Docker/Maybe
Docker/Maybe
1
0
Fork 0
mirror of https://github.com/maybe-finance/maybe.git synced 2025-08-09 07:25:19 +02:00
Code Issues Releases Activity Actions

Cookie fallback

Browse source
This commit is contained in:
Six 2024-01-21 18:14:45 -08:00
parent 94f1acdd07
commit ed4a8d558c
No known key found for this signature in database
GPG key ID: 00148D3869C21E43
2 changed files with 15 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apps/client/pages/api/auth/[...nextauth].ts
View file

@ -85,7 +85,6 @@ export const authOptions = {
strategy: 'jwt' as SessionStrategy, strategy: 'jwt' as SessionStrategy,
maxAge: 1 * 24 * 60 * 60, // 1 Day maxAge: 1 * 24 * 60 * 60, // 1 Day
}, },
useSecureCookies: true,
providers: [ providers: [
CredentialsProvider({ CredentialsProvider({
name: 'Credentials', name: 'Credentials',

17
apps/server/src/app/middleware/validate-auth-jwt.ts
View file

@ -1,17 +1,30 @@
import cookieParser from 'cookie-parser' import cookieParser from 'cookie-parser'
import { decode } from 'next-auth/jwt' import { decode } from 'next-auth/jwt'
import type { Request } from 'express'
const SECRET = process.env.NEXTAUTH_SECRET ?? 'REPLACE_THIS' const SECRET = process.env.NEXTAUTH_SECRET ?? 'REPLACE_THIS'
const getNextAuthCookie = (req: Request) => {
if (req.cookies) {
if ('__Secure-next-auth.session-token' in req.cookies) {
return req.cookies['__Secure-next-auth.session-token']
} else if ('next-auth.session-token' in req.cookies) {
return req.cookies['next-auth.session-token']
}
}
return undefined
}
export const validateAuthJwt = async (req, res, next) => { export const validateAuthJwt = async (req, res, next) => {
cookieParser(SECRET)(req, res, async (err) => { cookieParser(SECRET)(req, res, async (err) => {
if (err) { if (err) {
return res.status(500).json({ message: 'Internal Server Error' }) return res.status(500).json({ message: 'Internal Server Error' })
} }
if (req.cookies && '__Secure-next-auth.session-token' in req.cookies) { if (req.cookies && getNextAuthCookie(req)) {
try { try {
const token = await decode({ const token = await decode({
token: req.cookies['__Secure-next-auth.session-token'], token: getNextAuthCookie(req),
secret: SECRET, secret: SECRET,
}) })