Docker/Maybe
Docker/Maybe
1
0
Fork 0
mirror of https://github.com/maybe-finance/maybe.git synced 2025-08-09 07:25:19 +02:00
Code Issues Releases Activity Actions

Always use secure token

Browse source
This commit is contained in:
Six 2024-01-21 18:06:35 -08:00 committed by GitHub
parent fea3985e24
commit 94f1acdd07
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 3 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apps/client/pages/api/auth/[...nextauth].ts
View file

@ -85,6 +85,7 @@ export const authOptions = {
strategy: 'jwt' as SessionStrategy, strategy: 'jwt' as SessionStrategy,
maxAge: 1 * 24 * 60 * 60, // 1 Day maxAge: 1 * 24 * 60 * 60, // 1 Day
}, },
useSecureCookies: true,
providers: [ providers: [
CredentialsProvider({ CredentialsProvider({
name: 'Credentials', name: 'Credentials',

8
apps/server/src/app/middleware/validate-auth-jwt.ts
View file

@ -8,14 +8,10 @@ export const validateAuthJwt = async (req, res, next) => {
return res.status(500).json({ message: 'Internal Server Error' }) return res.status(500).json({ message: 'Internal Server Error' })
} }
const cookieName = req.secure if (req.cookies && '__Secure-next-auth.session-token' in req.cookies) {
? '__Secure-next-auth.session-token'
: 'next-auth.session-token'
if (req.cookies && cookieName in req.cookies) {
try { try {
const token = await decode({ const token = await decode({
token: req.cookies[cookieName], token: req.cookies['__Secure-next-auth.session-token'],
secret: SECRET, secret: SECRET,
}) })