From 1e93a4f65b95190879d9c5dc148781ad7a8aebf1 Mon Sep 17 00:00:00 2001
From: Luke Vella <me@lukevella.com>
Date: Fri, 3 Nov 2023 21:24:11 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Avoid=20setting=20expired=20lega?=
 =?UTF-8?q?cy=20user?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/web/src/middleware.ts | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/apps/web/src/middleware.ts b/apps/web/src/middleware.ts
index 36304080e..3d3fd7d3f 100644
--- a/apps/web/src/middleware.ts
+++ b/apps/web/src/middleware.ts
@@ -1,12 +1,13 @@
 import languages from "@rallly/languages";
 import languageParser from "accept-language-parser";
+import { unsealData } from "iron-session/edge";
 import { NextResponse } from "next/server";
 import withAuth from "next-auth/middleware";
 
 const supportedLocales = Object.keys(languages);
 
 export default withAuth(
-  function middleware(req) {
+  async function middleware(req) {
     const { headers, nextUrl } = req;
     const newUrl = nextUrl.clone();
 
@@ -49,11 +50,20 @@ export default withAuth(
      */
     const legacyToken = req.cookies.get("rallly-session");
     if (legacyToken) {
-      res.cookies.set({
-        name: "legacy-token",
-        value: legacyToken.value,
-      });
+      // delete old cookie
       res.cookies.delete("rallly-session");
+      // make sure old cookie isn't expired
+      const payload = await unsealData(legacyToken.value, {
+        password: process.env.SECRET_PASSWORD,
+      });
+      // if it's not expired, write it to a new cookie that we
+      // can read from the client
+      if (Object.keys(payload).length > 0) {
+        res.cookies.set({
+          name: "legacy-token",
+          value: legacyToken.value,
+        });
+      }
     }
 
     return res;