feat: Refactor app info type to allow adding multiple website domains

lib/build/framework/awsLambda/framework.js

@@ -264,7 +264,7 @@ const middleware = (handler) => {
             });
             return response.sendResponse();
         } catch (err) {
-            await supertokens.errorHandler(err, request, response);
+            await supertokens.errorHandler(err, request, response, userContext);
             if (response.responseSet) {
                 return response.sendResponse();
             }

lib/build/framework/express/framework.js

@@ -140,7 +140,7 @@ const middleware = () => {
         } catch (err) {
             if (supertokens) {
                 try {
-                    await supertokens.errorHandler(err, request, response);
+                    await supertokens.errorHandler(err, request, response, userContext);
                 } catch (_a) {
                     next(err);
                 }
@@ -156,8 +156,9 @@ const errorHandler = () => {
         let supertokens = supertokens_1.default.getInstanceOrThrowError();
         let request = new ExpressRequest(req);
         let response = new ExpressResponse(res);
+        const userContext = utils_1.makeDefaultUserContextFromAPI(request);
         try {
-            await supertokens.errorHandler(err, request, response);
+            await supertokens.errorHandler(err, request, response, userContext);
         } catch (err) {
             return next(err);
         }

lib/build/framework/fastify/framework.js

@@ -172,7 +172,7 @@ function plugin(fastify, _, done) {
         try {
             await supertokens.middleware(request, response, userContext);
         } catch (err) {
-            await supertokens.errorHandler(err, request, response);
+            await supertokens.errorHandler(err, request, response, userContext);
         }
     });
     done();
@@ -183,7 +183,8 @@ const errorHandler = () => {
         let supertokens = supertokens_1.default.getInstanceOrThrowError();
         let request = new FastifyRequest(req);
         let response = new FastifyResponse(res);
-        await supertokens.errorHandler(err, request, response);
+        let userContext = utils_1.makeDefaultUserContextFromAPI(request);
+        await supertokens.errorHandler(err, request, response, userContext);
     };
 };
 exports.errorHandler = errorHandler;

lib/build/framework/hapi/framework.js

@@ -156,9 +156,10 @@ const plugin = {
                 let err = request.response.data || request.response;
                 let req = new HapiRequest(request);
                 let res = new HapiResponse(h);
+                const userContext = utils_1.makeDefaultUserContextFromAPI(req);
                 if (err !== undefined && err !== null) {
                     try {
-                        await supertokens.errorHandler(err, req, res);
+                        await supertokens.errorHandler(err, req, res, userContext);
                         if (res.responseSet) {
                             let resObj = res.sendResponse(true);
                             (request.app.lazyHeaders || []).forEach(({ key, value, allowDuplicateKey }) => {

lib/build/framework/koa/framework.js

@@ -142,7 +142,7 @@ const middleware = () => {
                 return await next();
             }
         } catch (err) {
-            return await supertokens.errorHandler(err, request, response);
+            return await supertokens.errorHandler(err, request, response, userContext);
         }
     };
 };

lib/build/framework/loopback/framework.js

@@ -127,7 +127,7 @@ const middleware = async (ctx, next) => {
         }
         return;
     } catch (err) {
-        return await supertokens.errorHandler(err, request, response);
+        return await supertokens.errorHandler(err, request, response, userContext);
     }
 };
 exports.middleware = middleware;

lib/build/recipe/dashboard/api/analytics.js

@@ -60,9 +60,12 @@ async function analyticsPost(_, ___, options, __) {
             status: "OK",
         };
     }
-    const { apiDomain, websiteDomain, appName } = options.appInfo;
+    const { apiDomain, getOrigin: websiteDomain, appName } = options.appInfo;
     const data = {
-        websiteDomain: websiteDomain.getAsStringDangerous(),
+        websiteDomain: websiteDomain({
+            request: undefined,
+            userContext: {},
+        }).getAsStringDangerous(),
         apiDomain: apiDomain.getAsStringDangerous(),
         appName,
         sdk: "node",

lib/build/recipe/emailpassword/api/implementation.js

@@ -63,6 +63,8 @@ function getAPIImplementation() {
                     token: response.token,
                     recipeId: options.recipeId,
                     tenantId,
+                    request: options.req,
+                    userContext,
                 });
                 logger_1.logDebugMessage(`Sending password reset email to ${email}`);
                 await options.emailDelivery.ingredientInterfaceImpl.sendEmail({

lib/build/recipe/emailpassword/index.js

@@ -107,6 +107,8 @@ class Wrapper {
                 recipeId: recipeInstance.getRecipeId(),
                 token: token.token,
                 tenantId: tenantId === undefined ? constants_1.DEFAULT_TENANT_ID : tenantId,
+                request: __1.getRequestFromUserContext(userContext),
+                userContext,
             }),
         };
     }

