{"version":3,"sources":["../../src/utils/cookie.ts","../../src/utils/headers.ts","../../src/utils/utils.ts","../../src/utils/sdk.ts","../../src/utils/rewrite.ts","../../src/middleware/middleware.ts"],"names":["parse","options"],"mappings":";;;;;;AAMA,SAAS,cACP,MACyC,EAAA;AACzC,EACE,OAAA,CAAC,CAAC,MACF,IAAA,OAAO,WAAW,QAClB,IAAA,OAAA,IAAW,UACX,OAAW,IAAA,MAAA;AAEf;AAEO,SAAS,iBAAA,CAAkB,KAAyB,MAAmB,EAAA;AAC5E,EAAI,IAAA,CAAC,GAAO,IAAA,MAAA,CAAO,iBAAmB,EAAA;AACpC,IAAA,OAAO,MAAO,CAAA,iBAAA;AAAA;AAGhB,EAAI,IAAA,SAAA;AACJ,EAAI,IAAA;AACF,IAAY,SAAA,GAAA,IAAI,GAAI,CAAA,GAAG,CAAE,CAAA,QAAA;AAAA,WAClB,CAAG,EAAA;AACV,IAAY,SAAA,GAAA,GAAA;AAAA;AAGd,EAAI,IAAA,WAAA,CAAY,SAAS,CAAG,EAAA;AAC1B,IAAO,OAAA,SAAA;AAAA;AAGT,EAAM,MAAA,MAAA,GAAS,MAAM,SAAS,CAAA;AAE9B,EAAI,IAAA,aAAA,CAAc,MAAM,CAAG,EAAA;AACzB,IAAO,OAAA,KAAA,CAAA;AAAA;AAGT,EAAO,OAAA,MAAA,CAAO,UAAU,MAAO,CAAA,KAAA;AACjC;AAGO,SAAS,YAAY,QAAkB,EAAA;AAE5C,EAAA,MAAM,WACJ,GAAA,uFAAA;AAGF,EAAA,MAAM,WACJ,GAAA,0mBAAA;AAEF,EAAA,OAAO,YAAY,IAAK,CAAA,QAAQ,CAAK,IAAA,WAAA,CAAY,KAAK,QAAQ,CAAA;AAChE;;;AClDO,IAAM,uBAA0B,GAAA;AAAA,EACrC,QAAA;AAAA,EACA,gBAAA;AAAA,EACA,iBAAA;AAAA,EACA,iBAAA;AAAA,EACA,eAAA;AAAA,EACA,eAAA;AAAA,EACA,cAAA;AAAA,EACA,QAAA;AAAA,EACA,MAAA;AAAA,EACA,YAAA;AAAA,EACA;AACF,CAAA;AAEO,IAAM,kBAAqB,GAAA;AAAA,EAChC,mBAAA;AAAA,EACA,kBAAA;AAAA,EACA;AACF,CAAA;;;ACIO,SAAS,uBACd,CAAA,QAAA,EACA,aACA,EAAA,OAAA,EACA,cACA,EAAA;AACA,EAAA,MAAM,QACJ,QAAa,KAAA,QAAA,IAAY,cAAe,CAAA,GAAA,CAAI,mBAAmB,CAAM,KAAA,OAAA;AAEvE,EAAM,MAAA,SAAA,GAAY,cAAe,CAAA,GAAA,CAAI,kBAAkB,CAAA;AACvD,EAAA,MAAM,IAAO,GAAA,SAAA,GAAY,SAAY,GAAA,cAAA,CAAe,IAAI,MAAM,CAAA;AAC9D,EAAA,MAAM,MAAS,GAAA,iBAAA,CAAkB,IAAQ,IAAA,EAAA,EAAI,OAAO,CAAA;AAEpD,EAAOA,OAAAA,OAAAA;AAAA,IACL,mBAAmB,aAAc,CAAA,OAAA,CAAQ,GAAI,CAAA,YAAY,KAAK,EAAE;AAAA,GAClE,CACG,GAAI,CAAA,CAAC,MAAY,MAAA;AAAA,IAChB,GAAG,MAAA;AAAA,IACH,MAAA;AAAA,IACA,MAAQ,EAAA,KAAA;AAAA,IACR,MAAA,EAAQ,CAAC,CAAc,KAAA;AAAA,IACvB,CACD,CAAA,GAAA;AAAA,IAAI,CAAC,EAAE,KAAA,EAAO,IAAM,EAAA,GAAGC,UACtB,KAAA,SAAA,CAAU,IAAM,EAAA,KAAA,EAAOA,QAA2B;AAAA,GACpD;AACJ;AAEO,SAAS,oBAAA,CACd,SACA,wBACS,EAAA;AACT,EAAM,MAAA,eAAA,GAAkB,IAAI,OAAQ,EAAA;AAEpC,EAAQ,OAAA,CAAA,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAQ,KAAA;AAC9B,IAAM,MAAA,OAAA,GACJ,wBAAwB,QAAS,CAAA,GAAG,MACnC,wBAA4B,IAAA,EAAI,EAAA,QAAA,CAAS,GAAG,CAAA;AAC/C,IAAA,IAAI,OAAS,EAAA,eAAA,CAAgB,GAAI,CAAA,GAAA,EAAK,KAAK,CAAA;AAAA,GAC5C,CAAA;AAED,EAAO,OAAA,eAAA;AACT;AAEO,SAAS,YAAA,CAAa,SAAiB,WAA6B,EAAA;AACzE,EAAM,MAAA,IAAA,GAAO,IAAI,GAAA,CAAI,OAAO,CAAA;AAC5B,EAAA,MAAM,QAAW,GAAA,IAAI,GAAI,CAAA,WAAA,EAAa,OAAO,CAAA;AAE7C,EAAA,QAAA,CAAS,QACP,GAAA,IAAA,CAAK,QAAS,CAAA,OAAA,CAAQ,KAAO,EAAA,EAAE,CAC/B,GAAA,GAAA,GACA,QAAS,CAAA,QAAA,CAAS,OAAQ,CAAA,KAAA,EAAO,EAAE,CAAA;AAErC,EAAA,OAAO,IAAI,GAAI,CAAA,QAAA,CAAS,QAAS,EAAA,EAAG,OAAO,CAAE,CAAA,IAAA;AAC/C;;;AC3EO,SAAS,SAAY,GAAA;AAC1B,EAAI,IAAA,OAAA;AAEJ,EAAI,IAAA,OAAA,CAAQ,GAAI,CAAA,yBAAyB,CAAG,EAAA;AAC1C,IAAU,OAAA,GAAA,OAAA,CAAQ,IAAI,yBAAyB,CAAA;AAAA;AAGjD,EAAA,IAAI,CAAC,OAAS,EAAA;AACZ,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA;AAGF,EAAO,OAAA,OAAA,CAAQ,OAAQ,CAAA,KAAA,EAAO,EAAE,CAAA;AAClC;;;ACVO,SAAS,WACd,CAAA,MAAA,EACA,YACA,EAAA,OAAA,EACA,MACA,EAAA;AACA,EAAA,KAAA,MAAW,CAAC,CAAG,EAAA,CAAC,SAAW,EAAA,WAAW,CAAC,CAAK,IAAA;AAAA;AAAA,IAE1C,CAAC,cAAA,EAAgB,MAAO,CAAA,QAAA,EAAU,cAAc,CAAA;AAAA,IAChD,CAAC,kBAAA,EAAoB,MAAO,CAAA,QAAA,EAAU,kBAAkB,CAAA;AAAA,IACxD,CAAC,WAAA,EAAa,MAAO,CAAA,QAAA,EAAU,WAAW,CAAA;AAAA,IAC1C,CAAC,kBAAA,EAAoB,MAAO,CAAA,QAAA,EAAU,kBAAkB,CAAA;AAAA,IACxD,CAAC,cAAA,EAAgB,MAAO,CAAA,QAAA,EAAU,cAAc,CAAA;AAAA,IAChD,CAAC,aAAA,EAAe,MAAO,CAAA,QAAA,EAAU,kBAAkB;AAAA,GACrD,CAAE,SAAW,EAAA;AACX,IAAA,MAAM,KAAQ,GAAA,YAAA,CAAa,YAAc,EAAA,SAAA,IAAa,EAAE,CAAA;AACxD,IAAA,IAAI,WAAe,IAAA,MAAA,CAAO,UAAW,CAAA,KAAK,CAAG,EAAA;AAC3C,MAAA,MAAA,GAAS,MAAO,CAAA,UAAA;AAAA,QACd,KAAA;AAAA,QACA,IAAI,GAAA,CAAI,WAAa,EAAA,OAAO,EAAE,QAAS;AAAA,OACzC;AAAA;AACF;AAEF,EAAA,OAAO,MAAO,CAAA,UAAA;AAAA,IACZ,YAAA,CAAa,OAAQ,CAAA,KAAA,EAAO,EAAE,CAAA;AAAA,IAC9B,IAAI,IAAI,OAAO,CAAA,CAAE,UAAW,CAAA,OAAA,CAAQ,OAAO,EAAE;AAAA,GAC/C;AACF;;;ACvBO,SAAS,gBAAmB,GAAA;AACjC,EAAA,IAAI,OAAU,GAAA,EAAA;AAEd,EAAI,IAAA,OAAA,CAAQ,GAAI,CAAA,uBAAuB,CAAG,EAAA;AACxC,IAAU,OAAA,GAAA,OAAA,CAAQ,IAAI,uBAAuB,CAAA;AAAA;AAG/C,EAAO,OAAA,OAAA,CAAQ,OAAQ,CAAA,KAAA,EAAO,EAAE,CAAA;AAClC;AAEA,eAAsB,YAAA,CAAa,SAAsB,OAAoB,EAAA;AAC3E,EAAA,MAAM,KAAQ,GAAA;AAAA,IACZ,eAAA;AAAA,IACA,kBAAA;AAAA,IACA,KAAA;AAAA,IACA,kBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAI,IAAA,CAAC,KAAM,CAAA,IAAA,CAAK,CAAC,CAAA,KAAM,OAAQ,CAAA,OAAA,CAAQ,QAAS,CAAA,UAAA,CAAW,CAAC,CAAC,CAAG,EAAA;AAC9D,IAAA,OAAO,aAAa,IAAK,EAAA;AAAA;AAG3B,EAAA,MAAM,YAAe,GAAA,IAAI,GAAI,CAAA,SAAA,EAAW,CAAA;AACxC,EAAA,MAAM,UAAU,OAAQ,CAAA,OAAA,CAAQ,QAAW,GAAA,IAAA,GAAO,QAAQ,OAAQ,CAAA,IAAA;AAElE,EAAM,MAAA,WAAA,GAAc,OAAQ,CAAA,OAAA,CAAQ,KAAM,EAAA;AAC1C,EAAA,WAAA,CAAY,WAAW,YAAa,CAAA,QAAA;AACpC,EAAA,WAAA,CAAY,OAAO,YAAa,CAAA,IAAA;AAChC,EAAA,WAAA,CAAY,WAAW,YAAa,CAAA,QAAA;AACpC,EAAA,WAAA,CAAY,OAAO,YAAa,CAAA,IAAA;AAEhC,EAAA,MAAM,sBAAyB,GAAA,oBAAA;AAAA,IAC7B,OAAQ,CAAA,OAAA;AAAA,IACR,OAAQ,CAAA;AAAA,GACV;AACA,EAAuB,sBAAA,CAAA,GAAA,CAAI,MAAQ,EAAA,WAAA,CAAY,IAAI,CAAA;AAGnD,EAAA,sBAAA,CAAuB,GAAI,CAAA,sBAAA,EAAwB,OAAQ,CAAA,QAAA,EAAU,CAAA;AACrE,EAAuB,sBAAA,CAAA,GAAA,CAAI,4BAA8B,EAAA,gBAAA,EAAkB,CAAA;AAG3E,EAAuB,sBAAA,CAAA,GAAA,CAAI,iCAAiC,MAAM,CAAA;AAGlE,EAAA,MAAM,gBAAmB,GAAA,MAAM,KAAM,CAAA,WAAA,CAAY,UAAY,EAAA;AAAA,IAC3D,QAAQ,OAAQ,CAAA,MAAA;AAAA,IAChB,OAAS,EAAA,sBAAA;AAAA,IACT,IAAA,EACE,OAAQ,CAAA,MAAA,KAAW,KAAS,IAAA,OAAA,CAAQ,WAAW,MAC3C,GAAA,MAAM,OAAQ,CAAA,WAAA,EACd,GAAA,IAAA;AAAA,IACN,QAAU,EAAA;AAAA,GACX,CAAA;AAGD,EAAmB,kBAAA,CAAA,OAAA,CAAQ,CAAC,MAAW,KAAA;AACrC,IAAiB,gBAAA,CAAA,OAAA,CAAQ,OAAO,MAAM,CAAA;AAAA,GACvC,CAAA;AAGD,EAAA,IAAI,gBAAiB,CAAA,OAAA,CAAQ,GAAI,CAAA,YAAY,CAAG,EAAA;AAC9C,IAAA,MAAM,OAAU,GAAA,uBAAA;AAAA,MACd,QAAQ,OAAQ,CAAA,QAAA;AAAA,MAChB,gBAAA;AAAA,MACA,OAAA;AAAA,MACA,OAAQ,CAAA;AAAA,KACV;AACA,IAAiB,gBAAA,CAAA,OAAA,CAAQ,OAAO,YAAY,CAAA;AAC5C,IAAQ,OAAA,CAAA,OAAA,CAAQ,CAAC,MAAW,KAAA;AAC1B,MAAiB,gBAAA,CAAA,OAAA,CAAQ,MAAO,CAAA,YAAA,EAAc,MAAM,CAAA;AAAA,KACrD,CAAA;AAAA;AAIH,EAAA,MAAM,gBAAmB,GAAA,gBAAA,CAAiB,OAAQ,CAAA,GAAA,CAAI,UAAU,CAAA;AAChE,EAAA,IAAI,gBAAkB,EAAA;AACpB,IAAA,IAAI,QAAW,GAAA,gBAAA;AAMf,IAAI,IAAA,QAAA,CAAS,UAAW,CAAA,iBAAiB,CAAG,EAAA;AAC1C,MAAW,QAAA,GAAA,QAAA,CAAS,OAAQ,CAAA,iBAAA,EAAmB,eAAe,CAAA;AAAA,KACrD,MAAA,IAAA,CAAC,QAAS,CAAA,UAAA,CAAW,MAAM,CAAG,EAAA;AAEvC,MAAA,QAAA,GAAW,IAAI,GAAA,CAAI,QAAU,EAAA,YAAY,EAAE,QAAS,EAAA;AAAA;AAGtD,IAAA,QAAA,GAAW,YAAY,QAAU,EAAA,YAAA,CAAa,QAAS,EAAA,EAAG,SAAS,OAAO,CAAA;AAE1E,IAAA,IAAI,CAAC,QAAA,CAAS,UAAW,CAAA,MAAM,CAAG,EAAA;AAEhC,MAAA,QAAA,GAAW,IAAI,GAAA,CAAI,QAAU,EAAA,OAAO,EAAE,QAAS,EAAA;AAAA;AAKjD,IAAA,IAAI,CAAC,QAAA,CAAS,UAAW,CAAA,MAAM,CAAG,EAAA;AAChC,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,iIACE,QACA,GAAA;AAAA,OACJ;AAAA;AAGF,IAAiB,gBAAA,CAAA,OAAA,CAAQ,GAAI,CAAA,UAAA,EAAY,QAAQ,CAAA;AAAA;AAInD,EAAA,IAAI,eAAe,MAAO,CAAA,IAAA,CAAK,MAAM,gBAAA,CAAiB,aAAa,CAAA;AACnE,EAAA,IACE,gBAAiB,CAAA,OAAA,CAAQ,GAAI,CAAA,cAAc,GAAG,QAAS,CAAA,OAAO,CAC9D,IAAA,gBAAA,CAAiB,QAAQ,GAAI,CAAA,cAAc,CAAG,EAAA,QAAA,CAAS,kBAAkB,CACzE,EAAA;AACA,IAAM,MAAA,YAAA,GAAe,YAAa,CAAA,QAAA,CAAS,OAAO,CAAA;AAClD,IAAA,YAAA,GAAe,MAAO,CAAA,IAAA;AAAA,MACpB,YAAY,YAAc,EAAA,YAAA,CAAa,QAAS,EAAA,EAAG,SAAS,OAAO;AAAA,KACrE;AAAA;AAIF,EAAO,OAAA,IAAI,aAAa,YAAc,EAAA;AAAA,IACpC,SAAS,gBAAiB,CAAA,OAAA;AAAA,IAC1B,QAAQ,gBAAiB,CAAA;AAAA,GAC1B,CAAA;AACH;AAEO,SAAS,oBAAoB,OAAoB,EAAA;AACtD,EAAA,OAAO,CAAC,CAAmB,KAAA;AACzB,IAAO,OAAA,YAAA,CAAa,GAAG,OAAO,CAAA;AAAA,GAChC;AACF","file":"index.mjs","sourcesContent":["// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\nimport { errorCodes, ErrorResult, parse } from \"psl\"\nimport { OryConfig } from \"../types\"\n\nfunction isErrorResult(\n  result: unknown,\n): result is ErrorResult<keyof errorCodes> {\n  return (\n    !!result &&\n    typeof result === \"object\" &&\n    \"error\" in result &&\n    \"input\" in result\n  )\n}\n\nexport function guessCookieDomain(url: string | undefined, config: OryConfig) {\n  if (!url || config.forceCookieDomain) {\n    return config.forceCookieDomain\n  }\n\n  let parsedUrl: string\n  try {\n    parsedUrl = new URL(url).hostname\n  } catch (_) {\n    parsedUrl = url\n  }\n\n  if (isIPAddress(parsedUrl)) {\n    return parsedUrl\n  }\n\n  const parsed = parse(parsedUrl)\n\n  if (isErrorResult(parsed)) {\n    return undefined\n  }\n\n  return parsed.domain ?? parsed.input\n}\n\n// Helper function to check if the hostname is an IP address\nexport function isIPAddress(hostname: string) {\n  // IPv4 pattern: four groups of 1-3 digits, separated by dots, each between 0-255\n  const ipv4Pattern =\n    /^(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})(\\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})){3}$/\n\n  // IPv6 pattern: eight groups of 1-4 hexadecimal digits, separated by colons, optional shorthand (::)\n  const ipv6Pattern =\n    /^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]+|::(ffff(:0{1,4})?:)?((25[0-5]|(2[0-4]|1?[0-9])?[0-9])\\.){3}(25[0-5]|(2[0-4]|1?[0-9])?[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9])?[0-9])\\.){3}(25[0-5]|(2[0-4]|1?[0-9])?[0-9]))$/\n\n  return ipv4Pattern.test(hostname) || ipv6Pattern.test(hostname)\n}\n","// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\nexport const defaultForwardedHeaders = [\n  \"accept\",\n  \"accept-charset\",\n  \"accept-encoding\",\n  \"accept-language\",\n  \"authorization\",\n  \"cache-control\",\n  \"content-type\",\n  \"cookie\",\n  \"host\",\n  \"user-agent\",\n  \"referer\",\n]\n\nexport const defaultOmitHeaders = [\n  \"transfer-encoding\",\n  \"content-encoding\",\n  \"content-length\",\n]\n","// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\nimport { parse, splitCookiesString } from \"set-cookie-parser\"\nimport { serialize, SerializeOptions } from \"cookie\"\n\nimport { FlowParams, OryConfig, QueryParams } from \"../types\"\nimport { guessCookieDomain } from \"./cookie\"\nimport { defaultForwardedHeaders } from \"./headers\"\nimport { ApiResponse } from \"@ory/client-fetch\"\nimport { rewriteJsonResponse } from \"./rewrite\"\n\nexport function onValidationError<T>(value: T): T {\n  return value\n}\n\nexport async function toFlowParams(\n  params: QueryParams,\n  getCookieHeader: () => Promise<string | undefined>,\n): Promise<FlowParams> {\n  return {\n    id: params[\"flow\"]?.toString() ?? \"\",\n    cookie: await getCookieHeader(),\n    return_to: params[\"return_to\"]?.toString() ?? \"\",\n  }\n}\nexport function processSetCookieHeaders(\n  protocol: string,\n  fetchResponse: Response,\n  options: OryConfig,\n  requestHeaders: Headers,\n) {\n  const isTls =\n    protocol === \"https:\" || requestHeaders.get(\"x-forwarded-proto\") === \"https\"\n\n  const forwarded = requestHeaders.get(\"x-forwarded-host\")\n  const host = forwarded ? forwarded : requestHeaders.get(\"host\")\n  const domain = guessCookieDomain(host ?? \"\", options)\n\n  return parse(\n    splitCookiesString(fetchResponse.headers.get(\"set-cookie\") || \"\"),\n  )\n    .map((cookie) => ({\n      ...cookie,\n      domain,\n      secure: isTls,\n      encode: (v: string) => v,\n    }))\n    .map(({ value, name, ...options }) =>\n      serialize(name, value, options as SerializeOptions),\n    )\n}\n\nexport function filterRequestHeaders(\n  