makearmy/makearmy-app
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions

export function update

Browse source
This commit is contained in:
makearmy 2025-09-26 12:06:59 -04:00
parent a6e52c5f67
commit 9261fbc165
2 changed files with 26 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

8
app/api/auth/logout/route.ts
View file

@ -1,9 +1,11 @@
// app/app/api/auth/logout/route.ts // app/api/auth/logout/route.ts
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { clearAuthCookies } from "@/lib/auth-cookies"; import { clearAuthCookies } from "@/lib/auth-cookies";
export const runtime = "nodejs";
export async function POST(_req: NextRequest) { export async function POST(_req: NextRequest) {
let res = NextResponse.json({ ok: true }); const res = NextResponse.json({ ok: true });
res = clearAuthCookies(res); clearAuthCookies(res);
return res; return res;
} }

27
lib/auth-cookies.ts
View file

@ -14,6 +14,9 @@ export type PublicUser = {
username: string; username: string;
}; };
export const ACCESS_COOKIE = "ma_access";
export const REFRESH_COOKIE = "ma_refresh";
/** /**
* Mutates `res` in-place to set auth cookies. * Mutates `res` in-place to set auth cookies.
* Keeps tokens HttpOnly; sets SameSite=Lax; Secure for HTTPS. * Keeps tokens HttpOnly; sets SameSite=Lax; Secure for HTTPS.
@ -23,11 +26,11 @@ export function setAuthCookies(
tokens: TokenBundle, tokens: TokenBundle,
_user?: PublicUser _user?: PublicUser
): void { ): void {
const maxAge = typeof tokens.expires === "number" ? tokens.expires : 60 * 60 * 12; // 12h default const maxAge =
typeof tokens.expires === "number" ? tokens.expires : 60 * 60 * 12; // 12h default
// Access token
if (tokens.access_token) { if (tokens.access_token) {
res.cookies.set("ma_access", tokens.access_token, { res.cookies.set(ACCESS_COOKIE, tokens.access_token, {
httpOnly: true, httpOnly: true,
sameSite: "lax", sameSite: "lax",
secure: true, secure: true,
@ -36,13 +39,12 @@ export function setAuthCookies(
}); });
} }
// Refresh token (if present)
if (tokens.refresh_token) { if (tokens.refresh_token) {
// Give it a longer lifetime (fallback 30 days) if Directus didnt specify one // If Directus doesnt give a separate TTL, just make it longer than access (fallback 30d)
const refreshMaxAge = const refreshMaxAge =
typeof tokens.expires === "number" ? tokens.expires * 4 : 60 * 60 * 24 * 30; typeof tokens.expires === "number" ? tokens.expires * 4 : 60 * 60 * 24 * 30;
res.cookies.set("ma_refresh", tokens.refresh_token, { res.cookies.set(REFRESH_COOKIE, tokens.refresh_token, {
httpOnly: true, httpOnly: true,
sameSite: "lax", sameSite: "lax",
secure: true, secure: true,
@ -51,3 +53,16 @@ export function setAuthCookies(
}); });
} }
} }
/** Mutates `res` in-place to clear both auth cookies. */
export function clearAuthCookies(res: NextResponse): void {
const opts = {
httpOnly: true,
sameSite: "lax" as const,
secure: true,
path: "/",
maxAge: 0, // expire immediately
};
res.cookies.set(ACCESS_COOKIE, "", opts);
res.cookies.set(REFRESH_COOKIE, "", opts);
}