lib/build/recipe/emailpassword/utils.d.ts

@@ -2,6 +2,7 @@
 import Recipe from "./recipe";
 import { TypeInput, TypeNormalisedInput, NormalisedFormField, TypeInputFormField } from "./types";
 import { NormalisedAppinfo } from "../../types";
+import { BaseRequest } from "../../framework";
 export declare function validateAndNormaliseUserInput(
     recipeInstance: Recipe,
     appInfo: NormalisedAppinfo,
@@ -26,4 +27,6 @@ export declare function getPasswordResetLink(input: {
     token: string;
     recipeId: string;
     tenantId: string;
+    request: BaseRequest | undefined;
+    userContext: any;
 }): string;

lib/build/recipe/emailpassword/utils.js

@@ -213,7 +213,12 @@ async function defaultEmailValidator(value) {
 exports.defaultEmailValidator = defaultEmailValidator;
 function getPasswordResetLink(input) {
     return (
-        input.appInfo.websiteDomain.getAsStringDangerous() +
+        input.appInfo
+            .getOrigin({
+                request: input.request,
+                userContext: input.userContext,
+            })
+            .getAsStringDangerous() +
         input.appInfo.websiteBasePath.getAsStringDangerous() +
         "/reset-password?token=" +
         input.token +

lib/build/recipe/emailverification/api/implementation.js

@@ -166,6 +166,8 @@ function getAPIInterface() {
                     token: response.token,
                     recipeId: options.recipeId,
                     tenantId,
+                    request: options.req,
+                    userContext,
                 });
                 logger_1.logDebugMessage(`Sending email verification email to ${emailInfo}`);
                 await options.emailDelivery.ingredientInterfaceImpl.sendEmail({

lib/build/recipe/emailverification/index.js

@@ -24,6 +24,7 @@ const recipe_1 = __importDefault(require("./recipe"));
 const error_1 = __importDefault(require("./error"));
 const emailVerificationClaim_1 = require("./emailVerificationClaim");
 const utils_1 = require("./utils");
+const __1 = require("../..");
 class Wrapper {
     static async createEmailVerificationToken(tenantId, recipeUserId, email, userContext = {}) {
         const recipeInstance = recipe_1.default.getInstanceOrThrowError();
@@ -67,6 +68,8 @@ class Wrapper {
                 token: emailVerificationToken.token,
                 recipeId: recipeInstance.getRecipeId(),
                 tenantId,
+                request: __1.getRequestFromUserContext(userContext),
+                userContext,
             }),
         };
     }

lib/build/recipe/emailverification/utils.d.ts

@@ -2,6 +2,7 @@
 import Recipe from "./recipe";
 import { TypeInput, TypeNormalisedInput } from "./types";
 import { NormalisedAppinfo } from "../../types";
+import { BaseRequest } from "../../framework";
 export declare function validateAndNormaliseUserInput(
     _: Recipe,
     appInfo: NormalisedAppinfo,
@@ -12,4 +13,6 @@ export declare function getEmailVerifyLink(input: {
     token: string;
     recipeId: string;
     tenantId: string;
+    request: BaseRequest | undefined;
+    userContext: any;
 }): string;

lib/build/recipe/emailverification/utils.js

@@ -65,7 +65,12 @@ function validateAndNormaliseUserInput(_, appInfo, config) {
 exports.validateAndNormaliseUserInput = validateAndNormaliseUserInput;
 function getEmailVerifyLink(input) {
     return (
-        input.appInfo.websiteDomain.getAsStringDangerous() +
+        input.appInfo
+            .getOrigin({
+                request: input.request,
+                userContext: input.userContext,
+            })
+            .getAsStringDangerous() +
         input.appInfo.websiteBasePath.getAsStringDangerous() +
         "/verify-email" +
         "?token=" +

lib/build/recipe/passwordless/api/implementation.js

@@ -224,7 +224,12 @@ function getAPIImplementation() {
             const flowType = input.options.config.flowType;
             if (flowType === "MAGIC_LINK" || flowType === "USER_INPUT_CODE_AND_MAGIC_LINK") {
                 magicLink =
-                    input.options.appInfo.websiteDomain.getAsStringDangerous() +
+                    input.options.appInfo
+                        .getOrigin({
+                            request: input.options.req,
+                            userContext: input.userContext,
+                        })
+                        .getAsStringDangerous() +
                     input.options.appInfo.websiteBasePath.getAsStringDangerous() +
                     "/verify" +
                     "?rid=" +
@@ -354,7 +359,12 @@ function getAPIImplementation() {
                     const flowType = input.options.config.flowType;
                     if (flowType === "MAGIC_LINK" || flowType === "USER_INPUT_CODE_AND_MAGIC_LINK") {
                         magicLink =
-                            input.options.appInfo.websiteDomain.getAsStringDangerous() +
+                            input.options.appInfo
+                                .getOrigin({
+                                    request: input.options.req,
+                                    userContext: input.userContext,
+                                })
+                                .getAsStringDangerous() +
                             input.options.appInfo.websiteBasePath.getAsStringDangerous() +
                             "/verify" +
                             "?rid=" +

