Add a redirect location during refresh

Author: bcbogdan

examples/with-next-ssr-app-directory/app/api/auth/[...path]/route.ts

@@ -8,29 +8,19 @@ ensureSuperTokensInit();
 
 const handleCall = getAppDirRequestHandler();
 
-// refreshSessionWithoutRequestResponse
 export async function GET(request: NextRequest) {
     if (request.method === "GET" && request.url.includes("/session/refresh")) {
+        const searchParams = request.nextUrl.searchParams;
+        const redirectTo = searchParams.get("redirectTo") || "/";
         const cookiesFromReq = await cookies();
-        // TODO: Get token from header as well st-refresh-token
         const sRefreshToken = cookiesFromReq.get("sRefreshToken")?.value;
-
-        console.log("sRefreshToken", sRefreshToken);
-
-        if (sRefreshToken) {
-            const result = await refreshSessionWithoutRequestResponse(sRefreshToken);
-            const tokens = result.getAllSessionTokensDangerously();
-            console.log("tokens");
-            console.log(tokens);
-            cookiesFromReq.set("sAccessToken", tokens.accessToken);
-            cookiesFromReq.set("sRefreshToken", tokens.refreshToken);
-            cookiesFromReq.set("sFrontToken", tokens.frontToken);
-
-            const redirect = NextResponse.redirect(new URL("/", request.url));
-            return redirect;
-        }
+        const result = await refreshSessionWithoutRequestResponse(sRefreshToken);
+        const tokens = result.getAllSessionTokensDangerously();
+        cookiesFromReq.set("sAccessToken", tokens.accessToken);
+        cookiesFromReq.set("sRefreshToken", tokens.refreshToken);
+        cookiesFromReq.set("sFrontToken", tokens.frontToken);
+        return NextResponse.redirect(new URL(redirectTo, request.url));
     }
-
     const res = await handleCall(request);
     if (!res.headers.has("Cache-Control")) {
         // This is needed for production deployments with Vercel

examples/with-next-ssr-app-directory/app/components/home.tsx

@@ -1,4 +1,4 @@
-import { cookies } from "next/headers";
+import { cookies, headers } from "next/headers";
 import styles from "../page.module.css";
 import { redirect } from "next/navigation";
 import Image from "next/image";
@@ -8,13 +8,11 @@ import { LinksComponent } from "./linksComponent";
 import { SessionAuthForNextJS } from "./sessionAuthForNextJS";
 
 import { getSSRSession } from "supertokens-auth-react/nextjs/ssr";
-// import { getSSRSession } from "../../../../lib/build/nextjs";
 
 export async function HomePage() {
     const cookiesStore = await cookies();
-
-    const session = await getSSRSession(cookiesStore, redirect);
-
+    const headersStore = await headers();
+    const session = await getSSRSession(headersStore, cookiesStore, redirect);
     console.log(session);
 
     /**

examples/with-next-ssr-app-directory/middleware.ts

@@ -7,33 +7,47 @@ import { ensureSuperTokensInit } from "./app/config/backend";
 ensureSuperTokensInit();
 
 export async function middleware(request: NextRequest & { session?: SessionContainer }) {
-    if (request.headers.has("x-user-id")) {
-        console.warn(
-            "The FE tried to pass x-user-id, which is only supposed to be a backend internal header. Ignoring."
-        );
-        request.headers.delete("x-user-id");
-    }
-
-    if (request.nextUrl.pathname.startsWith("/api/auth")) {
-        // this hits our pages/api/auth/* endpoints
-        return NextResponse.next();
-    }
-
-    return withSession(request, async (err, session) => {
-        if (err) {
-            return NextResponse.json(err, { status: 500 });
+    if (request.nextUrl.pathname.startsWith("/api")) {
+        if (request.headers.has("x-user-id")) {
+            console.warn(
+                "The FE tried to pass x-user-id, which is only supposed to be a backend internal header. Ignoring."
+            );
+            request.headers.delete("x-user-id");
         }
-        if (session === undefined) {
+
+        if (request.nextUrl.pathname.startsWith("/api/auth")) {
+            // this hits our pages/api/auth/* endpoints
             return NextResponse.next();
         }
-        return NextResponse.next({
-            headers: {
-                "x-user-id": session.getUserId(),
-            },
+
+        return withSession(request, async (err, session) => {
+            if (err) {
+                return NextResponse.json(err, { status: 500 });
+            }
+            if (session === undefined) {
+                return NextResponse.next();
+            }
+            return NextResponse.next({
+                headers: {
+                    "x-user-id": session.getUserId(),
+                },
+            });
         });
+    }
+
+    // Save the current path so that we can use it during SSR
+    // Used to redirect the user to the correct path after login/refresh
+    return NextResponse.next({
+        headers: {
+            "x-current-path": request.nextUrl.pathname,
+        },
     });
 }
 
 export const config = {
-    matcher: "/api/:path*",
+    matcher: ["/((?!api|_next/static|_next/image|favicon.ico).*)"],
 };
+
+// export const config = {
+//     matcher: "/api/:path*",
+// };

lib/ts/nextjs/ssr.ts

@@ -1,5 +1,11 @@
+import * as jose from "jose";
+
+import { enableLogging, logDebugMessage } from "../logger";
+
 import { getAppInfoFromEnv } from "./utils";
 
+import type { AccessTokenPayload, LoadedSessionContext } from "../recipe/session/types";
+
 // export class SSRConfig {
 //     static config: SuperTokensConfig | null = null;
 //     static setConfig(config: SuperTokensConfig) {
@@ -15,12 +21,6 @@ import { getAppInfoFromEnv } from "./utils";
 //     }
 // }
 //
-//
-//
-import * as jose from "jose";
-
-import type { AccessTokenPayload, LoadedSessionContext } from "../recipe/session/types";
-import { enableLogging, logDebugMessage } from "../logger";
 
 const COOKIE_ACCESS_TOKEN_NAME = "sAccessToken";
 const HEADER_ACCESS_TOKEN_NAME = "st-access-token";
@@ -44,6 +44,7 @@ const AppInfo = getAppInfoFromEnv();
  * @returns The session context value or directly redirect the user to either the login page or the refresh API
  **/
 export async function getSSRSession(
+    headers: HeadersStore,
     cookies: CookiesStore,
     redirect: (url: string) => never
 ): Promise<LoadedSessionContext>;
@@ -52,8 +53,12 @@ export async function getSSRSession(
  * @param cookies - The cookie object that can be extracted from context.req.headers.cookie
  * @returns A props object with the session context value or a redirect object
  **/
-export async function getSSRSession(cookies: CookiesObject): Promise<GetServerSidePropsReturnValue>;
 export async function getSSRSession(
+    headers: HeadersStore,
+    cookies: CookiesObject
+): Promise<GetServerSidePropsReturnValue>;
+export async function getSSRSession(
+    headers: HeadersStore,
     cookies: CookiesObject | CookiesStore,
     redirect?: (url: string) => never
 ): Promise<LoadedSessionContext | GetServerSidePropsReturnValue> {
@@ -64,38 +69,32 @@ export async function getSSRSession(
         }
     }
 
-    const refreshToken = getCookieValue(cookies, "sRefreshToken");
+    const redirectTo = headers.get("x-current-path");
+    const authPagePath = getAuthPagePath(redirectTo);
+    const refreshApiPath = getRefreshApiPath(redirectTo);
+
     const { state, session } = await getSSRSessionState(cookies);
     logDebugMessage(`SSR Session State: ${state}`);
-    const refreshResponse = await fetch(sanitizeUrl(`${AppInfo.apiDomain}/${AppInfo.apiBasePath}/session/refresh`), {
-        method: "POST",
-        headers: {
-            "Content-Type": "application/json",
-            Cookie: `sRefreshToken=${refreshToken}`,
-        },
-        credentials: "include",
-    });
-    console.log(refreshResponse);
 
     switch (state) {
         case "front-token-not-found":
         case "front-token-invalid":
         case "access-token-invalid":
             // TODO: Should we also reset the auth state(save cookies/tokens) from the frontend using a query param?
-            logDebugMessage(`Redirecting to Auth Page: ${getAuthPagePath()}`);
+            logDebugMessage(`Redirecting to Auth Page: ${authPagePath}`);
             if (!redirect) {
-                return { redirect: { destination: getAuthPagePath(), permanent: false } };
+                return { redirect: { destination: authPagePath, permanent: false } };
             } else {
-                return redirect(getAuthPagePath());
+                return redirect(authPagePath);
             }
         case "front-token-expired":
         case "access-token-not-found":
         case "tokens-do-not-match":
-            logDebugMessage(`Redirecting to refresh API: ${getRefreshApiPath()}`);
+            logDebugMessage(`Redirecting to refresh API: ${refreshApiPath}`);
             if (!redirect) {
-                return { redirect: { destination: getRefreshApiPath(), permanent: false } };
+                return { redirect: { destination: refreshApiPath, permanent: false } };
             } else {
-                return redirect(getRefreshApiPath());
+                return redirect(refreshApiPath);
             }
         case "tokens-match":
             logDebugMessage("Returning session object");
@@ -129,6 +128,8 @@ async function getSSRSessionState(
     if (!parsedFrontToken.isValid) {
         return { state: "front-token-invalid" };
     }
+
+    logDebugMessage(`Front token expires at: ${new Date(parsedFrontToken.ate)}`);
     if (parsedFrontToken.ate < Date.now()) {
         return { state: "front-token-expired" };
     }
@@ -160,11 +161,17 @@ async function getSSRSessionState(
     };
 }
 
-const getRefreshApiPath = () => {
+const getRefreshApiPath = (redirectTo: string | null) => {
+    if (redirectTo) {
+        return `${AppInfo.apiBasePath}/session/refresh?redirectTo=${redirectTo}`;
+    }
     return `${AppInfo.apiBasePath}/session/refresh`;
 };
 
-const getAuthPagePath = () => {
+const getAuthPagePath = (redirectTo: string | null) => {
+    if (redirectTo) {
+        return `${AppInfo.websiteBasePath}?redirectTo=${redirectTo}`;
+    }
     return AppInfo.websiteBasePath;
 };
 
@@ -213,6 +220,10 @@ type CookiesStore = {
     get: (name: string) => { value: string };
 };
 
+type HeadersStore = {
+    get: (name: string) => string | null;
+};
+
 function isCookiesStore(obj: unknown): obj is CookiesStore {
     return typeof obj === "object" && obj !== null && "get" in obj && typeof (obj as CookiesStore).get === "function";
 }

rollup.config.mjs

@@ -18,7 +18,6 @@ export default [
             index: "lib/ts/index.ts",
             "ui-entry": "lib/ts/ui/index.tsx",
             session: "lib/ts/recipe/session/index.ts",
-            custom: "lib/ts/custom.ts",
             nextjs: "lib/ts/nextjs/index.ts",
             nextjsssr: "lib/ts/nextjs/ssr.ts",
             sessionprebuiltui: "lib/ts/recipe/session/prebuiltui.tsx",