headers.get(sessionHeaderName);
|
|
182
|
+
if (sessionHeader) {
|
|
183
|
+
requestHeaders.set(sessionHeaderName, sessionHeader);
|
|
184
|
+
}
|
|
185
|
+
|
|
186
|
+
// Remove session header from response headers to prevent leakage
|
|
187
|
+
headers.delete(sessionHeaderName);
|
|
188
|
+
|
|
123
189
|
return NextResponse.next({
|
|
190
|
+
request: {
|
|
191
|
+
headers: requestHeaders,
|
|
192
|
+
},
|
|
124
193
|
headers,
|
|
125
194
|
});
|
|
126
195
|
}
|
|
@@ -172,6 +241,8 @@ async function updateSession(
|
|
|
172
241
|
|
|
173
242
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
174
243
|
|
|
244
|
+
applyCacheSecurityHeaders(newRequestHeaders, request, session);
|
|
245
|
+
|
|
175
246
|
if (hasValidSession) {
|
|
176
247
|
newRequestHeaders.set(sessionHeaderName, request.cookies.get(cookieName)!.value);
|
|
177
248
|
|
|
@@ -488,7 +559,7 @@ async function getSessionFromHeader(): Promise<Session | undefined> {
|
|
|
488
559
|
if (!hasMiddleware) {
|
|
489
560
|
const url = headersList.get('x-url');
|
|
490
561
|
throw new Error(
|
|
491
|
-
`You are calling 'withAuth' on ${url ?? 'a route'} that isn
|
|
562
|
+
`You are calling 'withAuth' on ${url ?? 'a route'} that isn't covered by the AuthKit middleware. Make sure it is running on all paths you are calling 'withAuth' from by updating your middleware config in 'middleware.(js|ts)'.`,
|
|
492
563
|
);
|
|
493
564
|
}
|
|
494
565
|
|
package/src/utils.ts
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
2
|
|
|
3
|
+
/**
|
|
4
|
+
* Sets cache prevention headers to prevent CDN/proxy caching.
|
|
5
|
+
* @param headers - The Headers object to set the cache prevention headers on.
|
|
6
|
+
*/
|
|
7
|
+
export function setCachePreventionHeaders(headers: Headers): void {
|
|
8
|
+
headers.set('Cache-Control', 'private, no-cache, no-store, must-revalidate, max-age=0');
|
|
9
|
+
headers.set('Pragma', 'no-cache');
|
|
10
|
+
headers.set('Expires', '0');
|
|
11
|
+
headers.set('x-middleware-cache', 'no-cache');
|
|
12
|
+
}
|
|
13
|
+
|
|
3
14
|
export function redirectWithFallback(redirectUri: string, headers?: Headers) {
|
|
4
15
|
const newHeaders = headers ? new Headers(headers) : new Headers();
|
|
5
16
|
newHeaders.set('Location', redirectUri);
|
package/src/workos.ts
CHANGED
|
@@ -2,7 +2,7 @@ import { WorkOS } from '@workos-inc/node';
|
|
|
2
2
|
import { WORKOS_API_HOSTNAME, WORKOS_API_KEY, WORKOS_API_HTTPS, WORKOS_API_PORT } from './env-variables.js';
|
|
3
3
|
import { lazy } from './utils.js';
|
|
4
4
|
|
|
5
|
-
export const VERSION = '2.
|
|
5
|
+
export const VERSION = '2.12.0';
|
|
6
6
|
|
|
7
7
|
const options = {
|
|
8
8
|
apiHostname: WORKOS_API_HOSTNAME,
|