oidc-spa 8.3.5 → 8.3.7

package/src/core/earlyInit.ts

@@ -1,7 +1,6 @@
 import { getStateData, getIsStatQueryParamValue } from "./StateData";
 import { assert, type Equals } from "../tools/tsafe/assert";
 import type { AuthResponse } from "./AuthResponse";
-import { setOidcRequiredPostHydrationReplaceNavigationUrl } from "./requiredPostHydrationReplaceNavigationUrl";
 import { setBASE_URL } from "./BASE_URL";
 import { resolvePrShouldLoadApp } from "./prShouldLoadApp";
 import { isBrowser } from "../tools/isBrowser";
@@ -17,7 +16,6 @@ export function oidcEarlyInit(params: {
     freezeWebSocket?: boolean;
     freezePromise?: boolean;
     safeMode?: boolean;
-    isPostLoginRedirectManual?: boolean;
     BASE_URL?: string;
 }) {
     if (hasEarlyInitBeenCalled) {
@@ -36,11 +34,10 @@ export function oidcEarlyInit(params: {
         freezeWebSocket,
         freezePromise,
         safeMode = false,
-        isPostLoginRedirectManual = false,
         BASE_URL
     } = params;
 
-    const { shouldLoadApp } = handleOidcCallback({ isPostLoginRedirectManual });
+    const { shouldLoadApp } = handleOidcCallback();
 
     if (shouldLoadApp) {
         const createWriteError = (target: string) =>
@@ -160,8 +157,6 @@ export function oidcEarlyInit(params: {
                 }
             }
 
-            Object.freeze(original);
-
             Object.defineProperty(window, name, {
                 configurable: false,
                 enumerable: true,
@@ -287,11 +282,9 @@ export function getRootRelativeOriginalLocationHref() {
     return rootRelativeOriginalLocationHref;
 }
 
-function handleOidcCallback(params: { isPostLoginRedirectManual?: boolean }): {
+function handleOidcCallback(): {
     shouldLoadApp: boolean;
 } {
-    const { isPostLoginRedirectManual } = params;
-
     const location_urlObj = new URL(window.location.href);
 
     const locationHrefAssessment = (() => {
@@ -392,7 +385,6 @@ function handleOidcCallback(params: { isPostLoginRedirectManual?: boolean }): {
             return { shouldLoadApp: false };
         case "redirect": {
             redirectAuthResponse = authResponse;
-
             const rootRelativeRedirectUrl = (() => {
                 if (stateData.action === "login" && authResponse.error === "consent_required") {
                     return stateData.rootRelativeRedirectUrl_consentRequiredCase;
@@ -400,13 +392,7 @@ function handleOidcCallback(params: { isPostLoginRedirectManual?: boolean }): {
                 return stateData.rootRelativeRedirectUrl;
             })();
 
-            if (isPostLoginRedirectManual) {
-                setOidcRequiredPostHydrationReplaceNavigationUrl({ rootRelativeRedirectUrl });
-                history.replaceState({}, "", rootRelativeOriginalLocationHref);
-            } else {
-                history.replaceState({}, "", rootRelativeRedirectUrl);
-            }
-
+            history.replaceState({}, "", rootRelativeRedirectUrl);
             return { shouldLoadApp: true };
         }
         default:

package/src/core/loginOrGoToAuthServer.ts

@@ -8,6 +8,7 @@ import { createStatefulEvt } from "../tools/StatefulEvt";
 import { Deferred } from "../tools/Deferred";
 import { addOrUpdateSearchParam, getAllSearchParams } from "../tools/urlSearchParams";
 import { getIsOnline } from "../tools/getIsOnline";
+import { setStateDataCookieIfEnabled } from "./StateDataCookie";
 
 const globalContext = {
     evtHasLoginBeenCalled: createStatefulEvt(() => false)
@@ -65,7 +66,9 @@ export function createLoginOrGoToAuthServer(params: {
     getExtraTokenParams: (() => Record<string, string | undefined>) | undefined;
 
     homeUrl: string;
+    stateUrlParamValue_instance: string;
     evtInitializationOutcomeUserNotLoggedIn: NonPostableEvt<void>;
+
     log: typeof console.log | undefined;
 }) {
     const {
@@ -78,6 +81,7 @@ export function createLoginOrGoToAuthServer(params: {
         getExtraTokenParams,
 
         homeUrl,
+        stateUrlParamValue_instance,
         evtInitializationOutcomeUserNotLoggedIn,
 
         log
@@ -204,20 +208,32 @@ export function createLoginOrGoToAuthServer(params: {
 
         log?.(`redirectUrl: ${rootRelativeRedirectUrl}`);
 
