feat: SW-158 Enabled support for authjs nonce

2024-07-09 16:07:13 +02:00
parent e36f5cd122
commit 2ce21626b9
2 changed files with 18 additions and 3 deletions
--- a/app/[lang]/(live)/(public)/verifymagiclink/route.ts
+++ b/app/[lang]/(live)/(public)/verifymagiclink/route.ts
@@ -6,6 +6,7 @@ import { env } from "@/env/server"
 import { internalServerError } from "@/server/errors/next"

 import { signIn } from "@/auth"
+// import { encode } from "@auth/core/jwt"

 export async function GET(
  request: NextRequest,
@@ -13,7 +14,6 @@ export async function GET(
 ) {
  let redirectHeaders: Headers | undefined = undefined
  let redirectTo: string
-  let nonce: string
  let value: string

  redirectTo =
@@ -35,7 +35,6 @@ export async function GET(
    "set-cookie",
    "redirectTo=; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Path=/; HttpOnly; SameSite=Lax"
  )
-  nonce = "" + request.nextUrl.searchParams.get("nonce")?.toString()
  value = "" + request.nextUrl.searchParams.get("nonce")?.toString()

  try {
@@ -53,12 +52,27 @@ export async function GET(
      },
      [
        ["ui_locales", context.params.lang],
-        ["nonce", nonce],
+        ["nonce", value],
        ["acr_values", "cat"],
      ]
    )

    if (redirectUrl) {
+      // Check if needed based on discussion with Curity support for custom nonce
+      // const token = { value };
+      // const secret = env.NEXTAUTH_SECRET;
+      // const maxAge = 60 * 15;
+      // const name = "authjs.nonce";
+      // const testingCookie = await encode({ secret, maxAge, token, salt: name });
+      // console.log(testingCookie);
+      // const expires = new Date();
+      // expires.setTime(expires.getTime() + maxAge * 1000);
+      // redirectHeaders.append(
+      //   "set-cookie",
+      //   "authjs.nonce=" + testingCookie + "; Expires=" + expires + "; Path=/; HttpOnly; SameSite=Lax"
+      // )
+      // redirectUrl = redirectUrl.replace(/nonce=.*&code_challenge=/gi, "nonce="+value+"&code_challenge=");
+
      return NextResponse.redirect(redirectUrl, {
        headers: redirectHeaders,
      })
--- a/auth.ts
+++ b/auth.ts
@@ -95,6 +95,7 @@ const curityProvider = {
  authorization: {
    url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`,
  },
+  checks: ["pkce", "nonce"],
  token: {
    url: `${env.CURITY_ISSUER_USER}/oauth/v2/token`,
  },