headers: Headers,\n  forwardAdditionalHeaders?: string[],\n): Headers {\n  const filteredHeaders = new Headers()\n\n  headers.forEach((value, key) => {\n    const isValid =\n      defaultForwardedHeaders.includes(key) ||\n      (forwardAdditionalHeaders ?? []).includes(key)\n    if (isValid) filteredHeaders.set(key, value)\n  })\n\n  return filteredHeaders\n}\n\nexport function joinUrlPaths(baseUrl: string, relativeUrl: string): string {\n  const base = new URL(baseUrl)\n  const relative = new URL(relativeUrl, baseUrl)\n\n  relative.pathname =\n    base.pathname.replace(/\\/$/, \"\") +\n    \"/\" +\n    relative.pathname.replace(/^\\//, \"\")\n\n  return new URL(relative.toString(), baseUrl).href\n}\n\nexport function toValue<T extends object>(res: ApiResponse<T>): Promise<T> {\n  // Remove all undefined values from the response (array and object) using lodash:\n  // Remove all (nested) undefined values from the response using lodash\n  return res.value().then((v) => rewriteJsonResponse(v))\n}\n","// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\nexport function orySdkUrl() {\n  let baseUrl\n\n  if (process.env[\"NEXT_PUBLIC_ORY_SDK_URL\"]) {\n    baseUrl = process.env[\"NEXT_PUBLIC_ORY_SDK_URL\"]\n  }\n\n  if (!baseUrl) {\n    throw new Error(\n      \"You need to set environment variable `NEXT_PUBLIC_ORY_SDK_URL` to your Ory Network SDK URL.\",\n    )\n  }\n\n  return baseUrl.replace(/\\/$/, \"\")\n}\n\nexport function isProduction() {\n  return (\n    [\"production\", \"prod\"].indexOf(\n      process.env[\"VERCEL_ENV\"] || process.env[\"NODE_ENV\"] || \"\",\n    ) > -1\n  )\n}\n\nexport function guessPotentiallyProxiedOrySdkUrl(options?: {\n  knownProxiedUrl?: string\n}) {\n  if (isProduction()) {\n    // In production, we use the production custom domain\n    return orySdkUrl()\n  }\n\n  if (process.env[\"VERCEL_ENV\"]) {\n    // We are in vercel\n\n    // The domain name of the generated deployment URL. Example: *.vercel.app. The value does not include the protocol scheme https://.\n    //\n    // This is only available for preview deployments on Vercel.\n    if (!isProduction() && process.env[\"VERCEL_URL\"]) {\n      return `https://${process.env[\"VERCEL_URL\"]}`.replace(/\\/$/, \"\")\n    }\n\n    // This is sometimes set by the render server.\n    if (process.env[\"__NEXT_PRIVATE_ORIGIN\"]) {\n      return process.env[\"__NEXT_PRIVATE_ORIGIN\"].replace(/\\/$/, \"\")\n    }\n  }\n\n  // Unable to figure out the SDK URL. Either because we are not using Vercel or because we are on a local machine.\n  // Let's try to use the window location.\n  if (typeof window !== \"undefined\") {\n    return window.location.origin\n  }\n\n  if (options?.knownProxiedUrl) {\n    return options.knownProxiedUrl\n  }\n\n  // We tried everything. Let's use the SDK URL.