-        const stateData: StateData = {
+        const rootRelativeRedirectUrl_consentRequiredCase = (() => {
+            switch (rest.action) {
+                case "login":
+                    return (lastPublicUrl ?? homeUrl).slice(window.location.origin.length);
+                case "go to auth server":
+                    return rootRelativeRedirectUrl;
+            }
+        })();
+
+        setStateDataCookieIfEnabled({
+            homeUrl,
+            stateUrlParamValue_instance,
+            stateDataCookie: {
+                action: "login",
+                rootRelativeRedirectUrl,
+                rootRelativeRedirectUrl_consentRequiredCase
+            }
+        });
+
+        const stateData: StateData.Redirect = {
             context: "redirect",
             rootRelativeRedirectUrl,
             extraQueryParams: {},
             configId,
             action: "login",
-            rootRelativeRedirectUrl_consentRequiredCase: (() => {
-                switch (rest.action) {
-                    case "login":
-                        return (lastPublicUrl ?? homeUrl).slice(window.location.origin.length);
-                    case "go to auth server":
-                        return rootRelativeRedirectUrl;
-                }
-            })()
+            rootRelativeRedirectUrl_consentRequiredCase
         };
 
         const isSilent = rest.action === "login" && rest.interaction === "ensure no interaction";

package/src/entrypoint.ts

@@ -1,2 +1 @@
 export { oidcEarlyInit } from "./core/earlyInit";
-export { getOidcRequiredPostHydrationReplaceNavigationUrl } from "./core/requiredPostHydrationReplaceNavigationUrl";

package/src/tanstack-start/react/createOidcSpaApi.tsx

@@ -25,6 +25,7 @@ import { toFullyQualifiedUrl } from "../../tools/toFullyQualifiedUrl";
 import { BEFORE_LOAD_FN_BRAND_PROPERTY_NAME } from "./disableSsrIfLoginEnforced";
 import { setDesiredPostLoginRedirectUrl } from "../../core/desiredPostLoginRedirectUrl";
 import type { MaybeAsync } from "../../tools/MaybeAsync";
+import { enableStateDataCookie } from "../../core/StateDataCookie";
 
 export function createOidcSpaApi<
     AutoLogin extends boolean,
@@ -640,6 +641,8 @@ export function createOidcSpaApi<
                     break;
                 case "real":
                     {
+                        enableStateDataCookie();
+
                         const { createOidc } = await prModuleCore;
 
                         let oidcCoreOrInitializationError:

package/src/tanstack-start/react/index.ts

@@ -1,5 +1,5 @@
-export { withHandlingOidcPostLoginNavigation } from "./withHandlingOidcPostLoginNavigation";
 export { __disableSsrIfLoginEnforced } from "./disableSsrIfLoginEnforced";
+export { __withOidcSpaServerEntry } from "./withOidcSpaServerEntry";
 export type * from "./types";
 import { oidcSpaApiBuilder } from "./apiBuilder";
 

