From 6c69b37192adab8dc89121327d33422f4896144a Mon Sep 17 00:00:00 2001 From: Jaleel Bennett Date: Wed, 31 Jul 2024 12:02:26 -0400 Subject: [PATCH] fix(api): converting sign out route handler to POST request to prevent accidental sign-outs during navigation --- app/api/sign-out/route.ts | 2 +- components/menu.tsx | 17 +++++++++++++---- server/auth.ts | 18 +++--------------- 3 files changed, 17 insertions(+), 20 deletions(-) diff --git a/app/api/sign-out/route.ts b/app/api/sign-out/route.ts index fc3b957..580577b 100644 --- a/app/api/sign-out/route.ts +++ b/app/api/sign-out/route.ts @@ -2,7 +2,7 @@ import { lucia, validateRequest } from "@/server/auth"; import { cookies } from "next/headers"; import { redirect } from "next/navigation"; -export async function GET(): Promise { +export async function POST(): Promise { await new Promise((resolve) => setTimeout(resolve, 1000)); const { session } = await validateRequest(); diff --git a/components/menu.tsx b/components/menu.tsx index 0803922..500e1f8 100644 --- a/components/menu.tsx +++ b/components/menu.tsx @@ -131,12 +131,21 @@ export function OptionsMenu({ user }: { user: UserInfo }) { {user && ( - - + // + // + // + // Sign Out + // + // +
+ +
)} diff --git a/server/auth.ts b/server/auth.ts index c705cf9..67020b7 100644 --- a/server/auth.ts +++ b/server/auth.ts @@ -16,11 +16,6 @@ export const lucia = new Lucia(adapter, { expires: false, attributes: { secure: process.env.NODE_ENV === "production", - sameSite: "lax", - path: "/", // Ensure the cookie is available for all paths - // domain: process.env.NEXT_PUBLIC_DOMAIN - // ? env.NEXT_PUBLIC_DOMAIN - // : undefined, }, }, getUserAttributes: (attributes) => { @@ -34,6 +29,7 @@ export const validateRequest = async (): Promise< { user: User; session: Session } | { user: null; session: null } > => { const sessionId = cookies().get(lucia.sessionCookieName)?.value ?? null; + if (!sessionId) { return { user: null, @@ -42,13 +38,11 @@ export const validateRequest = async (): Promise< } const result = await lucia.validateSession(sessionId); - console.log("validate session result", result); // next.js throws when you attempt to set cookie when rendering page try { if (result.session && result.session.fresh) { const sessionCookie = lucia.createSessionCookie(result.session.id); - console.log("session cookie when fresh", sessionCookie); cookies().set( sessionCookie.name, sessionCookie.value, @@ -57,20 +51,14 @@ export const validateRequest = async (): Promise< } if (!result.session) { const sessionCookie = lucia.createBlankSessionCookie(); - console.log("session cookie when blank", sessionCookie); cookies().set( sessionCookie.name, sessionCookie.value, sessionCookie.attributes, ); } - } catch (error) { - // console.log("error setting cookie:", result); - if (error instanceof Error) { - console.error("error setting cookie: ", error.message); - } - - console.log("result of not being able to set cookie:", error); + } catch { + console.log("error setting cookie:", result); } return result; };