fix: refactor session handling

middlewares/webView.ts

@@ -77,10 +77,10 @@ export const middleware: NextMiddleware = async (request) => {
   try {
     // Authorization header is required for webviews
     // It should be base64 encoded
-    const authorization = request.headers.get("Authorization")!
+    const authorization = request.headers.get("X-Authorization")!
     if (!authorization) {
       console.error("Authorization header is missing")
-      return badRequest()
+      return badRequest("Authorization header is missing")
     }
 
     // Initialization vector header is required for webviews
@@ -88,7 +88,7 @@ export const middleware: NextMiddleware = async (request) => {
     const initializationVector = request.headers.get("X-AES-IV")!
     if (!initializationVector) {
       console.error("initializationVector header is missing")
-      return badRequest()
+      return badRequest("initializationVector header is missing")
     }
 
     const decryptedData = await decryptData(
@@ -97,16 +97,15 @@ export const middleware: NextMiddleware = async (request) => {
       authorization
     )
 
-    headers.set(
-      "Set-Cookie",
-      `webviewToken=${decryptedData}; Secure; HttpOnly; Path=/; SameSite=Strict;`
-    )
-    headers.set("Cookie", `webviewToken=${decryptedData}`)
+    headers.append("Cookie", `webviewToken=${decryptedData}`)
 
     if (myPagesWebviews.includes(nextUrl.pathname)) {
       return NextResponse.rewrite(
         new URL(`/${lang}/webview/account-page/${uid}`, nextUrl),
         {
+          headers: {
+            "Set-Cookie": `webviewToken=${decryptedData}; Secure; HttpOnly; Path=/; SameSite=Strict;`,
+          },
           request: {
             headers,
           },
@@ -116,6 +115,9 @@ export const middleware: NextMiddleware = async (request) => {
       return NextResponse.rewrite(
         new URL(`/${lang}/webview/loyalty-page/${uid}`, nextUrl),
         {
+          headers: {
+            "Set-Cookie": `webviewToken=${decryptedData}; Secure; HttpOnly; Path=/; SameSite=Strict;`,
+          },
           request: {
             headers,
           },