scandic/web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in fix/webview-auth (pull request #2469)

Browse Source 
feat(SW-3124): webview auth stuck in a refresh loop

* feat(SW-3124): webview auth stuck in a refresh loop


Approved-by: Anton Gunnarsson
This commit is contained in:
Linus Flood
2025-06-30 08:29:19 +00:00
parent 07085d02f5
commit 167b5e7e8a
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
apps/scandic-web/middlewares/webView.ts
View File

@@ -65,9 +65,10 @@ export const middleware: NextMiddleware = async (request) => {
}
)
}
const authorizationToken = request.headers.get("X-Authorization")
const webviewTokenCookie = request.cookies.get("webviewToken")
const webviewToken = request.cookies.get("webviewToken")
if (webviewToken) {
if (webviewTokenCookie && webviewTokenCookie.value === authorizationToken) {
// since the token exists, this is a subsequent visit
// we're done, allow it
return handleWebviewRewrite({
@@ -82,8 +83,7 @@ export const middleware: NextMiddleware = async (request) => {
try {
// Authorization header is required for webviews
// It should be base64 encoded
const authorization = request.headers.get("X-Authorization")!
if (!authorization) {
if (!authorizationToken) {
console.error("Authorization header is missing")
return badRequest("Authorization header is missing")
}
@@ -99,7 +99,7 @@ export const middleware: NextMiddleware = async (request) => {
const decryptedData = await decryptData(
env.WEBVIEW_ENCRYPTION_KEY,
initializationVector,
authorization
authorizationToken
)
headers.append("Cookie", `webviewToken=${decryptedData}`)