Skip to content

Commit 578dc07

Browse files
bcbogdanbcbogdan
committed
check server actions
1 parent 0797deb commit 578dc07

File tree

8 files changed

+45
-73
lines changed

8 files changed

+45
-73
lines changed

lib/build/constants.js

Lines changed: 3 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/build/nextjs/constants.d.ts

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/build/nextjs/middleware.d.ts

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/build/nextjs/types.d.ts

Lines changed: 8 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/build/nextjsmiddleware.js

Lines changed: 8 additions & 29 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/ts/nextjs/constants.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,3 +11,4 @@ export const REDIRECT_ATTEMPT_COUNT_COOKIE_NAME = "sSsrSessionRefreshAttempt";
1111
export const CURRENT_PATH_COOKIE_NAME = "sCurrentPath";
1212
export const FORCE_LOGOUT_PATH_PARAM_NAME = "forceLogout";
1313
export const REDIRECT_PATH_PARAM_NAME = "stRedirectTo";
14+
export const SESSION_REFRESH_API_PATH = "/api/auth/session/refresh";

lib/ts/nextjs/middleware.ts

Lines changed: 11 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -14,57 +14,38 @@ import {
1414
FRONT_TOKEN_COOKIE_NAME,
1515
ANTI_CSRF_TOKEN_COOKIE_NAME,
1616
CURRENT_PATH_COOKIE_NAME,
17+
SESSION_REFRESH_API_PATH,
1718
} from "./constants";
1819

19-
import type { SuperTokensNextjsConfig, WithSession } from "./types";
20+
import type { ApiRequestMiddleware, SuperTokensNextjsConfig } from "./types";
2021

2122
let AppInfo: SuperTokensNextjsConfig["appInfo"];
2223
const DEFAULT_API_BASE_PATH = "/api/auth";
2324

24-
// Open questions:
25-
// - Do we need the x-user-id header?
26-
// - Do we want to enforce API route validation from the middleware
27-
// or do we explain how to do this at the API function level
28-
// - How do we pass withSession and ValidateSessionOptions together
29-
// - If we use withSession in the middleware, do we add some ability to choose which routes will be protected?
25+
// TODO: Test this inside a server action / form action
3026
export function superTokensMiddleware(
3127
config: SuperTokensNextjsConfig,
32-
withSession: WithSession
28+
apiRequestMiddleware?: ApiRequestMiddleware
3329
): (request: Request) => Promise<Response | void> {
30+
// TODO: Fix edge cases
3431
const usesTheNextjsApiAsTheAuthenticationServer = config.appInfo.apiDomain === config.appInfo.websiteDomain;
3532

3633
return async (request: Request) => {
3734
const requestUrl = new URL(request.url);
38-
if (requestUrl.pathname.startsWith("/api/auth/session/refresh") && request.method === "GET") {
35+
// TODO: Use a constant here
36+
if (requestUrl.pathname.startsWith(SESSION_REFRESH_API_PATH) && request.method === "GET") {
3937
return refreshSession(config, request);
4038
}
4139

4240
if (requestUrl.pathname.startsWith("/api") && usesTheNextjsApiAsTheAuthenticationServer) {
43-
if (request.headers.has("x-user-id")) {
44-
console.warn(
45-
"The FE tried to pass x-user-id, which is only supposed to be a backend internal header. Ignoring."
46-
);
47-
request.headers.delete("x-user-id");
48-
}
49-
5041
if (requestUrl.pathname.startsWith(config.appInfo.apiBasePath || DEFAULT_API_BASE_PATH)) {
5142
// this hits our pages/api/auth/* endpoints
5243
return next();
5344
}
5445

55-
return withSession(request, async (err, session) => {
56-
if (err) {
57-
return new Response(JSON.stringify(err), {
58-
status: 500,
59-
headers: { "Content-Type": "application/json" },
60-
});
61-
}
62-
const response = next();
63-
if (session !== undefined) {
64-
response.headers.append("x-user-id", session.getUserId());
65-
}
66-
return response;
67-
});
46+
if (apiRequestMiddleware) {
47+
return apiRequestMiddleware(request);
48+
}
6849
}
6950

7051
if (
@@ -105,6 +86,7 @@ export async function refreshSession(config: SuperTokensNextjsConfig, request: R
10586
}
10687

10788
const requestUrl = new URL(request.url);
89+
// TODO: Validate the redirect path
10890
const redirectTo = requestUrl.searchParams.get(REDIRECT_PATH_PARAM_NAME) || "/";
10991
try {
11092
const tokens = await fetchNewTokens(request);

lib/ts/nextjs/types.ts

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -64,12 +64,14 @@ export type AccessTokenPayload = {
6464
};
6565
};
6666

67-
export type WithSession = (
68-
req: Request,
69-
handler: (
70-
error: Error | undefined,
71-
session: (Record<string, unknown> & { getUserId: () => string }) | undefined
72-
) => Promise<Response>,
73-
options?: unknown,
74-
userContext?: Record<string, any>
75-
) => Promise<Response>;
67+
export interface ParsableRequest {
68+
url: string;
69+
method: string;
70+
headers: Headers;
71+
formData: () => Promise<FormData>;
72+
json: () => Promise<any>;
73+
}
74+
75+
export type ApiRequestMiddleware<Req extends ParsableRequest = Request, Res extends Response = Response> = (
76+
req: Req
77+
) => Promise<Res>;

0 commit comments

Comments
 (0)