From 25da819774c6ea0cce9e84c2fe1dcee555f811ec Mon Sep 17 00:00:00 2001 From: Luke Vella Date: Fri, 3 Nov 2023 22:33:46 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Only=20migrate=20legacy=20token?= =?UTF-8?q?=20if=20nextauth=20token=20doesn=E2=80=99t=20exist?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/web/src/middleware.ts | 43 ++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/apps/web/src/middleware.ts b/apps/web/src/middleware.ts index 3d3fd7d3f..c73ad99a9 100644 --- a/apps/web/src/middleware.ts +++ b/apps/web/src/middleware.ts @@ -42,27 +42,30 @@ export default withAuth( const res = NextResponse.rewrite(newUrl); - /** - * We moved from a bespoke session implementation to next-auth. - * This middleware looks for the old session cookie and moves it to - * a temporary cookie accessible to the client which will exchange it - * for a new session token with the legacy-token provider. - */ - const legacyToken = req.cookies.get("rallly-session"); - if (legacyToken) { - // delete old cookie - res.cookies.delete("rallly-session"); - // make sure old cookie isn't expired - const payload = await unsealData(legacyToken.value, { - password: process.env.SECRET_PASSWORD, - }); - // if it's not expired, write it to a new cookie that we - // can read from the client - if (Object.keys(payload).length > 0) { - res.cookies.set({ - name: "legacy-token", - value: legacyToken.value, + if (!req.nextauth.token) { + /** + * We moved from a bespoke session implementation to next-auth. + * This middleware looks for the old session cookie and moves it to + * a temporary cookie accessible to the client which will exchange it + * for a new session token with the legacy-token provider. + */ + const legacyToken = req.cookies.get("rallly-session"); + if (legacyToken) { + // delete old cookie + res.cookies.delete("rallly-session"); + // make sure old cookie isn't expired + const payload = await unsealData(legacyToken.value, { + password: process.env.SECRET_PASSWORD, }); + // if it's not expired, write it to a new cookie that we + // can read from the client + if (Object.keys(payload).length > 0) { + res.cookies.set({ + name: "legacy-token", + value: legacyToken.value, + httpOnly: false, + }); + } } }