Refactor URL resolution

LauraBeatris · LauraBeatris · commit 5dca5667f429 · 2025-03-26T13:49:55.000-03:00
diff --git a/packages/astro/src/server/clerk-middleware.ts b/packages/astro/src/server/clerk-middleware.ts
@@ -5,7 +5,7 @@ import { isDevelopmentFromPublishableKey, isDevelopmentFromSecretKey } from '@cl
 import { isHttpOrHttps } from '@clerk/shared/proxy';
 import { eventMethodCalled } from '@clerk/shared/telemetry';
 import { handleValueOrFn } from '@clerk/shared/utils';
-import type { JwtPayload } from '@clerk/types';
+import type { SessionStatusClaim } from '@clerk/types';
 import type { APIContext } from 'astro';
 
 import { authAsyncStorage } from '#async-local-storage';
@@ -94,7 +94,7 @@ export const clerkMiddleware: ClerkMiddleware = (...args: unknown[]): any => {
 
     const authObject = requestState.toAuth();
 
-    const redirectToSignIn = createMiddlewareRedirectToSignIn(clerkRequest, authObject.sessionClaims?.sts);
+    const redirectToSignIn = createMiddlewareRedirectToSignIn(clerkRequest, authObject.sessionStatus);
     const authObjWithMethods: ClerkMiddlewareAuthObject = Object.assign(authObject, { redirectToSignIn });
 
     decorateAstroLocal(clerkRequest, context, requestState);
@@ -287,7 +287,7 @@ function decorateAstroLocal(clerkRequest: ClerkRequest, context: APIContext, req
         publishableKey: getSafeEnv(context).pk!,
         signInUrl: requestState.signInUrl,
         signUpUrl: requestState.signUpUrl,
-        sessionStatus: authObject.sessionClaims?.sts,
+        sessionStatus: authObject.sessionStatus,
       }).redirectToSignIn({
         returnBackUrl: opts.returnBackUrl === null ? '' : opts.returnBackUrl || clerkUrl.toString(),
       });
@@ -376,7 +376,7 @@ const redirectAdapter = (url: string | URL) => {
 
 const createMiddlewareRedirectToSignIn = (
   clerkRequest: ClerkRequest,
-  sessionStatus?: JwtPayload['sts'],
+  sessionStatus?: SessionStatusClaim | null,
 ): ClerkMiddlewareAuthObject['redirectToSignIn'] => {
   return (opts = {}) => {
     const err = new Error(CONTROL_FLOW_ERROR.REDIRECT_TO_SIGN_IN) as any;
diff --git a/packages/backend/src/createRedirect.ts b/packages/backend/src/createRedirect.ts
@@ -1,5 +1,5 @@
 import { buildAccountsBaseUrl } from '@clerk/shared/buildAccountsBaseUrl';
-import type { JwtPayload } from '@clerk/types';
+import type { SessionStatusClaim } from '@clerk/types';
 
 import { constants } from './constants';
 import { errorThrower, parsePublishableKey } from './util/shared';
@@ -71,7 +71,7 @@ type CreateRedirect = <ReturnType>(params: {
   baseUrl: URL | string;
   signInUrl?: URL | string;
   signUpUrl?: URL | string;
-  sessionStatus?: JwtPayload['sts'];
+  sessionStatus: SessionStatusClaim | null;
 }) => {
   redirectToSignIn: RedirectFun<ReturnType>;
   redirectToSignUp: RedirectFun<ReturnType>;
@@ -84,28 +84,28 @@ export const createRedirect: CreateRedirect = params => {
   const isDevelopment = parsedPublishableKey?.instanceType === 'development';
   const accountsBaseUrl = buildAccountsBaseUrl(frontendApi);
 
-  const redirectToTasks = ({ targetUrl, returnBackUrl }: RedirectToParams & { targetUrl: string | URL }) => {
-    const rootTasksPath = '/tasks';
-
-    const tasksUrl =
-      typeof targetUrl === 'string' ? targetUrl.replace(/\/$/, '') + rootTasksPath : new URL(rootTasksPath, targetUrl);
-
-    return redirectAdapter(buildUrl(baseUrl, tasksUrl, returnBackUrl, isDevelopment ? params.devBrowserToken : null));
+  const redirectToTasks = (url: string) => {
+    return redirectAdapter(buildUrl(url, '/tasks'));
   };
 
   const redirectToSignUp = ({ returnBackUrl }: RedirectToParams = {}) => {
     if (!signUpUrl && !accountsBaseUrl) {
       errorThrower.throwMissingPublishableKeyError();
     }
+
     const accountsSignUpUrl = `${accountsBaseUrl}/sign-up`;
+    const redirectUrl = buildUrl(
+      baseUrl,
+      signUpUrl || accountsSignUpUrl,
+      returnBackUrl,
+      isDevelopment ? params.devBrowserToken : null,
+    );
 
     if (sessionStatus === 'pending') {
-      return redirectToTasks({ targetUrl: signUpUrl ?? accountsSignUpUrl, returnBackUrl });
+      return redirectToTasks(redirectUrl);
     }
 
