secure cookies
This commit is contained in:
parent
10cf2072dc
commit
3da302e35f
GPG Key ID:
1688DA83D222D0B5
@ -4,12 +4,17 @@ import Cookies from 'cookies';
|
||||
import { NextApiRequest, NextApiResponse } from 'next';
|
||||
import { COOKIE_KEYS } from '../../lib/constants';
|
||||
|
||||
const inProd = process.env.NODE_ENV === 'production';
|
||||
|
||||
const handler = (req: NextApiRequest, res: NextApiResponse) => {
|
||||
return new Promise((resolve, reject) => {
|
||||
// removes the api prefix from url
|
||||
// req.url = req.url!.replace(/^\/api/, '');
|
||||
|
||||
const cookies = new Cookies(req, res, { keys: COOKIE_KEYS });
|
||||
const cookies = new Cookies(req, res, {
|
||||
keys: COOKIE_KEYS,
|
||||
secure: inProd,
|
||||
});
|
||||
const authorization = cookies.get('authorization', { signed: true });
|
||||
|
||||
// don't forwards the cookies to the target server
|
||||
|
||||
@ -5,6 +5,8 @@ import Cookies from 'cookies';
|
||||
import { COOKIE_KEYS, REDIRECT_URL } from '../../lib/constants';
|
||||
import { decrypt } from '../../lib/utils/crypto';
|
||||
|
||||
const inProd = process.env.NODE_ENV === 'production';
|
||||
|
||||
export default async function handler(
|
||||
req: NextApiRequest,
|
||||
res: NextApiResponse
|
||||
@ -14,7 +16,7 @@ export default async function handler(
|
||||
}
|
||||
|
||||
const getAuth = await getAccessToken(req.query.code as string);
|
||||
const cookies = new Cookies(req, res, { keys: COOKIE_KEYS });
|
||||
const cookies = new Cookies(req, res, { keys: COOKIE_KEYS, secure: inProd });
|
||||
|
||||
if (getAuth) {
|
||||
const decrypted = decrypt(req.query.state as string);
|
||||
@ -30,14 +32,14 @@ export default async function handler(
|
||||
|
||||
cookies.set('authorization', getAuth.access_token, {
|
||||
expires: new Date(Date.now() + getAuth.expires_in * 1000),
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
secure: inProd,
|
||||
sameSite: 'strict',
|
||||
signed: true,
|
||||
});
|
||||
|
||||
cookies.set('validation', undefined, {
|
||||
expires: new Date(0),
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
secure: inProd,
|
||||
sameSite: 'strict',
|
||||
signed: true,
|
||||
});
|
||||
|
||||
@ -8,6 +8,8 @@ import {
|
||||
} from '../../lib/constants';
|
||||
import { encrypt, generateString } from '../../lib/utils/crypto';
|
||||
|
||||
const inProd = process.env.NODE_ENV === 'production';
|
||||
|
||||
export default function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
const stateToken = generateString(16);
|
||||
const state = encrypt(
|
||||
@ -25,10 +27,10 @@ export default function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
state,
|
||||
});
|
||||
|
||||
const cookies = new Cookies(req, res, { keys: COOKIE_KEYS });
|
||||
const cookies = new Cookies(req, res, { keys: COOKIE_KEYS, secure: inProd });
|
||||
|
||||
cookies.set('validation', stateToken, {
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
secure: inProd,
|
||||
signed: true,
|
||||
});
|
||||
|
||||
|
||||
@ -3,14 +3,17 @@ import { NextApiRequest, NextApiResponse } from 'next';
|
||||
import Cookies from 'cookies';
|
||||
import { COOKIE_KEYS } from '../../lib/constants';
|
||||
|
||||
const inProd = process.env.NODE_ENV === 'production';
|
||||
|
||||
export default async function handler(
|
||||
req: NextApiRequest,
|
||||
res: NextApiResponse
|
||||
) {
|
||||
const cookies = new Cookies(req, res, { keys: COOKIE_KEYS });
|
||||
const cookies = new Cookies(req, res, { keys: COOKIE_KEYS, secure: inProd });
|
||||
cookies.set('authorization', undefined, {
|
||||
expires: new Date(0),
|
||||
signed: true,
|
||||
secure: inProd,
|
||||
});
|
||||
res.redirect('/');
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user