🔥 Remove support for legacy sessions (#1654)

2025-06-06 04:31:50 +02:00 · 2025-03-31 15:54:21 +01:00 · 2025-03-31 15:54:21 +01:00 · 13e078cb88
commit 13e078cb88
parent 0bdceb7bbe
5 changed files with 0 additions and 219 deletions
--- a/apps/web/src/auth/edge/with-auth.ts
+++ b/apps/web/src/auth/edge/with-auth.ts
@ -4,12 +4,6 @@ import NextAuth from "next-auth";

 import { nextAuthConfig } from "@/next-auth.config";

-import {
-  deleteLegacyCookie,
-  getLegacySession,
-  migrateLegacyJWT,
-} from "../legacy/next-auth-cookie-migration";
-
 const { auth } = NextAuth(nextAuthConfig);

 export const withAuth = (
@ -24,20 +18,6 @@ export const withAuth = (
      console.error(e);
    }

-    let isLegacySession = false;
-    let isExpiredLegacySession = false;
-
-    if (!session) {
-      try {
-        session = await getLegacySession();
-        if (session) {
-          isLegacySession = true;
-        }
-      } catch {
-        isExpiredLegacySession = true;
-      }
-    }
-
    try {
      const res = await nextAuthConfig.callbacks.authorized({
        request,
@ -55,20 +35,6 @@ export const withAuth = (

    const middlewareRes = await middleware(request);

-    if (isLegacySession) {
-      console.warn("Found legacy session, migrating…");
-      try {
-        await migrateLegacyJWT(middlewareRes);
-      } catch (e) {
-        console.error(e);
-      }
-    }
-
-    if (isExpiredLegacySession) {
-      console.warn("Found expired legacy session, deleting…");
-      deleteLegacyCookie(middlewareRes);
-    }
-
    return middlewareRes;
  };
 };
--- a/apps/web/src/auth/legacy/helpers/jwt.ts
+++ b/apps/web/src/auth/legacy/helpers/jwt.ts
@ -1,30 +0,0 @@
-import hkdf from "@panva/hkdf";
-import { jwtDecrypt } from "jose";
-import type { JWT } from "next-auth/jwt";
-
-/** Decodes a NextAuth.js issued JWT. */
-export async function decodeLegacyJWT(token: string): Promise<JWT | null> {
-  if (!token) return null;
-  const encryptionSecret = await getDerivedEncryptionKey(
-    process.env.SECRET_PASSWORD,
-    "",
-  );
-  const { payload } = await jwtDecrypt(token, encryptionSecret, {
-    clockTolerance: 15,
-  });
-
-  return payload;
-}
-
-async function getDerivedEncryptionKey(
-  keyMaterial: string | Uint8Array,
-  salt: string,
-) {
-  return await hkdf(
-    "sha256",
-    keyMaterial,
-    salt,
-    `NextAuth.js Generated Encryption Key${salt ? ` (${salt})` : ""}`,
-    32,
-  );
-}
--- a/apps/web/src/auth/legacy/next-auth-cookie-migration.ts
+++ b/apps/web/src/auth/legacy/next-auth-cookie-migration.ts
@ -1,91 +0,0 @@
-import { absoluteUrl } from "@rallly/utils/absolute-url";
-import { cookies } from "next/headers";
-import type { NextResponse } from "next/server";
-import type { Session } from "next-auth";
-import type { JWT } from "next-auth/jwt";
-import { encode } from "next-auth/jwt";
-
-import { decodeLegacyJWT } from "./helpers/jwt";
-
-const isSecureCookie = absoluteUrl().startsWith("https://");
-
-const prefix = isSecureCookie ? "__Secure-" : "";
-
-const oldCookieName = prefix + "next-auth.session-token";
-const newCookieName = prefix + "authjs.session-token";
-
-export async function getLegacySession(): Promise<Session | null> {
-  const cookieStore = cookies();
-  const legacySessionCookie = cookieStore.get(oldCookieName);
-  if (legacySessionCookie && legacySessionCookie.value) {
-    const decodedCookie = await decodeLegacyJWT(legacySessionCookie.value);
-
-    if (decodedCookie?.sub) {
-      const { sub: id, ...rest } = decodedCookie;
-      return {
-        user: { id, ...rest },
-        expires: decodedCookie.exp
-          ? new Date(decodedCookie.exp * 1000).toISOString()
-          : new Date(Date.now() + 30 * 60 * 60 * 1000).toISOString(),
-      };
-    }
-  }
-
-  return null;
-}
-
-async function getLegacyJWT() {
-  const cookieStore = cookies();
-  const legacySessionCookie = cookieStore.get(oldCookieName);
-  if (legacySessionCookie) {
-    const decodedCookie = await decodeLegacyJWT(legacySessionCookie.value);
-    if (decodedCookie) {
-      return decodedCookie;
-    }
-  }
-  return null;
-}
-
-export function deleteLegacyCookie(res: NextResponse) {
-  const cookieStore = cookies();
-  const oldCookie = cookieStore.get(oldCookieName);
-  if (oldCookie) {
-    // Delete the old cookie
-    res.cookies.set(oldCookieName, oldCookie.value, {
-      httpOnly: true,
-      secure: isSecureCookie,
-      expires: new Date(0),
-      sameSite: "lax",
-      path: "/",
-    });
-  }
-}
-
-async function setNewSessionCookie(res: NextResponse, jwt: JWT) {
-  const newJWT = await encode({
-    token: jwt,
-    secret: process.env.SECRET_PASSWORD,
-    salt: newCookieName,
-  });
-
-  // Set new session cookie
-  res.cookies.set(newCookieName, newJWT, {
-    httpOnly: true,
-    secure: isSecureCookie,
-    expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 7),
-    sameSite: "lax",
-    path: "/",
-  });
-}
-
-/**
- * Replace the old legacy cookie with the new one
- */
-export async function migrateLegacyJWT(res: NextResponse) {
-  const legacyJWT = await getLegacyJWT();
-
-  if (legacyJWT) {
-    await setNewSessionCookie(res, legacyJWT);
-    deleteLegacyCookie(res);
-  }
-}
--- a/apps/web/src/next-auth.ts
+++ b/apps/web/src/next-auth.ts
@ -9,7 +9,6 @@ import z from "zod";
 import { CustomPrismaAdapter } from "./auth/adapters/prisma";
 import { isEmailBanned, isEmailBlocked } from "./auth/helpers/is-email-blocked";
 import { mergeGuestsIntoUser } from "./auth/helpers/merge-user";
-import { getLegacySession } from "./auth/legacy/next-auth-cookie-migration";
 import { EmailProvider } from "./auth/providers/email";
 import { GoogleProvider } from "./auth/providers/google";
 import { GuestProvider } from "./auth/providers/guest";
@ -203,12 +202,6 @@ const auth = cache(async () => {
  } catch (e) {
    console.error("FAILED TO GET SESSION", e);
  }
-
-  try {
-    return await getLegacySession();
-  } catch (e) {
-    console.error("FAILED TO GET LEGACY SESSION", e);
-  }
 });

