Merge branch 'master' into release/next

packages/nextjs/src/app/FronteggAppProvider.tsx

@@ -6,6 +6,8 @@ import fetchUserData from '../utils/fetchUserData';
 import { ClientFronteggProviderProps } from '../types';
 import { getAppUrlForCustomLoginWithSubdomain } from './getAppUrlForCustomLoginWithSubdomain';
 import { removeJwtSignatureFrom } from '../middleware/helpers';
+import fronteggLogger from '../utils/fronteggLogger';
+import { FRONTEGG_HOSTED_LOGIN_MIGRATION_WARNING } from './consts';
 
 export type FronteggAppProviderProps = PropsWithChildren<
   Omit<ClientFronteggProviderProps, 'contextOptions' | 'envAppUrl' | 'envBaseUrl' | 'envClientId'>
@@ -15,17 +17,23 @@ export const FronteggAppProvider = async (options: FronteggAppProviderProps) =>
   const { envAppUrl, ...appEnvConfig } = config.appEnvConfig;
   let userData = await fetchUserData({ getSession: getAppSession, getHeaders: getAppHeaders });
   const subDomainAppUrl = await getAppUrlForCustomLoginWithSubdomain(options.customLoginOptions?.subDomainIndex);
+  const logger = fronteggLogger.child({ tag: 'FronteggAppProvider' });
 
   if (process.env['FRONTEGG_SECURE_JWT_ENABLED'] === 'true' && userData) {
     userData = removeJwtSignatureFrom(userData);
     userData.session = removeJwtSignatureFrom(userData?.session);
   }
+  if (Object.hasOwn(options, 'hostedLoginBox')) {
+    logger.warn(FRONTEGG_HOSTED_LOGIN_MIGRATION_WARNING);
+  }
+
   const providerProps = {
     ...appEnvConfig,
     ...userData,
     ...options,
     envAppUrl: subDomainAppUrl ?? envAppUrl,
     secureJwtEnabled: options.secureJwtEnabled ?? false,
+    hostedLoginBox: appEnvConfig.envHostedLoginBox ?? options.hostedLoginBox ?? false,
   };
 
   return <ClientFronteggProvider {...providerProps} />;

packages/nextjs/src/app/consts.ts

@@ -0,0 +1 @@
+export const FRONTEGG_HOSTED_LOGIN_MIGRATION_WARNING = `\n**Deprecated**: The 'hostedLoginBox' prop is deprecated in frontegg NextJS SKD and will be removed in the next major version. Please use 'FRONTEGG_HOSTED_LOGIN' environment variable instead.`;

packages/nextjs/src/edge/getSessionOnEdge.ts

@@ -1,5 +1,5 @@
 import type { IncomingMessage } from 'http';
-import { FronteggEdgeSession } from '../types';
+import { FronteggEdgeSession, FronteggNextJSSession } from '../types';
 import CookieManager from '../utils/cookies';
 import createSession from '../utils/createSession';
 import encryptionEdge from '../utils/encryption-edge';
@@ -40,12 +40,15 @@ export const handleSessionOnEdge = async (params: HandleSessionOnEdge): Promise<
   if (edgeSession.headers) {
     return NextResponse.next({
       headers: edgeSession.headers,
+      request: {
+        headers: edgeSession.forwardedHeaders,
+      },
     });
   }
   return NextResponse.next();
 };
 
-const GET_SESSION_ON_EDGE_DEPRECATED_ERROR = `Deprecation Notice: getSessionOnEdge has been deprecated. Please use handleSessionOnEdge instead. For example:
+const GET_SESSION_ON_EDGE_DEPRECATED_WARN = `Deprecation Notice: getSessionOnEdge has been deprecated. Please use handleSessionOnEdge instead. For example:
 
 file: middleware.ts
 \`\`\`ts
@@ -93,8 +96,17 @@ Alternatively, to manually verify the session, you can use checkSessionOnEdge. N
  * ```
  * @deprecated
  */
-export const getSessionOnEdge = async (req: IncomingMessage | Request): Promise<FronteggEdgeSession | undefined> => {
-  throw new Error(GET_SESSION_ON_EDGE_DEPRECATED_ERROR);
+
+export const getSessionOnEdge = (
+  req: IncomingMessage | Request,
+  disableWarning = false
+): Promise<FronteggNextJSSession | undefined> => {
+  const logger = fronteggLogger.child({ tag: 'EdgeRuntime.getSessionOnEdge' });
+  const cookies = CookieManager.getSessionCookieFromRequest(req);
+  if (!disableWarning) {
+    logger.info(GET_SESSION_ON_EDGE_DEPRECATED_WARN);
+  }
+  return createSession(cookies, encryptionEdge);
 };
 
 /**
@@ -128,11 +140,14 @@ export const getSessionOnEdge = async (req: IncomingMessage | Request): Promise<
  *       return redirectToLogin(pathname);
  *     }
  *
- *     // if headers are present return them to the next response
+ *     // if headers are present forward them to the next response / request
  *     if (session.headers) {
- *       return NextResponse.next({
- *         headers: session.headers,
- *       });
+ *        return NextResponse.next({
+ *          headers: edgeSession.headers,
+ *          request:{
+ *            headers: edgeSession.forwardedHeaders
+ *          }
+ *        });
  *     }
  *     return NextResponse.next();
  *   };

packages/nextjs/src/edge/refreshAccessTokenIfNeededOnEdge.ts

@@ -88,6 +88,12 @@ export async function refreshAccessTokenIfNeededOnEdge(
   });
   newSetCookie.push(...cookieValue);
 
+  const forwardedHeaders = req.headers as Headers;
+  newSetCookie.forEach((cookie) => {
+    // get cookie name and value only
+    const [name, value] = cookie.split(';')[0].split('=');
+    forwardedHeaders.set('cookie', `${name}=${value}`);
+  });
   return {
     session: {
       accessToken: data.accessToken ?? data.access_token,
@@ -97,6 +103,7 @@ export async function refreshAccessTokenIfNeededOnEdge(
     headers: {
       'set-cookie': newSetCookie.join(', '),
     },
+    forwardedHeaders,
   };
 }
 

packages/nextjs/src/types/index.ts

@@ -23,6 +23,7 @@ export interface FronteggNextJSSession extends FronteggUserTokens {
 export interface FronteggEdgeSession {
   session?: FronteggNextJSSession;
   headers?: Record<string, string>;
+  forwardedHeaders?: Headers;
 }
 
 export type RequestType = IncomingMessage | Request;