\n  const final = orySdkUrl()\n  console.warn(\n    `Unable to determine a suitable SDK URL for setting up the Next.js integration of Ory Elements. Will proceed using default Ory SDK URL \"${final}\". This is likely not what you want for local development and your authentication and login may not work.`,\n  )\n\n  return final\n}\n","// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\nimport { OryConfig } from \"../types\"\nimport { joinUrlPaths } from \"./utils\"\nimport { orySdkUrl } from \"./sdk\"\n\nexport function rewriteUrls(\n  source: string,\n  matchBaseUrl: string,\n  selfUrl: string,\n  config: OryConfig,\n) {\n  for (const [_, [matchPath, replaceWith]] of [\n    // TODO load these dynamically from the project config\n    [\"/ui/recovery\", config.override?.recoveryUiPath],\n    [\"/ui/registration\", config.override?.registrationUiPath],\n    [\"/ui/login\", config.override?.loginUiPath],\n    [\"/ui/verification\", config.override?.verificationUiPath],\n    [\"/ui/settings\", config.override?.settingsUiPath],\n    [\"/ui/welcome\", config.override?.defaultRedirectUri],\n  ].entries()) {\n    const match = joinUrlPaths(matchBaseUrl, matchPath || \"\")\n    if (replaceWith && source.startsWith(match)) {\n      source = source.replaceAll(\n        match,\n        new URL(replaceWith, selfUrl).toString(),\n      )\n    }\n  }\n  return source.replaceAll(\n    matchBaseUrl.replace(/\\/$/, \"\"),\n    new URL(selfUrl).toString().replace(/\\/$/, \"\"),\n  )\n}\n\n/**\n * Rewrites Ory SDK URLs in JSON responses (objects, arrays, strings) with the provided proxy URL.\n *\n * If `proxyUrl` is provided, the SDK URL is replaced with the proxy URL.\n *\n * @param obj - The object to rewrite\n * @param proxyUrl - The proxy URL to replace the SDK URL with\n */\nexport function rewriteJsonResponse<T extends object>(\n  obj: T,\n  proxyUrl?: string,\n): T {\n  return Object.fromEntries(\n    Object.entries(obj)\n      .filter(([_, value]) => value !== undefined)\n      .map(([key, value]) => {\n        if (Array.isArray(value)) {\n          // Recursively process each item in the array\n          return [\n            key,\n            value\n              .map((item) => {\n                if (typeof item === \"object\" && item !== null) {\n                  // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n                  return rewriteJsonResponse(item, proxyUrl)\n                } else if (typeof item === \"string\" && proxyUrl) {\n                  return item.replaceAll(orySdkUrl(), proxyUrl)\n                }\n                // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n                return item\n              })\n              .filter((item) => item !