From 94f1acdd0786208c9f1aa5b1bef3a40cfff83ea9 Mon Sep 17 00:00:00 2001
From: Six <23470032+6ixfalls@users.noreply.github.com>
Date: Sun, 21 Jan 2024 18:06:35 -0800
Subject: [PATCH] Always use secure token

---
 apps/client/pages/api/auth/[...nextauth].ts         | 1 +
 apps/server/src/app/middleware/validate-auth-jwt.ts | 8 ++------
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/apps/client/pages/api/auth/[...nextauth].ts b/apps/client/pages/api/auth/[...nextauth].ts
index a641f0ac..3b7c9dcb 100644
--- a/apps/client/pages/api/auth/[...nextauth].ts
+++ b/apps/client/pages/api/auth/[...nextauth].ts
@@ -85,6 +85,7 @@ export const authOptions = {
         strategy: 'jwt' as SessionStrategy,
         maxAge: 1 * 24 * 60 * 60, // 1 Day
     },
+    useSecureCookies: true,
     providers: [
         CredentialsProvider({
             name: 'Credentials',
diff --git a/apps/server/src/app/middleware/validate-auth-jwt.ts b/apps/server/src/app/middleware/validate-auth-jwt.ts
index 2124c88b..2c2cd69c 100644
--- a/apps/server/src/app/middleware/validate-auth-jwt.ts
+++ b/apps/server/src/app/middleware/validate-auth-jwt.ts
@@ -8,14 +8,10 @@ export const validateAuthJwt = async (req, res, next) => {
             return res.status(500).json({ message: 'Internal Server Error' })
         }
 
-        const cookieName = req.secure
-            ? '__Secure-next-auth.session-token'
-            : 'next-auth.session-token'
-
-        if (req.cookies && cookieName in req.cookies) {
+        if (req.cookies && '__Secure-next-auth.session-token' in req.cookies) {
             try {
                 const token = await decode({
-                    token: req.cookies[cookieName],
+                    token: req.cookies['__Secure-next-auth.session-token'],
                     secret: SECRET,
                 })