From a13418306e4e1483790b2239c5f03f848c4290be Mon Sep 17 00:00:00 2001 From: Luke Vella Date: Mon, 10 Mar 2025 12:10:35 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Handle=20expired=20jwt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/web/src/auth/edge/with-auth.ts | 10 +++++++++- apps/web/src/auth/legacy/helpers/jwt.ts | 14 +++++--------- .../auth/legacy/next-auth-cookie-migration.ts | 2 +- apps/web/src/next-auth.ts | 16 ++++++++++++---- 4 files changed, 27 insertions(+), 15 deletions(-) diff --git a/apps/web/src/auth/edge/with-auth.ts b/apps/web/src/auth/edge/with-auth.ts index 2ca2a771f..00926d8fb 100644 --- a/apps/web/src/auth/edge/with-auth.ts +++ b/apps/web/src/auth/edge/with-auth.ts @@ -5,6 +5,7 @@ import NextAuth from "next-auth"; import { nextAuthConfig } from "@/next-auth.config"; import { + deleteLegacyCookie, getLegacySession, migrateLegacyJWT, } from "../legacy/next-auth-cookie-migration"; @@ -24,6 +25,7 @@ export const withAuth = ( } let isLegacySession = false; + let isExpiredLegacySession = false; if (!session) { try { @@ -32,7 +34,7 @@ export const withAuth = ( isLegacySession = true; } } catch (e) { - console.error(e); + isExpiredLegacySession = true; } } @@ -54,6 +56,7 @@ export const withAuth = ( const middlewareRes = await middleware(request); if (isLegacySession) { + console.warn("Found legacy session, migrating…"); try { await migrateLegacyJWT(middlewareRes); } catch (e) { @@ -61,6 +64,11 @@ export const withAuth = ( } } + if (isExpiredLegacySession) { + console.warn("Found expired legacy session, deleting…"); + deleteLegacyCookie(middlewareRes); + } + return middlewareRes; }; }; diff --git a/apps/web/src/auth/legacy/helpers/jwt.ts b/apps/web/src/auth/legacy/helpers/jwt.ts index ad3428165..dfa6ab3a4 100644 --- a/apps/web/src/auth/legacy/helpers/jwt.ts +++ b/apps/web/src/auth/legacy/helpers/jwt.ts @@ -9,15 +9,11 @@ export async function decodeLegacyJWT(token: string): Promise { process.env.SECRET_PASSWORD, "", ); - try { - const { payload } = await jwtDecrypt(token, encryptionSecret, { - clockTolerance: 15, - }); - return payload; - } catch (e) { - console.error(e); - return null; - } + const { payload } = await jwtDecrypt(token, encryptionSecret, { + clockTolerance: 15, + }); + + return payload; } async function getDerivedEncryptionKey( diff --git a/apps/web/src/auth/legacy/next-auth-cookie-migration.ts b/apps/web/src/auth/legacy/next-auth-cookie-migration.ts index 0f41b4451..96cd038c5 100644 --- a/apps/web/src/auth/legacy/next-auth-cookie-migration.ts +++ b/apps/web/src/auth/legacy/next-auth-cookie-migration.ts @@ -46,7 +46,7 @@ async function getLegacyJWT() { return null; } -function deleteLegacyCookie(res: NextResponse) { +export function deleteLegacyCookie(res: NextResponse) { const cookieStore = cookies(); const oldCookie = cookieStore.get(oldCookieName); if (oldCookie) { diff --git a/apps/web/src/next-auth.ts b/apps/web/src/next-auth.ts index 89f267404..9940cf213 100644 --- a/apps/web/src/next-auth.ts +++ b/apps/web/src/next-auth.ts @@ -195,12 +195,20 @@ const { }); const auth = cache(async () => { - const session = await originalAuth(); - if (session) { - return session; + try { + const session = await originalAuth(); + if (session) { + return session; + } + } catch (e) { + console.error("FAILED TO GET SESSION"); } - return getLegacySession(); + try { + return await getLegacySession(); + } catch (e) { + console.error("FAILED TO GET LEGACY SESSION"); + } }); const requireUser = async () => {