export function update
This commit is contained in:
parent
a6e52c5f67
commit
9261fbc165
2 changed files with 26 additions and 9 deletions
|
|
@ -1,9 +1,11 @@
|
|||
// app/app/api/auth/logout/route.ts
|
||||
// app/api/auth/logout/route.ts
|
||||
import { NextRequest, NextResponse } from "next/server";
|
||||
import { clearAuthCookies } from "@/lib/auth-cookies";
|
||||
|
||||
export const runtime = "nodejs";
|
||||
|
||||
export async function POST(_req: NextRequest) {
|
||||
let res = NextResponse.json({ ok: true });
|
||||
res = clearAuthCookies(res);
|
||||
const res = NextResponse.json({ ok: true });
|
||||
clearAuthCookies(res);
|
||||
return res;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,6 +14,9 @@ export type PublicUser = {
|
|||
username: string;
|
||||
};
|
||||
|
||||
export const ACCESS_COOKIE = "ma_access";
|
||||
export const REFRESH_COOKIE = "ma_refresh";
|
||||
|
||||
/**
|
||||
* Mutates `res` in-place to set auth cookies.
|
||||
* Keeps tokens HttpOnly; sets SameSite=Lax; Secure for HTTPS.
|
||||
|
|
@ -23,11 +26,11 @@ export function setAuthCookies(
|
|||
tokens: TokenBundle,
|
||||
_user?: PublicUser
|
||||
): void {
|
||||
const maxAge = typeof tokens.expires === "number" ? tokens.expires : 60 * 60 * 12; // 12h default
|
||||
const maxAge =
|
||||
typeof tokens.expires === "number" ? tokens.expires : 60 * 60 * 12; // 12h default
|
||||
|
||||
// Access token
|
||||
if (tokens.access_token) {
|
||||
res.cookies.set("ma_access", tokens.access_token, {
|
||||
res.cookies.set(ACCESS_COOKIE, tokens.access_token, {
|
||||
httpOnly: true,
|
||||
sameSite: "lax",
|
||||
secure: true,
|
||||
|
|
@ -36,13 +39,12 @@ export function setAuthCookies(
|
|||
});
|
||||
}
|
||||
|
||||
// Refresh token (if present)
|
||||
if (tokens.refresh_token) {
|
||||
// Give it a longer lifetime (fallback 30 days) if Directus didn’t specify one
|
||||
// If Directus doesn’t give a separate TTL, just make it longer than access (fallback 30d)
|
||||
const refreshMaxAge =
|
||||
typeof tokens.expires === "number" ? tokens.expires * 4 : 60 * 60 * 24 * 30;
|
||||
|
||||
res.cookies.set("ma_refresh", tokens.refresh_token, {
|
||||
res.cookies.set(REFRESH_COOKIE, tokens.refresh_token, {
|
||||
httpOnly: true,
|
||||
sameSite: "lax",
|
||||
secure: true,
|
||||
|
|
@ -51,3 +53,16 @@ export function setAuthCookies(
|
|||
});
|
||||
}
|
||||
}
|
||||
|
||||
/** Mutates `res` in-place to clear both auth cookies. */
|
||||
export function clearAuthCookies(res: NextResponse): void {
|
||||
const opts = {
|
||||
httpOnly: true,
|
||||
sameSite: "lax" as const,
|
||||
secure: true,
|
||||
path: "/",
|
||||
maxAge: 0, // expire immediately
|
||||
};
|
||||
res.cookies.set(ACCESS_COOKIE, "", opts);
|
||||
res.cookies.set(REFRESH_COOKIE, "", opts);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue