feat(auth): setting domain to allow cookies to be shared across subdo…

…mains ??

env.ts

@@ -21,10 +21,12 @@ export const env = createEnv({
   },
   client: {
     NEXT_PUBLIC_APP_URL: z.string().min(1),
+    NEXT_PUBLIC_DOMAIN: z.string().min(1),
   },
   runtimeEnv: {
     NODE_ENV: process.env.NODE_ENV,
     NEXT_PUBLIC_APP_URL: process.env.NEXT_PUBLIC_APP_URL,
+    NEXT_PUBLIC_DOMAIN: process.env.NEXT_PUBLIC_DOMAIN,
     DATABASE_URL: process.env.DATABASE_URL,
     DB_AUTH_TOKEN: process.env.DB_AUTH_TOKEN,
     GOOGLE_CLIENT_ID: process.env.GOOGLE_CLIENT_ID,

middleware.ts

@@ -1,44 +1,15 @@
 import { NextResponse } from "next/server";
 import type { NextRequest } from "next/server";
+import { validateRequest } from "./server/auth";
 
-export function middleware(request: NextRequest) {
-  const res = NextResponse.next();
-
-  const origin = request.headers.get("origin");
-  const allowedOrigins = ["https://www.readiumx.com", "https://readiumx.com"];
-
-  if (request.method === "OPTIONS") {
-    res.headers.append("Access-Control-Allow-Origin", origin!);
-    res.headers.append("Access-Control-Allow-Credentials", "true");
-    res.headers.append(
-      "Access-Control-Allow-Methods",
-      "GET,DELETE,PATCH,POST,PUT,OPTIONS",
-    );
-    res.headers.append(
-      "Access-Control-Allow-Headers",
-      "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version",
-    );
-
-    return res;
+export async function middleware(request: NextRequest) {
+  const { session } = await validateRequest();
+  if (!session) {
+    return NextResponse.redirect(new URL("/signin", request.url));
   }
-
-  if (origin && !allowedOrigins.includes(origin)) {
-    res.headers.append("Access-Control-Allow-Origin", origin);
-  }
-
-  res.headers.append("Access-Control-Allow-Credentials", "true");
-  res.headers.append(
-    "Access-Control-Allow-Methods",
-    "GET,DELETE,PATCH,POST,PUT,OPTIONS",
-  );
-  res.headers.append(
-    "Access-Control-Allow-Headers",
-    "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version",
-  );
-
-  return res;
+  return NextResponse.next();
 }
 
 export const config = {
-  matcher: "/api/:path*",
+  matcher: ["/history", "/bookmarks"],
 };

server/auth.ts

@@ -18,6 +18,9 @@ export const lucia = new Lucia(adapter, {
       secure: process.env.NODE_ENV === "production",
       sameSite: "lax",
       path: "/", // Ensure the cookie is available for all paths
+      domain: process.env.NEXT_PUBLIC_DOMAIN
+        ? env.NEXT_PUBLIC_DOMAIN
+        : undefined,
     },
   },
   getUserAttributes: (attributes) => {