Skip to content

Commit

Permalink
use LAX cookie (#4860)
Browse files Browse the repository at this point in the history
  • Loading branch information
mattcasey authored Oct 21, 2024
1 parent baacb80 commit 4ca7485
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 4 deletions.
3 changes: 2 additions & 1 deletion @connect-shared/lib/session/config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,6 @@ export type SessionData = {

export function getIronOptions() {
const cookieName = process.env.AUTH_COOKIE || getIronOptionsRoot().cookieName;
return { ...getIronOptionsRoot(), cookieName };
// "LAX" allows us to redirect users to the app from other websites/emails while they are logged in
return { ...getIronOptionsRoot({ sameSite: 'lax' }), cookieName };
}
2 changes: 1 addition & 1 deletion apps/scoutgame/app/api/login-dev/route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ export async function GET(request: Request) {

const cookieName = process.env.AUTH_COOKIE || getIronOptions().cookieName;

response.headers.set('Set-Cookie', `${cookieName}=${sealedSession}; HttpOnly; Secure; SameSite=Strict; Path=/`);
response.headers.set('Set-Cookie', `${cookieName}=${sealedSession}; HttpOnly; Secure; SameSite=Lax; Path=/`);

return response;
}
4 changes: 4 additions & 0 deletions apps/scoutgame/app/api/session/refresh/route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ import type { NextRequest } from 'next/server';
// This API Route is non-blocking and called on every page load. Use it to refresh things about the current user
export async function GET(req: NextRequest) {
const session = await getSession();

// save session to update the LAX cookie
await session.save();

const userId = session.scoutId;
if (userId) {
const scout = await prisma.scout.findUnique({
Expand Down
20 changes: 20 additions & 0 deletions apps/scoutgame/components/login/LoginPage.tsx
Original file line number Diff line number Diff line change
@@ -1,13 +1,33 @@
'use client';

import { log } from '@charmverse/core/log';
import { Box, Typography } from '@mui/material';
import Image from 'next/image';
import { useRouter } from 'next/navigation';
import { createContext, useEffect, useContext, useMemo, useState } from 'react';

import { SinglePageLayout } from 'components/common/Layout';
import { WarpcastLogin } from 'components/common/WarpcastLogin/WarpcastLogin';
import { InfoBackgroundImage } from 'components/layout/InfoBackgroundImage';
import { useGetUserTrigger } from 'hooks/api/session';

import { LaunchDate } from './LaunchDate';

export function LoginPage() {
const { trigger: triggerReload } = useGetUserTrigger();
const router = useRouter();
// HACK: Remove this after we change session cookies to LAX
useEffect(() => {
async function loadUser() {
const updated = await triggerReload();
if (updated) {
log.info('Redirect user to profile from login page', { userId: updated.id });
router.push('/profile?tab=win');
}
}
loadUser();
}, []);

Check warning on line 29 in apps/scoutgame/components/login/LoginPage.tsx

View workflow job for this annotation

GitHub Actions / Test apps

React Hook useEffect has missing dependencies: 'router' and 'triggerReload'. Either include them or remove the dependency array

Check warning on line 29 in apps/scoutgame/components/login/LoginPage.tsx

View workflow job for this annotation

GitHub Actions / Test apps

React Hook useEffect has missing dependencies: 'router' and 'triggerReload'. Either include them or remove the dependency array

Check warning on line 29 in apps/scoutgame/components/login/LoginPage.tsx

View workflow job for this annotation

GitHub Actions / Test apps

React Hook useEffect has missing dependencies: 'router' and 'triggerReload'. Either include them or remove the dependency array

Check warning on line 29 in apps/scoutgame/components/login/LoginPage.tsx

View workflow job for this annotation

GitHub Actions / Test apps

React Hook useEffect has missing dependencies: 'router' and 'triggerReload'. Either include them or remove the dependency array

Check warning on line 29 in apps/scoutgame/components/login/LoginPage.tsx

View workflow job for this annotation

GitHub Actions / Test app

React Hook useEffect has missing dependencies: 'router' and 'triggerReload'. Either include them or remove the dependency array

Check warning on line 29 in apps/scoutgame/components/login/LoginPage.tsx

View workflow job for this annotation

GitHub Actions / Test

React Hook useEffect has missing dependencies: 'router' and 'triggerReload'. Either include them or remove the dependency array

Check warning on line 29 in apps/scoutgame/components/login/LoginPage.tsx

View workflow job for this annotation

GitHub Actions / Validate code

React Hook useEffect has missing dependencies: 'router' and 'triggerReload'. Either include them or remove the dependency array

return (
<>
<InfoBackgroundImage />
Expand Down
7 changes: 5 additions & 2 deletions lib/session/getIronOptions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,18 @@ import type { SessionOptions } from 'iron-session';

// import the "optional" auth secret here so it doesnt throw an error at build time

export function getIronOptions({ domain }: { domain?: string } = {}): SessionOptions {
export function getIronOptions({
domain,
sameSite = 'strict'
}: { domain?: string; sameSite?: 'lax' | 'strict' } = {}): SessionOptions {
if (!authSecret) {
throw new Error('AUTH_SECRET is not defined');
}
const ironOptions: SessionOptions = {
cookieName,
password: authSecret,
cookieOptions: {
sameSite: 'strict' as const,
sameSite,
domain,
// secure: true should be used in production (HTTPS) but can't be used in development (HTTP)
secure: typeof baseUrl === 'string' && baseUrl.includes('https')
Expand Down

0 comments on commit 4ca7485

Please sign in to comment.