supertokens
diff --git a/‎examples/with-next-ssr-app-directory/app/api/auth/[...path]/route.ts‎
Lines changed: 123 additions & 10 deletions b/‎examples/with-next-ssr-app-directory/app/api/auth/[...path]/route.ts‎
Lines changed: 123 additions & 10 deletions
diff --git a/‎examples/with-next-ssr-app-directory/app/config/backend.ts‎
Lines changed: 1 addition & 0 deletions b/‎examples/with-next-ssr-app-directory/app/config/backend.ts‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎examples/with-next-ssr-app-directory/middleware.ts‎
Lines changed: 87 additions & 0 deletions b/‎examples/with-next-ssr-app-directory/middleware.ts‎
Lines changed: 87 additions & 0 deletions
@@ -8,18 +8,14 @@ ensureSuperTokensInit();
 
 const handleCall = getAppDirRequestHandler();
 
+// input
+// { refreshSessionWithoutRequestResponse }
+// async function
+//
+
 export async function GET(request: NextRequest) {
     if (request.method === "GET" && request.url.includes("/session/refresh")) {
-        const searchParams = request.nextUrl.searchParams;
-        const redirectTo = searchParams.get("redirectTo") || "/";
-        const cookiesFromReq = await cookies();
-        const sRefreshToken = cookiesFromReq.get("sRefreshToken")?.value;
-        const result = await refreshSessionWithoutRequestResponse(sRefreshToken);
-        const tokens = result.getAllSessionTokensDangerously();
-        cookiesFromReq.set("sAccessToken", tokens.accessToken);
-        cookiesFromReq.set("sRefreshToken", tokens.refreshToken);
-        cookiesFromReq.set("sFrontToken", tokens.frontToken);
-        return NextResponse.redirect(new URL(redirectTo, request.url));
+        return refreshSession(request);
     }
     const res = await handleCall(request);
     if (!res.headers.has("Cache-Control")) {
@@ -48,3 +44,120 @@ export async function PATCH(request: NextRequest) {
 export async function HEAD(request: NextRequest) {
     return handleCall(request);
 }
+
+const refreshTokenCookieName = "sRefreshToken";
+const refreshTokenHeaderName = "st-refresh-token";
+async function refreshSession(request: NextRequest) {
+    console.log("Attempting session refresh");
+
+    const cookiesFromReq = await cookies();
+    console.log("current cookies", cookiesFromReq);
+
+    const refreshToken =
+        request.cookies.get(refreshTokenCookieName)?.value || request.headers.get(refreshTokenHeaderName);
+    if (!refreshToken) {
+        return NextResponse.redirect(new URL("/auth", request.url));
+    }
+
+    const redirectTo = new URL("/", request.url);
+
+    try {
+        const refreshResponse = await fetch(`http://localhost:3000/api/auth/session/refresh`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                Cookie: `sRefreshToken=${refreshToken}`,
+            },
+            credentials: "include",
+        });
+        console.log("Performed session refresh request");
+        console.log(refreshResponse);
+        console.log(refreshResponse.headers);
+        console.log(await refreshResponse.text());
+
+        const setCookieHeaders = refreshResponse.headers.getSetCookie();
+        const frontToken = refreshResponse.headers.get("front-token");
+        if (!frontToken) {
+            return NextResponse.redirect(new URL("/auth", request.url));
+        }
+
+        // TODO: Check for csrf token
+        if (!setCookieHeaders.length) {
+            return NextResponse.redirect(new URL("/auth", request.url));
+        }
+
+        const response = NextResponse.redirect(redirectTo);
+        let sAccessToken: string | null = null;
+        let sRefreshToken: string | null = null;
+        for (const header of setCookieHeaders) {
+            if (header.includes("sAccessToken")) {
+                const match = header.match(/sAccessToken=([^;]+)/);
+                sAccessToken = match ? match[1] : null;
+            }
+            if (header.includes("sRefreshToken")) {
+                const match = header.match(/sRefreshToken=([^;]+)/);
+                sRefreshToken = match ? match[1] : null;
+            }
+            response.headers.append("set-cookie", header);
+        }
+
+        response.headers.append("set-cookie", `sFrontToken=${frontToken}`);
+        response.headers.append("front-token", frontToken);
+        response.headers.append("frontToken", frontToken);
+        if (sAccessToken) {
+            response.headers.append("sAccessToken", sAccessToken);
+
+            cookiesFromReq.set("sAccessToken", sAccessToken);
+        }
+        if (sRefreshToken) {
+            response.headers.append("sRefreshToken", sRefreshToken);
+
+            cookiesFromReq.set("sRefreshToken", sRefreshToken);
+        }
+
+        cookiesFromReq.set("sFrontToken", frontToken);
+
+        console.log(sAccessToken, sRefreshToken);
+
+        return response;
+    } catch (err) {
+        console.error("Error refreshing session");
+        console.error(err);
+        return NextResponse.redirect(new URL("/auth", request.url));
+    }
+}
+
+// async function saveTokensFromHeaders(response: Response) {
+//     logDebugMessage("saveTokensFromHeaders: Saving updated tokens from the response headers");
+//
+//     const refreshToken = response.headers.get("st-refresh-token");
+//     if (refreshToken !== null) {
+//         logDebugMessage("saveTokensFromHeaders: saving new refresh token");
+//         await setToken("refresh", refreshToken);
+//     }
+//
+//     const accessToken = response.headers.get("st-access-token");
+//     if (accessToken !== null) {
+//         logDebugMessage("saveTokensFromHeaders: saving new access token");
+//         await setToken("access", accessToken);
+//     }
+//
+//     const frontToken = response.headers.get("front-token");
+//     if (frontToken !== null) {
+//         logDebugMessage("saveTokensFromHeaders: Setting sFrontToken: " + frontToken);
+//         await FrontToken.setItem(frontToken);
+//         updateClockSkewUsingFrontToken({ frontToken, responseHeaders: response.headers });
+//     }
+//     const antiCsrfToken = response.headers.get("anti-csrf");
+//     if (antiCsrfToken !== null) {
+//         // At this point, the session has either been newly created or refreshed.
+//         // Thus, there's no need to call getLocalSessionState with tryRefresh: true.
+//         // Calling getLocalSessionState with tryRefresh: true will cause a refresh loop
+//         // if cookie writes are disabled.
+//         const tok = await getLocalSessionState(false);
+//         if (tok.status === "EXISTS") {
+//             logDebugMessage("saveTokensFromHeaders: Setting anti-csrf token");
+//             await AntiCsrfToken.setItem(tok.lastAccessTokenUpdate, antiCsrfToken);
+//         }
+//     }
+// }
@@ -10,6 +10,7 @@ import SuperTokens from "supertokens-node";
 
