From 25da819774c6ea0cce9e84c2fe1dcee555f811ec Mon Sep 17 00:00:00 2001
From: Luke Vella <me@lukevella.com>
Date: Fri, 3 Nov 2023 22:33:46 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Only=20migrate=20legacy=20token?=
 =?UTF-8?q?=20if=20nextauth=20token=20doesn=E2=80=99t=20exist?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/web/src/middleware.ts | 43 ++++++++++++++++++++------------------
 1 file changed, 23 insertions(+), 20 deletions(-)

diff --git a/apps/web/src/middleware.ts b/apps/web/src/middleware.ts
index 3d3fd7d3f..c73ad99a9 100644
--- a/apps/web/src/middleware.ts
+++ b/apps/web/src/middleware.ts
@@ -42,27 +42,30 @@ export default withAuth(
 
     const res = NextResponse.rewrite(newUrl);
 
-    /**
-     * We moved from a bespoke session implementation to next-auth.
-     * This middleware looks for the old session cookie and moves it to
-     * a temporary cookie accessible to the client which will exchange it
-     * for a new session token with the legacy-token provider.
-     */
-    const legacyToken = req.cookies.get("rallly-session");
-    if (legacyToken) {
-      // delete old cookie
-      res.cookies.delete("rallly-session");
-      // make sure old cookie isn't expired
-      const payload = await unsealData(legacyToken.value, {
-        password: process.env.SECRET_PASSWORD,
-      });
-      // if it's not expired, write it to a new cookie that we
-      // can read from the client
-      if (Object.keys(payload).length > 0) {
-        res.cookies.set({
-          name: "legacy-token",
-          value: legacyToken.value,
+    if (!req.nextauth.token) {
+      /**
+       * We moved from a bespoke session implementation to next-auth.
+       * This middleware looks for the old session cookie and moves it to
+       * a temporary cookie accessible to the client which will exchange it
+       * for a new session token with the legacy-token provider.
+       */
+      const legacyToken = req.cookies.get("rallly-session");
+      if (legacyToken) {
+        // delete old cookie
+        res.cookies.delete("rallly-session");
+        // make sure old cookie isn't expired
+        const payload = await unsealData(legacyToken.value, {
+          password: process.env.SECRET_PASSWORD,
         });
+        // if it's not expired, write it to a new cookie that we
+        // can read from the client
+        if (Object.keys(payload).length > 0) {
+          res.cookies.set({
+            name: "legacy-token",
+            value: legacyToken.value,
+            httpOnly: false,
+          });
+        }
       }
     }