-    return redirectAdapter(
-      buildUrl(baseUrl, signUpUrl || accountsSignUpUrl, returnBackUrl, isDevelopment ? params.devBrowserToken : null),
-    );
+    return redirectAdapter(redirectUrl);
   };
 
   const redirectToSignIn = ({ returnBackUrl }: RedirectToParams = {}) => {
@@ -114,14 +114,18 @@ export const createRedirect: CreateRedirect = params => {
     }
 
     const accountsSignInUrl = `${accountsBaseUrl}/sign-in`;
+    const redirectUrl = buildUrl(
+      baseUrl,
+      signInUrl || accountsSignInUrl,
+      returnBackUrl,
+      isDevelopment ? params.devBrowserToken : null,
+    );
 
     if (sessionStatus === 'pending') {
-      return redirectToTasks({ targetUrl: signInUrl ?? accountsSignInUrl, returnBackUrl });
+      return redirectToTasks(redirectUrl);
     }
 
-    return redirectAdapter(
-      buildUrl(baseUrl, signInUrl || accountsSignInUrl, returnBackUrl, isDevelopment ? params.devBrowserToken : null),
-    );
+    return redirectAdapter(redirectUrl);
   };
 
   return { redirectToSignUp, redirectToSignIn };
diff --git a/packages/nextjs/src/app-router/server/auth.ts b/packages/nextjs/src/app-router/server/auth.ts
@@ -99,7 +99,7 @@ export const auth: AuthFn = async () => {
       publishableKey: decryptedRequestData.publishableKey || PUBLISHABLE_KEY,
       signInUrl: decryptedRequestData.signInUrl || SIGN_IN_URL,
       signUpUrl: decryptedRequestData.signUpUrl || SIGN_UP_URL,
-      sessionStatus: authObject.sessionClaims?.sts,
+      sessionStatus: authObject.sessionStatus,
     }).redirectToSignIn({
       returnBackUrl: opts.returnBackUrl === null ? '' : opts.returnBackUrl || clerkUrl?.toString(),
     });
diff --git a/packages/nextjs/src/server/nextErrors.ts b/packages/nextjs/src/server/nextErrors.ts
@@ -136,7 +136,7 @@ function isNextjsRedirectError(error: unknown): error is RedirectError<{ redirec
 
 function isRedirectToSignInError(
   error: unknown,
-): error is RedirectError<{ returnBackUrl: string | URL; sessionStatus?: SessionStatusClaim }> {
+): error is RedirectError<{ returnBackUrl: string | URL; sessionStatus: SessionStatusClaim | null }> {
   if (isNextjsRedirectError(error) && 'clerk_digest' in error) {
     return error.clerk_digest === CONTROL_FLOW_ERROR.REDIRECT_TO_SIGN_IN;
   }
diff --git a/packages/nextjs/src/server/protect.ts b/packages/nextjs/src/server/protect.ts
@@ -107,7 +107,7 @@ export function createProtect(opts: {
     /**
      * User is authenticated with pending status, indicating client tasks to resolve
      */
-    if (authObject.sessionClaims.sts === 'pending') {
+    if (authObject.sessionStatus === 'pending') {
       return handlePendingSessionStatus();
     }
 

Original file line number	Diff line number	Diff line change
`@@ -136,7 +136,7 @@ function isNextjsRedirectError(error: unknown): error is RedirectError<{ redirec`
`136`	`136`
`137`	`137`	`function isRedirectToSignInError(`
`138`	`138`	`error: unknown,`
`139`		`-): error is RedirectError<{ returnBackUrl: string \| URL; sessionStatus?: SessionStatusClaim }> {`
	`139`	`+): error is RedirectError<{ returnBackUrl: string \| URL; sessionStatus: SessionStatusClaim \| null }> {`
`140`	`140`	`if (isNextjsRedirectError(error) && 'clerk_digest' in error) {`
`141`	`141`	`return error.clerk_digest === CONTROL_FLOW_ERROR.REDIRECT_TO_SIGN_IN;`
`142`	`142`	`}`
Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ export function createProtect(opts: {`
`107`	`107`	`/**`
`108`	`108`	`* User is authenticated with pending status, indicating client tasks to resolve`
`109`	`109`	`*/`
`110`		`- if (authObject.sessionClaims.sts === 'pending') {`
	`110`	`+ if (authObject.sessionStatus === 'pending') {`
`111`	`111`	`return handlePendingSessionStatus();`
`112`	`112`	`}`
`113`	`113`