 const requireUser = async () => {
--- a/apps/web/tests/next-auth-migration.spec.ts
+++ b/apps/web/tests/next-auth-migration.spec.ts
@ -1,57 +0,0 @@
-import { expect, test } from "@playwright/test";
-import { prisma } from "@rallly/database";
-
-import { encode } from "./helpers/next-auth-v4";
-
-const legacyGuestId = "user-1234";
-
-test.describe.serial(() => {
-  test.beforeAll(async () => {
-    await prisma.poll.create({
-      data: {
-        id: "legacy-guest-poll",
-        title: "Test Poll",
-        adminUrlId: "admin-url-id",
-        participantUrlId: "participant-url-id",
-        guestId: legacyGuestId,
-      },
-    });
-  });
-  test.afterAll(async () => {
-    await prisma.poll.delete({
-      where: {
-        id: "legacy-guest-poll",
-      },
-    });
-  });
-
-  test("should see poll on login page", async ({ page }) => {
-    const context = page.context();
-    const legacyToken = await encode({
-      token: {
-        sub: legacyGuestId,
-      },
-      secret: process.env.SECRET_PASSWORD,
-    });
-
-    // set cookie to simulate legacy guest
-    await context.addCookies([
-      {
-        name: "next-auth.session-token",
-        value: legacyToken,
-        httpOnly: true,
-        expires: Date.now() / 1000 + 60 * 60 * 24 * 7,
-        secure: false,
-        sameSite: "Lax",
-        domain: "localhost",
-        path: "/",
-      },
-    ]);
-
-    // For some reason it doesn't work unless we need to redirect
-    await page.goto("/login");
-
-    // Check if the poll title exists in the page content
-    await expect(page.getByText("Test Poll")).toBeVisible();
-  });
-});