@propelauth/nextjs - npm Package Compare versions

Comparing version 0.0.98 to 0.0.100

dist/server/app-router/index.js

@@ -297,3 +297,3 @@ "use strict";
       };
-    } else if (response.status === 400) {
+    } else if (response.status === 400 || response.status === 401) {
       return { error: "unauthorized" };
@@ -389,3 +389,3 @@ } else {
       throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
-    } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH) {
+    } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
       return import_server.NextResponse.next();
@@ -395,24 +395,2 @@ }
     const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
-    if (req.nextUrl.pathname === USERINFO_PATH && refreshToken) {
-      const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
-      if (response.error === "unexpected") {
-        throw new Error("Unexpected error while refreshing access token");
-      } else if (response.error === "unauthorized") {
-        const headers2 = new Headers();
-        headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
-        headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
-        return new Response("Unauthorized", { status: 401, headers: headers2 });
-      } else {
-        const headers2 = new Headers(req.headers);
-        headers2.append(CUSTOM_HEADER_FOR_ACCESS_TOKEN, response.accessToken);
-        const nextResponse = import_server.NextResponse.next({
-          request: {
-            headers: headers2
-          }
-        });
-        nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS);
-        nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS);
-        return nextResponse;
-      }
-    }
     if (accessToken) {
@@ -480,3 +458,2 @@ const user = yield validateAccessTokenOrUndefined(accessToken);
       if (!oauthState || oauthState.length !== 64) {
-        console.log("No oauth state found");
         return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -488,3 +465,2 @@ }
       if (state !== oauthState) {
-        console.log("Mismatch between states, redirecting to login");
         return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -531,4 +507,15 @@ }
       var _a;
-      const accessToken = req.headers.get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
-      if (accessToken) {
+      const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
+      if (oldRefreshToken) {
+        const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
+        if (refreshResponse.error === "unexpected") {
+          throw new Error("Unexpected error while refreshing access token");
+        } else if (refreshResponse.error === "unauthorized") {
+          const headers3 = new Headers();
+          headers3.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
+          headers3.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
+          return new Response("Unauthorized", { status: 401, headers: headers3 });
+        }
+        const refreshToken = refreshResponse.refreshToken;
+        const accessToken = refreshResponse.accessToken;
         const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
@@ -549,10 +536,18 @@ const response = yield fetch(path, {
           };
+          const headers3 = new Headers();
+          headers3.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`);
+          headers3.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`);
+          headers3.append("Content-Type", "application/json");
           return new Response(JSON.stringify(jsonResponse), {
             status: 200,
-            headers: {
-              "Content-Type": "application/json"
-            }
+            headers: headers3
           });
         } else if (response.status === 401) {
-          return new Response(null, { status: 401 });
+          const headers3 = new Headers();
+          headers3.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
+          headers3.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
+          return new Response(null, {
+            status: 401,
+            headers: headers3
+          });
         } else {
@@ -562,10 +557,55 @@ return new Response(null, { status: 500 });
       }
+      const headers2 = new Headers();
+      headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
+      headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
       return new Response(null, { status: 401 });
     });
   }
+  function logoutGetHandler(req) {
+    return __async(this, null, function* () {
+      var _a;
+      const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
+      if (!path) {
+        console.log("postLoginPathFn returned undefined");
+        return new Response("Unexpected error", { status: 500 });
+      }
+      const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
+      if (!refreshToken) {
+        const headers2 = new Headers();
+        headers2.append("Location", path);
+        headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
+        headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
+        return new Response(null, {
+          status: 302,
+          headers: headers2
+        });
+      }
+      const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
+      if (refreshResponse.error === "unexpected") {
+        console.error("Unexpected error while refreshing access token");
+        return new Response("Unexpected error", { status: 500 });
+      } else if (refreshResponse.error === "unauthorized") {
+        const headers2 = new Headers();
+        headers2.append("Location", path);
+        headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
+        headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
+        return new Response(null, {
+          status: 302,
+          headers: headers2
+        });
+      } else {
+        const headers2 = new Headers();
+        headers2.append("Location", path);
+        return new Response(null, {
+          status: 302,
+          headers: headers2
+        });
+      }
+    });
+  }
   function logoutPostHandler(req) {
     return __async(this, null, function* () {
       var _a;
-      const refresh_token = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
-      if (!refresh_token) {
+      const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
+      if (!refreshToken) {
         const headers3 = new Headers();
@@ -576,3 +616,3 @@ headers3.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
       }
-      const logoutBody = { refresh_token };
+      const logoutBody = { refresh_token: refreshToken };
       const url = `${authUrlOrigin}/api/backend/v1/logout`;
@@ -609,2 +649,4 @@ const response = yield fetch(url, {
       return userinfoGetHandler(req);
+    } else if (params.slug === "logout") {
+      return logoutGetHandler(req);
     } else {
@@ -611,0 +653,0 @@ return new Response("", { status: 404 });

dist/server/pages/index.d.ts

@@ -45,5 +45,5 @@ import { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next';
 
-declare function getUserFromServerSideProps(props: GetServerSidePropsContext): Promise<UserFromToken | undefined>;
+declare function getUserFromServerSideProps(props: GetServerSidePropsContext, forceRefresh?: boolean): Promise<UserFromToken | undefined>;
 declare function getUserFromApiRouteRequest(req: NextApiRequest, res: NextApiResponse): Promise<UserFromToken | undefined>;
 
 export { getUserFromApiRouteRequest, getUserFromServerSideProps };

dist/server/pages/index.js

@@ -268,3 +268,3 @@ "use strict";
       };
-    } else if (response.status === 400) {
+    } else if (response.status === 400 || response.status === 401) {
       return { error: "unauthorized" };
@@ -325,7 +325,7 @@ } else {
 // src/server/pages.ts
-function getUserFromServerSideProps(props) {
+function getUserFromServerSideProps(props, forceRefresh = false) {
   return __async(this, null, function* () {
     const accessToken = props.req.cookies[ACCESS_TOKEN_COOKIE_NAME];
     const refreshToken = props.req.cookies[REFRESH_TOKEN_COOKIE_NAME];
-    if (accessToken) {
+    if (accessToken && !forceRefresh) {
       const user = yield validateAccessTokenOrUndefined(accessToken);
@@ -332,0 +332,0 @@ if (user) {

package.json

 {
   "name": "@propelauth/nextjs",
-  "version": "0.0.98",
+  "version": "0.0.100",
   "exports": {
@@ -5,0 +5,0 @@ "./server": {

No alert changes

Improved metrics

Total package byte prevSize

389202

increased by3.49%

Lines of code

4224

increased by2.03%

No dependency changes