Code review fixes

Author: bcbogdan

examples/with-next-ssr-app-directory/app/config/appInfo.ts

@@ -1,7 +1,7 @@
 export const appInfo = {
     appName: "SuperTokens Next.js demo app",
-    apiDomain: "http://localhost:3000",
-    websiteDomain: "http://localhost:3000",
+    apiDomain: "http://localhost:3333",
+    websiteDomain: "http://localhost:3333",
     apiBasePath: "/api/auth",
     websiteBasePath: "/auth",
 };

examples/with-next-ssr-app-directory/middleware.ts

@@ -64,7 +64,7 @@ function superTokensMiddleware(
             request.nextUrl.pathname.startsWith("/auth") &&
             request.nextUrl.searchParams.get(FORCE_LOGOUT_PATH_PARAM_NAME) === "true"
         ) {
-            return revokeSession(config);
+            return revokeSession(config, request);
         }
 
         // Save the current path so that we can use it during SSR

examples/with-next-ssr-app-directory/package.json

@@ -3,7 +3,7 @@
     "version": "0.1.0",
     "private": true,
     "scripts": {
-        "dev": "next dev",
+        "dev": "next dev -p 3333",
         "build": "next build",
         "start": "next start",
         "lint": "next lint"

lib/ts/nextjs/middleware.ts

@@ -85,39 +85,42 @@ export async function refreshSession(config: SuperTokensNextjsConfig, request: R
     }
 }
 
-export async function revokeSession(config: SuperTokensNextjsConfig): Promise<Response | void> {
+export async function revokeSession(config: SuperTokensNextjsConfig, request: Request): Promise<Response | void> {
     AppInfo = config.appInfo;
     if (config.enableDebugLogs) {
         enableLogging();
     }
-    const signOutURL = new URL(`${AppInfo.apiBasePath}/signout`, AppInfo.apiDomain);
+
+    const response = new Response(null, {});
+
     try {
-        const signOutResponse = await fetch(signOutURL, {
+        const accessToken =
+            getCookie(request, ACCESS_TOKEN_COOKIE_NAME) || request.headers.get(ACCESS_TOKEN_HEADER_NAME);
+        if (!accessToken) {
+            throw new Error("No access token found in the request");
+        }
+        const signOutURL = new URL(`${AppInfo.apiBasePath}/signout`, AppInfo.apiDomain);
+        await fetch(signOutURL, {
             method: "POST",
             headers: {
                 "Content-Type": "application/json",
+                [ACCESS_TOKEN_HEADER_NAME]: accessToken,
+                Cookie: `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}`,
             },
             credentials: "include",
         });
-
-        if (signOutResponse.status !== 200) {
-            return;
-        }
-
-        const response = new Response(null, {});
-        response.headers.set("x-middleware-next", "1");
-        // TODO: Delete only the cookies that are auth related
-        response.headers.delete("set-cookie");
-        response.headers.delete(ACCESS_TOKEN_HEADER_NAME);
-        response.headers.delete(REFRESH_TOKEN_HEADER_NAME);
-        response.headers.delete(FRONT_TOKEN_HEADER_NAME);
-        response.headers.delete(ANTI_CSRF_TOKEN_HEADER_NAME);
-        return response;
     } catch (err) {
-        logDebugMessage("Error revoking session");
+        logDebugMessage("Error during the sign out attempt");
         logDebugMessage(err as unknown as string);
-        return;
     }
+
+    response.headers.set("x-middleware-next", "1");
+    response.headers.delete("set-cookie");
+    response.headers.delete(ACCESS_TOKEN_HEADER_NAME);
+    response.headers.delete(REFRESH_TOKEN_HEADER_NAME);
+    response.headers.delete(FRONT_TOKEN_HEADER_NAME);
+    response.headers.delete(ANTI_CSRF_TOKEN_HEADER_NAME);
+    return response;
 }
 
 function redirectToAuthPage(request: Request): Response {
@@ -144,7 +147,8 @@ async function fetchNewTokens(currentRefreshToken: string): Promise<{
         method: "POST",
         headers: {
             "Content-Type": "application/json",
-            Cookie: `sRefreshToken=${currentRefreshToken}`,
+            [REFRESH_TOKEN_HEADER_NAME]: currentRefreshToken,
+            Cookie: `${REFRESH_TOKEN_COOKIE_NAME}=${currentRefreshToken}`,
         },
         credentials: "include",
     });