== undefined),\n          ]\n        } else if (typeof value === \"object\" && value !== null) {\n          // Recursively remove undefined in nested objects\n          return [key, rewriteJsonResponse(value, proxyUrl)]\n        } else if (typeof value === \"string\" && proxyUrl) {\n          // Replace SDK URL with the provided proxy URL\n          return [key, value.replaceAll(orySdkUrl(), proxyUrl)]\n        }\n        return [key, value]\n      }),\n  ) as T\n}\n","// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\nimport { NextResponse, type NextRequest } from \"next/server\"\n\nimport { rewriteUrls } from \"../utils/rewrite\"\nimport { filterRequestHeaders, processSetCookieHeaders } from \"../utils/utils\"\nimport { OryConfig } from \"../types\"\nimport { defaultOmitHeaders } from \"../utils/headers\"\nimport { orySdkUrl } from \"../utils/sdk\"\n\nexport function getProjectApiKey() {\n  let baseUrl = \"\"\n\n  if (process.env[\"ORY_PROJECT_API_TOKEN\"]) {\n    baseUrl = process.env[\"ORY_PROJECT_API_TOKEN\"]\n  }\n\n  return baseUrl.replace(/\\/$/, \"\")\n}\n\nexport async function proxyRequest(request: NextRequest, options: OryConfig) {\n  const match = [\n    \"/self-service\",\n    \"/sessions/whoami\",\n    \"/ui\",\n    \"/.well-known/ory\",\n    \"/.ory\",\n  ]\n  if (!match.some((m) => request.nextUrl.pathname.startsWith(m))) {\n    return NextResponse.next()\n  }\n\n  const matchBaseUrl = new URL(orySdkUrl())\n  const selfUrl = request.nextUrl.protocol + \"//\" + request.nextUrl.host\n\n  const upstreamUrl = request.nextUrl.clone()\n  upstreamUrl.hostname = matchBaseUrl.hostname\n  upstreamUrl.host = matchBaseUrl.host\n  upstreamUrl.protocol = matchBaseUrl.protocol\n  upstreamUrl.port = matchBaseUrl.port\n\n  const upstreamRequestHeaders = filterRequestHeaders(\n    request.headers,\n    options.forwardAdditionalHeaders,\n  )\n  upstreamRequestHeaders.set(\"Host\", upstreamUrl.host)\n\n  // Ensures we use the correct URL in redirects like OIDC redirects.\n  upstreamRequestHeaders.set(\"Ory-Base-URL-Rewrite\", selfUrl.toString())\n  upstreamRequestHeaders.set(\"Ory-Base-URL-Rewrite-Token\", getProjectApiKey())\n\n  // We disable custom domain redirects.\n  upstreamRequestHeaders.set(\"Ory-No-Custom-Domain-Redirect\", \"true\")\n\n  // Fetch the upstream response\n  const upstreamResponse = await fetch(upstreamUrl.toString(), {\n    method: request.method,\n    headers: upstreamRequestHeaders,\n    body:\n      request.method !== \"GET\" && request.method !