Refactor authentication system: replace NextAuth with custom login/logout/session handling, improve cookie management, and enhance error handling
Build and Push Reader Image / docker (push) Successful in 39s
Build and Push Reader Image / docker (push) Successful in 39s
This commit is contained in:
@@ -1,6 +1,21 @@
|
||||
import NextAuth from "next-auth"
|
||||
import { authOptions } from "@/lib/auth"
|
||||
import { NextResponse } from "next/server"
|
||||
|
||||
const handler = NextAuth(authOptions)
|
||||
export const runtime = "nodejs"
|
||||
export const dynamic = "force-dynamic"
|
||||
|
||||
export { handler as GET, handler as POST }
|
||||
function disabled() {
|
||||
return NextResponse.json(
|
||||
{
|
||||
detail: "Legacy NextAuth route is disabled. Use /api/auth/login, /api/auth/session, /api/auth/logout.",
|
||||
},
|
||||
{ status: 410 },
|
||||
)
|
||||
}
|
||||
|
||||
export async function GET() {
|
||||
return disabled()
|
||||
}
|
||||
|
||||
export async function POST() {
|
||||
return disabled()
|
||||
}
|
||||
|
||||
@@ -0,0 +1,71 @@
|
||||
import { NextRequest, NextResponse } from "next/server"
|
||||
import { AUTH_COOKIE_MAX_AGE_SECONDS, AUTH_COOKIE_NAME } from "@/lib/auth-cookie"
|
||||
|
||||
export const runtime = "nodejs"
|
||||
export const dynamic = "force-dynamic"
|
||||
|
||||
const readerApiOrigin = (process.env.READER_API_ORIGIN || "http://localhost:8000").replace(/\/+$/, "")
|
||||
|
||||
type MobileLoginResponse = {
|
||||
accessToken: string
|
||||
expiresIn?: number
|
||||
user: {
|
||||
id: string
|
||||
email?: string | null
|
||||
name?: string | null
|
||||
image?: string | null
|
||||
role?: string | null
|
||||
}
|
||||
}
|
||||
|
||||
export async function POST(req: NextRequest) {
|
||||
try {
|
||||
const body = await req.json()
|
||||
const googleIdToken = String(body?.googleIdToken || "").trim()
|
||||
|
||||
if (!googleIdToken) {
|
||||
return NextResponse.json({ detail: "googleIdToken is required" }, { status: 400 })
|
||||
}
|
||||
|
||||
const upstream = await fetch(`${readerApiOrigin}/api/auth/mobile-login`, {
|
||||
method: "POST",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ googleIdToken }),
|
||||
cache: "no-store",
|
||||
signal: AbortSignal.timeout(10000),
|
||||
})
|
||||
|
||||
if (!upstream.ok) {
|
||||
const message = await upstream.text()
|
||||
return NextResponse.json({ detail: message || "Authentication failed" }, { status: upstream.status })
|
||||
}
|
||||
|
||||
const data = (await upstream.json()) as MobileLoginResponse
|
||||
|
||||
const response = NextResponse.json(
|
||||
{
|
||||
user: {
|
||||
id: data.user.id,
|
||||
email: data.user.email || null,
|
||||
name: data.user.name || null,
|
||||
image: data.user.image || null,
|
||||
role: data.user.role || "USER",
|
||||
},
|
||||
},
|
||||
{ status: 200 },
|
||||
)
|
||||
|
||||
response.cookies.set(AUTH_COOKIE_NAME, data.accessToken, {
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === "production",
|
||||
sameSite: "lax",
|
||||
path: "/",
|
||||
maxAge: data.expiresIn || AUTH_COOKIE_MAX_AGE_SECONDS,
|
||||
})
|
||||
|
||||
return response
|
||||
} catch (error) {
|
||||
console.error("/api/auth/login failed", error)
|
||||
return NextResponse.json({ detail: "Internal Server Error" }, { status: 500 })
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,17 @@
|
||||
import { NextResponse } from "next/server"
|
||||
import { AUTH_COOKIE_NAME } from "@/lib/auth-cookie"
|
||||
|
||||
export const runtime = "nodejs"
|
||||
export const dynamic = "force-dynamic"
|
||||
|
||||
export async function POST() {
|
||||
const response = NextResponse.json({ success: true }, { status: 200 })
|
||||
response.cookies.set(AUTH_COOKIE_NAME, "", {
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === "production",
|
||||