lib/build/recipe/passwordless/index.js

@@ -22,6 +22,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.sendSms = exports.sendEmail = exports.signInUp = exports.createMagicLink = exports.revokeCode = exports.revokeAllCodes = exports.updateUser = exports.createNewCodeForDevice = exports.listCodesByPreAuthSessionId = exports.listCodesByPhoneNumber = exports.listCodesByEmail = exports.listCodesByDeviceId = exports.consumeCode = exports.createCode = exports.Error = exports.init = void 0;
 const recipe_1 = __importDefault(require("./recipe"));
 const error_1 = __importDefault(require("./error"));
+const __1 = require("../..");
 class Wrapper {
     static createCode(input) {
         var _a;
@@ -104,6 +105,7 @@ class Wrapper {
         var _a;
         return recipe_1.default.getInstanceOrThrowError().createMagicLink(
             Object.assign(Object.assign({}, input), {
+                request: __1.getRequestFromUserContext(input.userContext),
                 userContext: (_a = input.userContext) !== null && _a !== void 0 ? _a : {},
             })
         );

lib/build/recipe/passwordless/recipe.d.ts

@@ -48,11 +48,13 @@ export default class Recipe extends RecipeModule {
             | {
                   email: string;
                   tenantId: string;
+                  request: BaseRequest | undefined;
                   userContext?: any;
               }
             | {
                   phoneNumber: string;
                   tenantId: string;
+                  request: BaseRequest | undefined;
                   userContext?: any;
               }
     ) => Promise<string>;

lib/build/recipe/passwordless/recipe.js

@@ -129,7 +129,12 @@ class Recipe extends recipeModule_1.default {
             );
             const appInfo = this.getAppInfo();
             let magicLink =
-                appInfo.websiteDomain.getAsStringDangerous() +
+                appInfo
+                    .getOrigin({
+                        request: input.request,
+                        userContext: input.userContext,
+                    })
+                    .getAsStringDangerous() +
                 appInfo.websiteBasePath.getAsStringDangerous() +
                 "/verify" +
                 "?rid=" +

lib/build/recipe/session/cookieAndHeaders.d.ts

@@ -1,11 +1,18 @@
 // @ts-nocheck
 import type { BaseRequest, BaseResponse } from "../../framework";
 import { TokenTransferMethod, TokenType, TypeNormalisedInput } from "./types";
-export declare function clearSessionFromAllTokenTransferMethods(config: TypeNormalisedInput, res: BaseResponse): void;
+export declare function clearSessionFromAllTokenTransferMethods(
+    config: TypeNormalisedInput,
+    res: BaseResponse,
+    request: BaseRequest | undefined,
+    userContext: any
+): void;
 export declare function clearSession(
     config: TypeNormalisedInput,
     res: BaseResponse,
-    transferMethod: TokenTransferMethod
+    transferMethod: TokenTransferMethod,
+    request: BaseRequest | undefined,
+    userContext: any
 ): void;
 export declare function getAntiCsrfTokenFromHeaders(req: BaseRequest): string | undefined;
 export declare function setAntiCsrfTokenInHeaders(res: BaseResponse, antiCsrfToken: string): void;
@@ -23,7 +30,9 @@ export declare function setToken(
     tokenType: TokenType,
     value: string,
     expires: number,
-    transferMethod: TokenTransferMethod
+    transferMethod: TokenTransferMethod,
+    req: BaseRequest | undefined,
+    userContext: any
 ): void;
 export declare function setHeader(res: BaseResponse, name: string, value: string): void;
 /**
@@ -43,6 +52,8 @@ export declare function setCookie(
     name: string,
     value: string,
     expires: number,
-    pathType: "refreshTokenPath" | "accessTokenPath"
+    pathType: "refreshTokenPath" | "accessTokenPath",
+    req: BaseRequest | undefined,
+    userContext: any
 ): void;
 export declare function getAuthModeFromHeader(req: BaseRequest): string | undefined;