== \"HEAD\"\n        ? await request.arrayBuffer()\n        : null,\n    redirect: \"manual\",\n  })\n\n  // Delete headers that should not be forwarded\n  defaultOmitHeaders.forEach((header) => {\n    upstreamResponse.headers.delete(header)\n  })\n\n  // Modify cookie domain\n  if (upstreamResponse.headers.get(\"set-cookie\")) {\n    const cookies = processSetCookieHeaders(\n      request.nextUrl.protocol,\n      upstreamResponse,\n      options,\n      request.headers,\n    )\n    upstreamResponse.headers.delete(\"set-cookie\")\n    cookies.forEach((cookie) => {\n      upstreamResponse.headers.append(\"Set-Cookie\", cookie)\n    })\n  }\n\n  // Modify location header\n  const originalLocation = upstreamResponse.headers.get(\"location\")\n  if (originalLocation) {\n    let location = originalLocation\n\n    // The legacy hostedui does a redirect to `../self-service` which breaks the NextJS middleware.\n    // To fix this, we hard-rewrite `../self-service`.\n    //\n    // This is not needed with the \"new\" account experience based on this SDK.\n    if (location.startsWith(\"../self-service\")) {\n      location = location.replace(\"../self-service\", \"/self-service\")\n    } else if (!location.startsWith(\"http\")) {\n      // If the location header is not an absolute URL, we need to make it one for rewriteUrls to properly rewrite it.\n      location = new URL(location, matchBaseUrl).toString()\n    }\n\n    location = rewriteUrls(location, matchBaseUrl.toString(), selfUrl, options)\n\n    if (!location.startsWith(\"http\")) {\n      // console.debug('rewriting location', selfUrl, location, new URL(location, selfUrl).toString())\n      location = new URL(location, selfUrl).toString()\n    }\n\n    // Next.js throws an error that is completely unhelpful if the location header is not an absolute URL.\n    // Therefore, we throw a more helpful error message here.\n    if (!location.startsWith(\"http\")) {\n      throw new Error(\n        \"The HTTP location header must be an absolute URL in NextJS middlewares. However, it is not. The resulting HTTP location is `\" +\n          location +\n          \"`. This is either a configuration or code bug. Please open an issue on https://github.com/ory/elements.\",\n      )\n    }\n\n    upstreamResponse.headers.set(\"location\", location)\n  }\n\n  // Modify buffer\n  let modifiedBody = Buffer.from(await upstreamResponse.arrayBuffer())\n  if (\n    upstreamResponse.headers.get(\"content-type\")?.includes(\"text/\") ||\n    upstreamResponse.headers.get(\"content-type\")?.includes(\"application/json\")\n  ) {\n    const bufferString = modifiedBody.toString(\"utf-8\")\n    modifiedBody = Buffer.from(\n      rewriteUrls(bufferString, matchBaseUrl.toString(), selfUrl, options),\n    )\n  }\n\n  // Return the modified response\n  return new NextResponse(modifiedBody, {\n    headers: upstreamResponse.headers,\n    status: upstreamResponse.status,\n  })\n}\n\nexport function createOryMiddleware(options: OryConfig) {\n  return (r: NextRequest) => {\n    return proxyRequest(r, options)\n  }\n}\n"]}