package/src/tanstack-start/react/withOidcSpaServerEntry.ts

@@ -0,0 +1,60 @@
+import type { Register } from "@tanstack/react-router";
+// NOTE: This is actually "@tanstack/react-start/server" but since our module is not labeled as ESM we import it from here.
+// it does not matter since it's type level only.
+import type { RequestHandler } from "@tanstack/react-start-server";
+import { getStateDataCookies } from "../../core/StateDataCookie";
+
+export function __withOidcSpaServerEntry<T extends { fetch: RequestHandler<Register> }>(
+    serverEntry_original: T
+): T {
+    return {
+        ...serverEntry_original,
+        fetch: async (request, requestOpts) => {
+            render_deepLink_instead_of_home_on_authResponse: {
+                const url = new URL(request.url);
+
+                const stateUrlParamValue = url.searchParams.get("state");
+
+                if (stateUrlParamValue === null) {
+                    break render_deepLink_instead_of_home_on_authResponse;
+                }
+
+                const { stateDataCookies } = getStateDataCookies({
+                    cookieHeaderParamValue: request.headers.get("cookie")
+                });
+
+                const entry = stateDataCookies.find(
+                    entry => entry.stateUrlParamValue === stateUrlParamValue
+                );
+
+                if (entry === undefined) {
+                    break render_deepLink_instead_of_home_on_authResponse;
+                }
+
+                const { stateDataCookie } = entry;
+
+                const rootRelativeRedirectUrl = (() => {
+                    if (
+                        stateDataCookie.action === "login" &&
+                        url.searchParams.get("error") === "consent_required"
+                    ) {
+                        return stateDataCookie.rootRelativeRedirectUrl_consentRequiredCase;
+                    }
+                    return stateDataCookie.rootRelativeRedirectUrl;
+                })();
+
+                url.pathname = "/";
+                url.search = "";
+                url.hash = "";
+
+                const url_str_new = `${url.href.slice(0, -1)}${rootRelativeRedirectUrl}`;
+
+                const request_new = new Request(url_str_new, request);
+
+                return serverEntry_original.fetch(request_new, requestOpts);
+            }
+
+            return serverEntry_original.fetch(request, requestOpts);
+        }
+    };
+}

package/src/vite-plugin/handleClientEntrypoint.ts

@@ -1,14 +1,18 @@
 import type { OidcSpaVitePluginParams } from "./vite-plugin";
 import type { ResolvedConfig } from "vite";
 import type { PluginContext } from "rollup";
-import { existsSync } from "node:fs";
 import { promises as fs } from "node:fs";
 import * as path from "node:path";
-import { fileURLToPath } from "node:url";
-import { normalizePath } from "vite";
 import { assert } from "../tools/tsafe/assert";
 import type { Equals } from "../tools/tsafe/Equals";
 import type { ProjectType } from "./projectType";
+import {
+    resolveCandidate,
+    resolvePackageFile,
+    normalizeAbsolute,
+    splitId,
+    normalizeRequestPath
+} from "./utils";
 
 type EntryResolution = {
     absolutePath: string;
@@ -29,7 +33,7 @@ const REACT_ROUTER_ENTRY_CANDIDATES = [
 
 const TANSTACK_ENTRY_CANDIDATES = ["client.tsx", "client.ts", "client.jsx", "client.js"];
 
-export function createLoadHandleEntrypoint(params: {
+export function createHandleClientEntrypoint(params: {
     oidcSpaVitePluginParams: OidcSpaVitePluginParams;
     resolvedConfig: ResolvedConfig;
     projectType: ProjectType;
@@ -41,7 +45,7 @@ export function createLoadHandleEntrypoint(params: {
         projectType
     });
 
-    async function loadHandleEntrypoint(params: {
+    async function load_handleClientEntrypoint(params: {
         id: string;
         pluginContext: PluginContext;
     }): Promise<null | string> {
@@ -77,7 +81,6 @@ export function createLoadHandleEntrypoint(params: {
             `    freezeWebSocket: ${freezeWebSocket},`,
             `    freezePromise: ${freezePromise},`,
             `    safeMode: ${safeMode},`,
-            `    isPostLoginRedirectManual: ${projectType === "tanstack-start"},`,
             `    BASE_URL: "${resolvedConfig.base}"`,
             `});`,
             ``,
@@ -93,7 +96,7 @@ export function createLoadHandleEntrypoint(params: {
         return stubSourceCache;
     }
 