sameSite: "lax",
|
||||
path: "/",
|
||||
maxAge: 0,
|
||||
})
|
||||
return response
|
||||
}
|
||||
@@ -0,0 +1,34 @@
|
||||
import { NextRequest, NextResponse } from "next/server"
|
||||
import { AUTH_COOKIE_NAME } from "@/lib/auth-cookie"
|
||||
|
||||
export const runtime = "nodejs"
|
||||
export const dynamic = "force-dynamic"
|
||||
|
||||
const readerApiOrigin = (process.env.READER_API_ORIGIN || "http://localhost:8000").replace(/\/+$/, "")
|
||||
|
||||
export async function GET(req: NextRequest) {
|
||||
const accessToken = req.cookies.get(AUTH_COOKIE_NAME)?.value || ""
|
||||
if (!accessToken) {
|
||||
return NextResponse.json({ user: null }, { status: 200 })
|
||||
}
|
||||
|
||||
try {
|
||||
const upstream = await fetch(`${readerApiOrigin}/api/auth/session`, {
|
||||
method: "GET",
|
||||
headers: { authorization: `Bearer ${accessToken}` },
|
||||
cache: "no-store",
|
||||
signal: AbortSignal.timeout(5000),
|
||||
})
|
||||
|
||||
if (!upstream.ok) {
|
||||
return NextResponse.json({ user: null }, { status: 200 })
|
||||
}
|
||||
|
||||
const data = await upstream.json()
|
||||
const user = data?.user || null
|
||||
return NextResponse.json({ user }, { status: 200 })
|
||||
} catch (error) {
|
||||
console.error("/api/auth/session failed", error)
|
||||
return NextResponse.json({ user: null }, { status: 200 })
|
||||
}
|
||||
}
|
||||
@@ -1,5 +1,5 @@
|
||||
import { NextRequest, NextResponse } from "next/server"
|
||||
import { getToken } from "next-auth/jwt"
|
||||
import { AUTH_COOKIE_NAME } from "@/lib/auth-cookie"
|
||||
|
||||
export const runtime = "nodejs"
|
||||
export const dynamic = "force-dynamic"
|
||||
@@ -7,8 +7,7 @@ export const dynamic = "force-dynamic"
|
||||
const readerApiOrigin = (process.env.READER_API_ORIGIN || "http://localhost:8000").replace(/\/+$/, "")
|
||||
|
||||
async function proxyToReaderApi(req: NextRequest, path: string[]) {
|
||||
const token = await getToken({ req, secret: process.env.NEXTAUTH_SECRET })
|
||||
const accessToken = typeof (token as any)?.accessToken === "string" ? (token as any).accessToken : null
|
||||
const accessToken = req.cookies.get(AUTH_COOKIE_NAME)?.value || null
|
||||
|
||||
const url = new URL(req.url)
|
||||
const query = url.search || ""
|
||||
@@ -16,6 +15,7 @@ async function proxyToReaderApi(req: NextRequest, path: string[]) {
|
||||
|
||||
const headers = new Headers(req.headers)
|
||||
headers.delete("host")
|
||||
headers.delete("cookie")
|
||||
if (accessToken) {
|
||||
headers.set("authorization", `Bearer ${accessToken}`)
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import { NextRequest, NextResponse } from "next/server"
|
||||
import { getToken } from "next-auth/jwt"
|
||||
import { AUTH_COOKIE_NAME } from "@/lib/auth-cookie"
|
||||
|
||||
export const runtime = "nodejs"
|
||||
export const dynamic = "force-dynamic"
|
||||
@@ -7,8 +7,7 @@ export const dynamic = "force-dynamic"
|
||||
const readerApiOrigin = (process.env.READER_API_ORIGIN || "http://localhost:8000").replace(/\/+$/, "")
|
||||
|
||||
async function proxyToReaderApi(req: NextRequest, path: string[]) {
|
||||
const token = await getToken({ req, secret: process.env.NEXTAUTH_SECRET })
|
||||
const accessToken = typeof (token as any)?.accessToken === "string" ? (token as any).accessToken : null
|
||||
const accessToken = req.cookies.get(AUTH_COOKIE_NAME)?.value || null
|
||||
|
||||
const url = new URL(req.url)
|
||||
const query = url.search || ""
|
||||
@@ -16,6 +15,7 @@ async function proxyToReaderApi(req: NextRequest, path: string[]) {
|
||||
|
||||
const headers = new Headers(req.headers)
|
||||
headers.delete("host")
|
||||
headers.delete("cookie")
|
||||
if (accessToken) {
|
||||
headers.set("authorization", `Bearer ${accessToken}`)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user