lib/ts/nextjs/ssr.ts

@@ -51,8 +51,8 @@ export default class SuperTokensNextjsSSRAPIWrapper {
      **/
     static async getSSRSession(cookies: CookiesStore, redirect: (url: string) => never): Promise<LoadedSessionContext> {
         const redirectPath = cookies.get(CURRENT_PATH_COOKIE_NAME)?.value || "/";
-        const authPagePath = `${getAuthPagePath()}?${REDIRECT_PATH_PARAM_NAME}=${redirectPath}`;
-        const refreshLocation = `${getRefreshLocation()}?${REDIRECT_PATH_PARAM_NAME}=${redirectPath}`;
+        const authPagePath = getAuthPagePath(redirectPath);
+        const refreshLocation = getRefreshLocation(redirectPath);
 
         const { state, session } = await getSSRSessionState(cookies);
         logDebugMessage(`SSR Session State: ${state}`);
@@ -77,21 +77,20 @@ export default class SuperTokensNextjsSSRAPIWrapper {
         }
     }
 
-    // TODO: This method is isolated atm to make it easier to test and debug
-    // In the end it should be merged in the getSSRSession function
-    static async getServerSidePropsSession(cookies: CookiesObject): Promise<GetServerSidePropsReturnValue> {
-        const redirectTo = "/";
+    static async getServerSidePropsSession(
+        request: Request & { cookies: CookiesObject }
+    ): Promise<GetServerSidePropsReturnValue> {
+        const requestUrl = new URL(request.url);
+        const redirectPath = requestUrl.pathname;
+        const authPagePath = getAuthPagePath(redirectPath);
+        const refreshLocation = getRefreshLocation(redirectPath);
 
-        const authPagePath = `${getAuthPagePath()}`;
-        const refreshLocation = `/api/auth/session/refresh?redirectTo=${redirectTo}`;
-
-        const { state, session } = await getSSRSessionState(cookies);
+        const { state, session } = await getSSRSessionState(request.cookies);
         logDebugMessage(`SSR Session State: ${state}`);
         switch (state) {
             case "front-token-not-found":
             case "front-token-invalid":
             case "access-token-invalid":
-                // TODO: Should we also reset the auth state(save cookies/tokens) from the frontend using a query param?
                 logDebugMessage(`Redirecting to Auth Page: ${authPagePath}`);
                 return { redirect: { destination: authPagePath, permanent: false } };
             case "front-token-expired":
@@ -114,16 +113,16 @@ export const init = SuperTokensNextjsSSRAPIWrapper.init;
 export const getSSRSession = SuperTokensNextjsSSRAPIWrapper.getSSRSession;
 export const getServerSidePropsSession = SuperTokensNextjsSSRAPIWrapper.getServerSidePropsSession;
 
-function getAuthPagePath(): string {
+function getAuthPagePath(redirectPath: string): string {
     const authPagePath = SuperTokensNextjsSSRAPIWrapper.getConfigOrThrow().appInfo.websiteBasePath || "/auth";
-    return `${authPagePath}?${FORCE_LOGOUT_PATH_PARAM_NAME}=true`;
+    return `${authPagePath}?${FORCE_LOGOUT_PATH_PARAM_NAME}=true&${REDIRECT_PATH_PARAM_NAME}=${redirectPath}`;
 }
 
-function getRefreshLocation(): string {
+function getRefreshLocation(redirectPath: string): string {
     // The backend api routes defined in appInfo might be different from what we use here.
     // This refresh route will be made available only by including the node handler in the next.js middleware
     // If someone uses nextjs with SSR, and a separate backend api server, the app info data will be invalid here.
-    return "/api/auth/session/refresh";
+    return `/api/auth/session/refresh?${REDIRECT_PATH_PARAM_NAME}=${redirectPath}`;
 }
 
 async function getSSRSessionState(

package-lock.json

@@ -91,7 +91,7 @@
     },
     "dependencies": {
         "intl-tel-input": "^17.0.19",
-        "jose": "^5.9.6",
+        "jose": "^6.0.8",
         "prop-types": "*",
         "react-qr-code": "^2.0.12",
         "supertokens-js-override": "^0.0.4"

package.json

@@ -20,6 +20,7 @@ export default [
             session: "lib/ts/recipe/session/index.ts",
             nextjsmiddleware: "lib/ts/nextjs/middleware.ts",
             nextjsssr: "lib/ts/nextjs/ssr.ts",
+            nextjspages: "lib/ts/nextjs/pages.ts",
             sessionprebuiltui: "lib/ts/recipe/session/prebuiltui.tsx",
             emailverification: "lib/ts/recipe/emailverification/index.ts",
             emailverificationprebuiltui: "lib/ts/recipe/emailverification/prebuiltui.tsx",