-    return loadHandleEntrypoint;
+    return { load_handleClientEntrypoint };
 }
 
 function resolveEntryForProject({
@@ -192,63 +195,3 @@ function loadOriginalModule(
     entry.watchFiles.forEach(file => context.addWatchFile(file));
     return fs.readFile(entry.absolutePath, "utf8");
 }
-
-function resolveCandidate({
-    root,
-    subDirectories,
-    filenames
-}: {
-    root: string;
-    subDirectories: string[];
-    filenames: string[];
-}): string | undefined {
-    for (const subDirectory of subDirectories) {
-        for (const filename of filenames) {
-            const candidate = path.resolve(root, subDirectory, filename);
-            if (existsSync(candidate)) {
-                return candidate;
-            }
-        }
-    }
-    return undefined;
-}
-
-function resolvePackageFile(packageName: string, segments: string[]): string {
-    const pkgPath = require.resolve(`${packageName}/package.json`);
-    return path.resolve(path.dirname(pkgPath), ...segments);
-}
-
-function normalizeAbsolute(filePath: string): string {
-    return normalizePath(filePath);
-}
-
-function splitId(id: string): { path: string; queryParams: URLSearchParams } {
-    const queryIndex = id.indexOf("?");
-    if (queryIndex === -1) {
-        return { path: id, queryParams: new URLSearchParams() };
-    }
-
-    const pathPart = id.slice(0, queryIndex);
-    const queryString = id.slice(queryIndex + 1);
-    return { path: pathPart, queryParams: new URLSearchParams(queryString) };
-}
-
-function normalizeRequestPath(id: string): string {
-    let requestPath = id;
-
-    if (requestPath.startsWith("\0")) {
-        requestPath = requestPath.slice(1);
-    }
-
-    if (requestPath.startsWith("/@fs/")) {
-        requestPath = requestPath.slice("/@fs/".length);
-    } else if (requestPath.startsWith("file://")) {
-        requestPath = fileURLToPath(requestPath);
-    }
-
-    if (path.isAbsolute(requestPath) || requestPath.startsWith(".")) {
-        return normalizePath(requestPath);
-    }
-
-    return normalizePath(requestPath);
-}

package/src/vite-plugin/handleServerEntrypoint.ts

@@ -0,0 +1,129 @@
+import type { ResolvedConfig } from "vite";
+import type { PluginContext } from "rollup";
+import { promises as fs } from "node:fs";
+import * as path from "node:path";
+import { assert } from "../tools/tsafe/assert";
+import type { Equals } from "../tools/tsafe/Equals";
+import type { ProjectType } from "./projectType";
+import {
+    resolveCandidate,
+    resolvePackageFile,
+    normalizeAbsolute,
+    splitId,
+    normalizeRequestPath
+} from "./utils";
+
+type EntryResolution = {
+    absolutePath: string;
+    normalizedPath: string;
+    watchFiles: string[];
+};
+
+const ORIGINAL_QUERY_PARAM = "oidc-spa-original";
+
+export function createHandleServerEntrypoint(params: {
+    resolvedConfig: ResolvedConfig;
+    projectType: ProjectType;
+}) {
+    const { resolvedConfig, projectType } = params;
+
+    const entryResolution = resolveEntryForProject({
+        config: resolvedConfig,
+        projectType
+    });
+
+    async function load_handleServerEntrypoint(params: {
+        id: string;
+        pluginContext: PluginContext;
+    }): Promise<null | string> {
+        if (entryResolution === undefined) {
+            return null;
+        }
+
+        const { id, pluginContext } = params;
+        const { path: rawPath, queryParams } = splitId(id);
+        const normalizedRequestPath = normalizeRequestPath(rawPath);
+        if (!normalizedRequestPath) {
+            return null;
+        }
+
+        if (normalizedRequestPath !== entryResolution.normalizedPath) {
+            return null;
+        }
+
+        const isOriginalRequest = queryParams.getAll(ORIGINAL_QUERY_PARAM).includes("true");
+
+        if (isOriginalRequest) {
+            return loadOriginalModule(entryResolution, pluginContext);
+        }
+
+        entryResolution.watchFiles.forEach(file => pluginContext.addWatchFile(file));
+
+        const stubSourceCache = [
+            `import serverEntry_original from "./${path.basename(
+                entryResolution.absolutePath
+            )}?${ORIGINAL_QUERY_PARAM}=true";`,
+            `import { __withOidcSpaServerEntry } from "oidc-spa/react-tanstack-start";`,
+            ``,
+            `const serverEntry = __withOidcSpaServerEntry(serverEntry_original);`,
+            ``,
+            `export default serverEntry;`
+        ].join("\n");
+
+        return stubSourceCache;
+    }
+
+    return { load_handleServerEntrypoint };
+}
+
+function resolveEntryForProject({
+    config,
+    projectType
+}: {
+    config: ResolvedConfig;
+    projectType: ProjectType;
+}): EntryResolution | undefined {
+    const root = config.root;
+
+    switch (projectType) {
+        case "tanstack-start": {
+            const candidate = resolveCandidate({
+                root,
+                subDirectories: ["src"],
+                filenames: ["server.ts", "server.js", "server.tsx", "server.jsx"]
+            });
+
+            const entryPath =
+                candidate ??
+                resolvePackageFile("@tanstack/react-start", [
+                    "dist",
+                    "plugin",
+                    "default-entry",
+                    "server.ts"
+                ]);
+
+            const normalized = normalizeAbsolute(entryPath);
+
+            const resolution: EntryResolution = {
+                absolutePath: entryPath,
+                normalizedPath: normalized,
+                watchFiles: [entryPath]
+            };
+
+            return resolution;
+        }
+        case "react-router-framework":
+        case "other":
+            return undefined;
+        default:
+            assert<Equals<typeof projectType, never>>(false);
+    }
+}
+
+function loadOriginalModule(
+    entry: EntryResolution,
+    context: { addWatchFile(id: string): void }
+): Promise<string> {
+    entry.watchFiles.forEach(file => context.addWatchFile(file));
+    return fs.readFile(entry.absolutePath, "utf8");
+}

package/src/vite-plugin/transformTanstackRouterCreateFileRoute.ts

@@ -4,8 +4,6 @@ import { babelParser, babelTraverse, babelTypes as t } from "../vendor/build-run
 const DISABLE_SSR_SPECIFIER = "__disableSsrIfLoginEnforced";
 const DISABLE_SSR_SOURCE = "oidc-spa/react-tanstack-start";
 const CREATE_FILE_ROUTE_IDENTIFIER = "createFileRoute";
-const POST_LOGIN_IMPORT_SPECIFIER = "withHandlingOidcPostLoginNavigation";
-const POST_LOGIN_IMPORT_SOURCE = "oidc-spa/react-tanstack-start";
 
 type TransformParams = {
     code: string;
@@ -38,9 +36,7 @@ export function transformCreateFileRoute(params: TransformParams): TransformResu
     const magicString = new MagicString(code);
     let hasCreateFileRouteImport = false;
     let hasEnableImport = false;
-    let hasPostLoginImport = false;
     let requiresEnableImport = false;
-    let requiresPostLoginImport = false;
     let lastImportEnd: number | undefined;
     let mutated = false;
 
@@ -79,18 +75,6 @@ export function transformCreateFileRoute(params: TransformParams): TransformResu
                     hasEnableImport = true;
                 }
             }
-
-            if (sourceValue === POST_LOGIN_IMPORT_SOURCE) {
-                if (
-                    path.node.specifiers.some(
-                        specifier =>
-                            t.isImportSpecifier(specifier) &&
-                            t.isIdentifier(specifier.imported, { name: POST_LOGIN_IMPORT_SPECIFIER })
-                    )
-                ) {
-                    hasPostLoginImport = true;
-                }
-            }
         },
         CallExpression(path) {
             const callee = path.get("callee");
@@ -128,33 +112,6 @@ export function transformCreateFileRoute(params: TransformParams): TransformResu
                 }
             }
 
-            const innerArgs = callee.node.arguments ?? [];
-            const isRootRoute =
-                innerArgs.length > 0 && t.isStringLiteral(innerArgs[0]) && innerArgs[0].value === "/";
-
-            if (isRootRoute) {
-                const componentProp = findComponentProperty(configNode);
-                if (componentProp) {
-                    const valueNode = componentProp.value as t.Expression;
-
-                    if (!isWrappedWithHandling(valueNode)) {
-                        const start = valueNode.start ?? undefined;
-                        const end = valueNode.end ?? undefined;
-
-                        if (typeof start === "number" && typeof end === "number") {
-                            const original = code.slice(start, end);
-                            magicString.overwrite(
-                                start,
-                                end,
-                                `${POST_LOGIN_IMPORT_SPECIFIER}(${original})`
-                            );
-                            requiresPostLoginImport = true;
-                            localMutated = true;
-                        }
-                    }
-                }
-            }
-
             if (localMutated) {
                 mutated = true;
             }
@@ -171,12 +128,6 @@ export function transformCreateFileRoute(params: TransformParams): TransformResu
         importStatements.push(`import { ${DISABLE_SSR_SPECIFIER} } from "${DISABLE_SSR_SOURCE}";`);
     }
 