lib/build/recipe/session/cookieAndHeaders.js

@@ -26,23 +26,23 @@ const refreshTokenHeaderKey = "st-refresh-token";
 const antiCsrfHeaderKey = "anti-csrf";
 const frontTokenHeaderKey = "front-token";
 const authModeHeaderKey = "st-auth-mode";
-function clearSessionFromAllTokenTransferMethods(config, res) {
+function clearSessionFromAllTokenTransferMethods(config, res, request, userContext) {
     // We are clearing the session in all transfermethods to be sure to override cookies in case they have been already added to the response.
     // This is done to handle the following use-case:
     // If the app overrides signInPOST to check the ban status of the user after the original implementation and throwing an UNAUTHORISED error
     // In this case: the SDK has attached cookies to the response, but none was sent with the request
     // We can't know which to clear since we can't reliably query or remove the set-cookie header added to the response (causes issues in some frameworks, i.e.: hapi)
     // The safe solution in this case is to overwrite all the response cookies/headers with an empty value, which is what we are doing here
     for (const transferMethod of constants_2.availableTokenTransferMethods) {
-        clearSession(config, res, transferMethod);
+        clearSession(config, res, transferMethod, request, userContext);
     }
 }
 exports.clearSessionFromAllTokenTransferMethods = clearSessionFromAllTokenTransferMethods;
-function clearSession(config, res, transferMethod) {
+function clearSession(config, res, transferMethod, request, userContext) {
     // If we can be specific about which transferMethod we want to clear, there is no reason to clear the other ones
     const tokenTypes = ["access", "refresh"];
     for (const token of tokenTypes) {
-        setToken(config, res, token, "", 0, transferMethod);
+        setToken(config, res, token, "", 0, transferMethod, request, userContext);
     }
     res.removeHeader(antiCsrfHeaderKey);
     // This can be added multiple times in some cases, but that should be OK
@@ -111,7 +111,7 @@ function getToken(req, tokenType, transferMethod) {
     }
 }
 exports.getToken = getToken;
-function setToken(config, res, tokenType, value, expires, transferMethod) {
+function setToken(config, res, tokenType, value, expires, transferMethod, req, userContext) {
     logger_1.logDebugMessage(`setToken: Setting ${tokenType} token as ${transferMethod}`);
     if (transferMethod === "cookie") {
         setCookie(
@@ -120,7 +120,9 @@ function setToken(config, res, tokenType, value, expires, transferMethod) {
             getCookieNameFromTokenType(tokenType),
             value,
             expires,
-            tokenType === "refresh" ? "refreshTokenPath" : "accessTokenPath"
+            tokenType === "refresh" ? "refreshTokenPath" : "accessTokenPath",
+            req,
+            userContext
         );
     } else if (transferMethod === "header") {
         setHeader(res, getResponseHeaderNameForTokenType(tokenType), value);
@@ -143,10 +145,13 @@ exports.setHeader = setHeader;
  * @param expires
  * @param path
  */
-function setCookie(config, res, name, value, expires, pathType) {
+function setCookie(config, res, name, value, expires, pathType, req, userContext) {
     let domain = config.cookieDomain;
     let secure = config.cookieSecure;
-    let sameSite = config.cookieSameSite;
+    let sameSite = config.getCookieSameSite({
+        request: req,
+        userContext,
+    });
     let path = "";
     if (pathType === "refreshTokenPath") {
         path = config.refreshTokenPath.getAsStringDangerous();

lib/build/recipe/session/framework/awsLambda.js

@@ -22,7 +22,7 @@ function verifySession(handler, verifySessionOptions) {
             let handlerResult = await handler(event, context, callback);
             return response.sendResponse(handlerResult);
         } catch (err) {
-            await supertokens.errorHandler(err, request, response);
+            await supertokens.errorHandler(err, request, response, userContext);
             if (response.responseSet) {
                 return response.sendResponse({});
             }

lib/build/recipe/session/framework/express.js

@@ -36,7 +36,7 @@ function verifySession(options) {
         } catch (err) {
             try {
                 const supertokens = supertokens_1.default.getInstanceOrThrowError();
-                await supertokens.errorHandler(err, request, response);
+                await supertokens.errorHandler(err, request, response, userContext);
             } catch (_a) {
                 next(err);
             }

lib/build/recipe/session/framework/fastify.js

@@ -34,7 +34,7 @@ function verifySession(options) {
             req.session = await sessionRecipe.verifySession(options, request, response, userContext);
         } catch (err) {
             const supertokens = supertokens_1.default.getInstanceOrThrowError();
-            await supertokens.errorHandler(err, request, response);
+            await supertokens.errorHandler(err, request, response, userContext);
             throw err;
         }
     };