small build fixes to login route and cookies

2025-09-26 12:02:27 -04:00 · 2025-09-26 12:02:27 -04:00 · a6e52c5f67
commit a6e52c5f67
parent 01c0d37d03
2 changed files with 82 additions and 95 deletions
--- a/lib/auth-cookies.ts
+++ b/lib/auth-cookies.ts
@ -1,32 +1,53 @@
 // app/lib/auth-cookies.ts
 import { NextResponse } from "next/server";

-export const ACCESS_COOKIE = "ma_at";
-export const REFRESH_COOKIE = "ma_rt";
-export const USER_COOKIE = "ma_user"; // tiny JSON: {id, username, email?}
+export type TokenBundle = {
+    access_token: string;
+    refresh_token?: string;
+    /** Directus returns seconds-until-expiration */
+    expires?: number;
+};

+export type PublicUser = {
+    id: string;
+    email: string;
+    username: string;
+};
+
+/**
+ * Mutates `res` in-place to set auth cookies.
+ * Keeps tokens HttpOnly; sets SameSite=Lax; Secure for HTTPS.
+ */
 export function setAuthCookies(
    res: NextResponse,
-    tokens: { access_token: string; refresh_token: string; expires?: number },
-    user: { id: string; username: string; email?: string | null },
-) {
-    const maxAge = tokens.expires ? Math.max(0, Math.floor((tokens.expires - Date.now()) / 1000)) : 60 * 60; // default 1h
-    res.cookies.set(ACCESS_COOKIE, tokens.access_token, {
-        httpOnly: true, sameSite: "lax", secure: true, path: "/", maxAge,
-    });
-    // keep refresh longer (7d)
-    res.cookies.set(REFRESH_COOKIE, tokens.refresh_token, {
-        httpOnly: true, sameSite: "lax", secure: true, path: "/", maxAge: 60 * 60 * 24 * 7,
-    });
-    res.cookies.set(USER_COOKIE, JSON.stringify(user), {
-        httpOnly: false, sameSite: "lax", secure: true, path: "/", maxAge,
-    });
-    return res;
-}
+    tokens: TokenBundle,
+    _user?: PublicUser
+): void {
+    const maxAge = typeof tokens.expires === "number" ? tokens.expires : 60 * 60 * 12; // 12h default

-export function clearAuthCookies(res: NextResponse) {
-    res.cookies.set(ACCESS_COOKIE, "", { path: "/", maxAge: 0 });
-    res.cookies.set(REFRESH_COOKIE, "", { path: "/", maxAge: 0 });
-    res.cookies.set(USER_COOKIE, "", { path: "/", maxAge: 0 });
-    return res;
+    // Access token
+    if (tokens.access_token) {
+        res.cookies.set("ma_access", tokens.access_token, {
+            httpOnly: true,
+            sameSite: "lax",
+            secure: true,
+            path: "/",
+            maxAge,
+        });
+    }
+
+    // Refresh token (if present)
+    if (tokens.refresh_token) {
+        // Give it a longer lifetime (fallback 30 days) if Directus didn’t specify one
+        const refreshMaxAge =
+        typeof tokens.expires === "number" ? tokens.expires * 4 : 60 * 60 * 24 * 30;
+
+        res.cookies.set("ma_refresh", tokens.refresh_token, {
+            httpOnly: true,
+            sameSite: "lax",
+            secure: true,
+            path: "/",
+            maxAge: refreshMaxAge,
+        });
+    }
 }