 export let backendConfig = (): TypeInput => {
     return {
+        // debug: true,
         supertokens: {
             // this is the location of the SuperTokens core.
             connectionURI: "https://try.supertokens.com",
 
@@ -7,6 +7,10 @@ import { ensureSuperTokensInit } from "./app/config/backend";
 ensureSuperTokensInit();
 
 export async function middleware(request: NextRequest & { session?: SessionContainer }) {
+    // if (request.nextUrl.pathname.startsWith("/api/refresh")) {
+    //     return refreshSession(request);
+    // }
+
     if (request.nextUrl.pathname.startsWith("/api")) {
         if (request.headers.has("x-user-id")) {
             console.warn(
@@ -24,6 +28,7 @@ export async function middleware(request: NextRequest & { session?: SessionConta
             if (err) {
                 return NextResponse.json(err, { status: 500 });
             }
+
             if (session === undefined) {
                 return NextResponse.next();
             }
@@ -35,6 +40,11 @@ export async function middleware(request: NextRequest & { session?: SessionConta
         });
     }
 
+    const shouldRefresh = request.nextUrl.searchParams.get("forceRefresh") === "true";
+    if (shouldRefresh) {
+        return refreshSession(request);
+    }
+
     // Save the current path so that we can use it during SSR
     // Used to redirect the user to the correct path after login/refresh
     return NextResponse.next({
@@ -44,6 +54,83 @@ export async function middleware(request: NextRequest & { session?: SessionConta
     });
 }
 
+const refreshTokenCookieName = "sRefreshToken";
+const refreshTokenHeaderName = "st-refresh-token";
+
+async function refreshSession(request: NextRequest) {
+    console.log("Attempting session refresh");
+    const refreshToken =
+        request.cookies.get(refreshTokenCookieName)?.value || request.headers.get(refreshTokenHeaderName);
+    if (!refreshToken) {
+        return NextResponse.redirect(new URL("/auth", request.url));
+    }
+
+    const redirectTo = request.nextUrl.pathname;
+    console.log(`Should redirect to ${redirectTo}`);
+    try {
+        const refreshResponse = await fetch(`http://localhost:3000/api/auth/session/refresh`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                Cookie: `sRefreshToken=${refreshToken}`,
+            },
+            credentials: "include",
+        });
+        console.log("Performed session refresh request");
+
+        const setCookieHeaders = refreshResponse.headers.getSetCookie();
+        console.log(refreshResponse);
+        console.log(refreshResponse.headers);
+        console.log("Cookies", setCookieHeaders);
+
+        if (!setCookieHeaders.length) {
+            return NextResponse.redirect(new URL("/auth", request.url));
+        }
+
+        const frontToken = refreshResponse.headers.get("front-token");
+        if (!frontToken) {
+            return NextResponse.redirect(new URL("/auth", request.url));
+        }
+
+        let sAccessToken: string | null = null;
+        let sRefreshToken: string | null = null;
+
+        const redirectTo = new URL("/", request.url);
+        const response = NextResponse.redirect(redirectTo);
+        for (const header of setCookieHeaders) {
+            if (header.includes("sAccessToken")) {
+                const match = header.match(/sAccessToken=([^;]+)/);
+                sAccessToken = match ? match[1] : null;
+            }
+            if (header.includes("sRefreshToken")) {
+                const match = header.match(/sRefreshToken=([^;]+)/);
+                sRefreshToken = match ? match[1] : null;
+            }
+            response.headers.append("set-cookie", header);
+        }
+
+        response.headers.append("set-cookie", `sFrontToken=${frontToken}`);
+        response.headers.append("front-token", frontToken);
+        response.headers.append("frontToken", frontToken);
+        if (sAccessToken) {
+            response.headers.append("sAccessToken", sAccessToken);
+            response.cookies.set("sAccessToken", sAccessToken);
+        }
+        if (sRefreshToken) {
+            response.headers.append("sRefreshToken", sRefreshToken);
+
+            response.cookies.set("sRefreshToken", sRefreshToken);
+        }
+
+        response.cookies.set("sFrontToken", frontToken);
+        return response;
+    } catch (err) {
+        console.error("Error refreshing session");
+        console.error(err);
+        return NextResponse.redirect(new URL("/auth", request.url));
+    }
+}
+
 export const config = {
     matcher: ["/((?!api|_next/static|_next/image|favicon.ico).*)"],
 };