chore(core): cleanup

Author: balazsorban44

packages/core/src/lib/index.ts

@@ -72,9 +72,9 @@ export async function AuthInternal<
         if (pages.signIn) {
           let signinUrl = `${pages.signIn}${
             pages.signIn.includes("?") ? "&" : "?"
-          }callbackUrl=${encodeURIComponent(options.callbackUrl)}`
+          }${new URLSearchParams({ callbackUrl: options.callbackUrl })}`
           if (error)
-            signinUrl = `${signinUrl}&error=${encodeURIComponent(error)}`
+            signinUrl = `${signinUrl}&${new URLSearchParams({ error })}`
           return { redirect: signinUrl, cookies }
         }
 

packages/core/src/lib/oauth/authorization-url.ts

@@ -90,5 +90,5 @@ export async function getAuthorizationUrl(
   }
 
   logger.debug("authorization url is ready", { url, cookies, provider })
-  return { redirect: url, cookies }
+  return { redirect: url.toString(), cookies }
 }

packages/core/src/lib/routes/callback.ts

@@ -149,7 +149,7 @@ export async function callback(params: {
         return {
           redirect: `${pages.newUser}${
             pages.newUser.includes("?") ? "&" : "?"
-          }callbackUrl=${encodeURIComponent(callbackUrl)}`,
+          }${new URLSearchParams({ callbackUrl })}`,
           cookies,
         }
       }
@@ -256,7 +256,7 @@ export async function callback(params: {
         return {
           redirect: `${pages.newUser}${
             pages.newUser.includes("?") ? "&" : "?"
-          }callbackUrl=${encodeURIComponent(callbackUrl)}`,
+          }${new URLSearchParams({ callbackUrl })}`,
           cookies,
         }
       }
@@ -350,6 +350,6 @@ export async function callback(params: {
     logger.error(error)
     url.searchParams.set("error", CallbackRouteError.name)
     url.pathname += "/error"
-    return { redirect: url, cookies }
+    return { redirect: url.toString(), cookies }
   }
 }

packages/core/src/lib/routes/shared.ts

@@ -13,13 +13,13 @@ export async function handleAuthorized(
     if (!authorized) {
       logger.debug("User not authorized", params)
       url.searchParams.set("error", "AccessDenied")
-      return { status: 403 as const, redirect: url }
+      return { status: 403 as const, redirect: url.toString() }
     }
   } catch (e) {
     const error = new AuthorizedCallbackError(e as Error)
     logger.error(error)
     url.searchParams.set("error", "Configuration")
-    return { status: 500 as const, redirect: url }
+    return { status: 500 as const, redirect: url.toString() }
   }
 }
 

packages/core/src/lib/routes/signin.ts

@@ -54,7 +54,7 @@ export async function signin(
     logger.error(error)
     url.searchParams.set("error", error.name)
     url.pathname += "/error"
-    return { redirect: url }
+    return { redirect: url.toString() }
   }
 }
 

packages/core/src/lib/routes/signout.ts

@@ -8,7 +8,7 @@ import type { SessionStore } from "../cookie.js"
  * If the session strategy is database,
  * The session is also deleted from the database.
  * In any case, the session cookie is cleared and
- * an `events.signOut` is emitted.
+ * {@link EventCallbacks.signOut} is emitted.
  */
 export async function signout(
   sessionStore: SessionStore,

packages/core/src/lib/web.ts

@@ -76,27 +76,22 @@ export function toResponse(res: ResponseInternal): Response {
   res.cookies?.forEach((cookie) => {
     const { name, value, options } = cookie
     const cookieHeader = serialize(name, value, options)
-    if (headers.has("Set-Cookie")) {
-      headers.append("Set-Cookie", cookieHeader)
-    } else {
-      headers.set("Set-Cookie", cookieHeader)
-    }
+    if (headers.has("Set-Cookie")) headers.append("Set-Cookie", cookieHeader)
+    else headers.set("Set-Cookie", cookieHeader)
     // headers.set("Set-Cookie", cookieHeader) // TODO: Remove. Seems to be a bug with Headers in the runtime
   })
 
-  const body =
-    headers.get("content-type") === "application/json"
-      ? JSON.stringify(res.body)
-      : res.body
+  let body = res.body
 
-  const response = new Response(body, {
-    headers,
-    status: res.redirect ? 302 : res.status ?? 200,
-  })
+  if (headers.get("content-type") === "application/json")
+    body = JSON.stringify(res.body)
+  else if (headers.get("content-type") === "application/x-www-form-urlencoded")
+    body = new URLSearchParams(res.body).toString()
 
-  if (res.redirect) {
-    response.headers.set("Location", res.redirect.toString())
-  }
+  const status = res.redirect ? 302 : res.status ?? 200
+  const response = new Response(body, { headers, status })
+
+  if (res.redirect) response.headers.set("Location", res.redirect)
 
   return response
 }

packages/core/src/types.ts

@@ -203,7 +203,7 @@ export interface CallbacksOptions<P = Profile, A = Account> {
    * Its content is forwarded to the `session` callback,
    * where you can control what should be returned to the client.
    * Anything else will be kept inaccessible from the client.
-   * 
+   *
    * Returning `null` will invalidate the JWT session by clearing
    * the user's cookies. You'll still have to monitor and invalidate
    * unexpired tokens from future requests yourself to prevent
@@ -220,7 +220,7 @@ export interface CallbacksOptions<P = Profile, A = Account> {
     account?: A | null
     profile?: P
     isNewUser?: boolean
-  }) => Awaitable<JWT|null>
+  }) => Awaitable<JWT | null>
 }
 
 /** [Documentation](https://authjs.dev/reference/configuration/auth-config#cookies) */
@@ -452,7 +452,7 @@ export interface ResponseInternal<
   status?: number
   headers?: Headers | HeadersInit
   body?: Body
-  redirect?: URL | string
+  redirect?: string
   cookies?: Cookie[]
 }