Merged in fix/webview-auth-fix (pull request #2833)
Fix/webview auth fix * Test * Merge branch 'master' of bitbucket.org:scandic-swap/web into fix/webview-auth-fix * Setting cookie instead of headers Approved-by: Anton Gunnarsson
This commit is contained in:
Linus Flood
@@ -69,27 +69,21 @@ export const middleware: NextMiddleware = async (request) => {
|
|||||||
const authorizationToken = request.headers.get("X-Authorization")
|
const authorizationToken = request.headers.get("X-Authorization")
|
||||||
const webviewTokenCookie = request.cookies.get("webviewToken")
|
const webviewTokenCookie = request.cookies.get("webviewToken")
|
||||||
|
|
||||||
if (
|
|
||||||
(webviewTokenCookie && webviewTokenCookie.value === authorizationToken) ||
|
|
||||||
(webviewTokenCookie && !authorizationToken)
|
|
||||||
) {
|
|
||||||
// If the webviewToken cookie is present and matches the authorization token,
|
|
||||||
// we can skip decryption and just rewrite the request with the existing cookie.
|
|
||||||
// OR
|
|
||||||
// If the webviewToken cookie is present but no authorization token is provided
|
|
||||||
// we can skip the decryption and see if our cookie is valid.
|
|
||||||
// This handles when the app is navigating between pages inside the webview
|
|
||||||
|
|
||||||
return handleWebviewRewrite({
|
|
||||||
nextUrl,
|
|
||||||
headers,
|
|
||||||
decryptedData: null,
|
|
||||||
lang,
|
|
||||||
setCookie: false,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
if (webviewTokenCookie && !authorizationToken) {
|
||||||
|
// If the webviewToken cookie is present but no authorization token is provided
|
||||||
|
// we can skip the decryption and see if our cookie is valid.
|
||||||
|
// This handles when the app is navigating between pages inside the webview
|
||||||
|
|
||||||
|
return handleWebviewRewrite({
|
||||||
|
nextUrl,
|
||||||
|
headers,
|
||||||
|
decryptedData: null,
|
||||||
|
lang,
|
||||||
|
setCookie: false,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
// Authorization header is required for webviews
|
// Authorization header is required for webviews
|
||||||
// It should be base64 encoded
|
// It should be base64 encoded
|
||||||
if (!authorizationToken) {
|
if (!authorizationToken) {
|
||||||
@@ -111,6 +105,19 @@ export const middleware: NextMiddleware = async (request) => {
|
|||||||
authorizationToken
|
authorizationToken
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if (webviewTokenCookie && webviewTokenCookie.value === decryptedData) {
|
||||||
|
// If the webviewToken cookie is present and matches the authorization token,
|
||||||
|
// we can skip decryption and just rewrite the request with the existing cookie.
|
||||||
|
|
||||||
|
return handleWebviewRewrite({
|
||||||
|
nextUrl,
|
||||||
|
headers,
|
||||||
|
decryptedData: null,
|
||||||
|
lang,
|
||||||
|
setCookie: false,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
return handleWebviewRewrite({
|
return handleWebviewRewrite({
|
||||||
nextUrl,
|
nextUrl,
|
||||||
headers,
|
headers,
|
||||||
@@ -143,14 +150,18 @@ async function handleWebviewRewrite({
|
|||||||
const path = nextUrl.pathname
|
const path = nextUrl.pathname
|
||||||
|
|
||||||
if (myStayWebviews.includes(path)) {
|
if (myStayWebviews.includes(path)) {
|
||||||
return NextResponse.next({
|
const res = NextResponse.next({
|
||||||
request: { headers },
|
request: { headers },
|
||||||
...(setCookie && {
|
|
||||||
headers: {
|
|
||||||
"Set-Cookie": `webviewToken=${decryptedData}; Secure; HttpOnly; Path=/; SameSite=Strict;`,
|
|
||||||
},
|
|
||||||
}),
|
|
||||||
})
|
})
|
||||||
|
if (decryptedData && setCookie) {
|
||||||
|
res.cookies.set("webviewToken", decryptedData, {
|
||||||
|
httpOnly: true,
|
||||||
|
secure: true,
|
||||||
|
sameSite: "strict",
|
||||||
|
path: "/",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
return res
|
||||||
}
|
}
|
||||||
|
|
||||||
const pathNameWithoutLang = path.replace(`/${lang}/webview`, "")
|
const pathNameWithoutLang = path.replace(`/${lang}/webview`, "")
|
||||||
@@ -165,31 +176,39 @@ async function handleWebviewRewrite({
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (myPagesWebviews.includes(path)) {
|
if (myPagesWebviews.includes(path)) {
|
||||||
return NextResponse.rewrite(
|
const res = NextResponse.rewrite(
|
||||||
new URL(`/${lang}/webview/account-page/${uid}`, nextUrl),
|
new URL(`/${lang}/webview/account-page/${uid}`, nextUrl),
|
||||||
{
|
{
|
||||||
request: { headers },
|
request: { headers },
|
||||||
...(setCookie && {
|
|
||||||
headers: {
|
|
||||||
"Set-Cookie": `webviewToken=${decryptedData}; Secure; HttpOnly; Path=/; SameSite=Strict;`,
|
|
||||||
},
|
|
||||||
}),
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
if (decryptedData && setCookie) {
|
||||||
|
res.cookies.set("webviewToken", decryptedData, {
|
||||||
|
httpOnly: true,
|
||||||
|
secure: true,
|
||||||
|
sameSite: "strict",
|
||||||
|
path: "/",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
return res
|
||||||
}
|
}
|
||||||
|
|
||||||
if (loyaltyPagesWebviews.includes(path)) {
|
if (loyaltyPagesWebviews.includes(path)) {
|
||||||
return NextResponse.rewrite(
|
const res = NextResponse.rewrite(
|
||||||
new URL(`/${lang}/webview/loyalty-page/${uid}`, nextUrl),
|
new URL(`/${lang}/webview/loyalty-page/${uid}`, nextUrl),
|
||||||
{
|
{
|
||||||
request: { headers },
|
request: { headers },
|
||||||
...(setCookie && {
|
|
||||||
headers: {
|
|
||||||
"Set-Cookie": `webviewToken=${decryptedData}; Secure; HttpOnly; Path=/; SameSite=Strict;`,
|
|
||||||
},
|
|
||||||
}),
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
if (decryptedData && setCookie) {
|
||||||
|
res.cookies.set("webviewToken", decryptedData, {
|
||||||
|
httpOnly: true,
|
||||||
|
secure: true,
|
||||||
|
sameSite: "strict",
|
||||||
|
path: "/",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
return res
|
||||||
}
|
}
|
||||||
|
|
||||||
return notFound()
|
return notFound()
|
||||||
|
|||||||
Reference in New Issue
Block a user