-    if (requiresPostLoginImport && !hasPostLoginImport) {
-        importStatements.push(
-            `import { ${POST_LOGIN_IMPORT_SPECIFIER} } from "${POST_LOGIN_IMPORT_SOURCE}";`
-        );
-    }
-
     if (importStatements.length > 0) {
         const insertionPoint = lastImportEnd ?? 0;
         const prefix = insertionPoint === 0 ? "" : "\n";
@@ -190,15 +141,6 @@ export function transformCreateFileRoute(params: TransformParams): TransformResu
     };
 }
 
-function findComponentProperty(node: t.ObjectExpression): t.ObjectProperty | undefined {
-    return node.properties.find(
-        prop =>
-            t.isObjectProperty(prop) &&
-            ((t.isIdentifier(prop.key) && prop.key.name === "component") ||
-                (t.isStringLiteral(prop.key) && prop.key.value === "component"))
-    ) as t.ObjectProperty | undefined;
-}
-
 function objectContainsLoaderOrBeforeLoad(node: t.ObjectExpression): boolean {
     return node.properties.some(prop => {
         if (!t.isObjectProperty(prop)) {
@@ -218,12 +160,6 @@ function objectContainsLoaderOrBeforeLoad(node: t.ObjectExpression): boolean {
     });
 }
 
-function isWrappedWithHandling(node: t.Node): boolean {
-    return (
-        t.isCallExpression(node) && t.isIdentifier(node.callee, { name: POST_LOGIN_IMPORT_SPECIFIER })
-    );
-}
-
 function isCandidateFile(id: string): boolean {
     if (id.includes("node_modules")) {
         return false;

package/src/vite-plugin/utils.ts

@@ -0,0 +1,64 @@
+import { existsSync } from "node:fs";
+import * as path from "node:path";
+import { fileURLToPath } from "node:url";
+import { normalizePath } from "vite";
+
+export function resolveCandidate({
+    root,
+    subDirectories,
+    filenames
+}: {
+    root: string;
+    subDirectories: string[];
+    filenames: string[];
+}): string | undefined {
+    for (const subDirectory of subDirectories) {
+        for (const filename of filenames) {
+            const candidate = path.resolve(root, subDirectory, filename);
+            if (existsSync(candidate)) {
+                return candidate;
+            }
+        }
+    }
+    return undefined;
+}
+
+export function resolvePackageFile(packageName: string, segments: string[]): string {
+    const pkgPath = require.resolve(`${packageName}/package.json`);
+    return path.resolve(path.dirname(pkgPath), ...segments);
+}
+
+export function normalizeAbsolute(filePath: string): string {
+    return normalizePath(filePath);
+}
+
+export function splitId(id: string): { path: string; queryParams: URLSearchParams } {
+    const queryIndex = id.indexOf("?");
+    if (queryIndex === -1) {
+        return { path: id, queryParams: new URLSearchParams() };
+    }
+
+    const pathPart = id.slice(0, queryIndex);
+    const queryString = id.slice(queryIndex + 1);
+    return { path: pathPart, queryParams: new URLSearchParams(queryString) };
+}
+
+export function normalizeRequestPath(id: string): string {
+    let requestPath = id;
+
+    if (requestPath.startsWith("\0")) {
+        requestPath = requestPath.slice(1);
+    }
+
+    if (requestPath.startsWith("/@fs/")) {
+        requestPath = requestPath.slice("/@fs/".length);
+    } else if (requestPath.startsWith("file://")) {
+        requestPath = fileURLToPath(requestPath);
+    }
+
+    if (path.isAbsolute(requestPath) || requestPath.startsWith(".")) {
+        return normalizePath(requestPath);
+    }
+
+    return normalizePath(requestPath);
+}