scandic/web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add headers correctly

Browse Source
This commit is contained in:
Christel Westerberg
2024-05-22 14:02:52 +02:00
parent 158b5a5dbb
commit bac513ec4c
9 changed files with 158 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
middlewares/webView.ts
View File

@@ -1,4 +1,3 @@
import { notFound } from "next/navigation"
import { type NextMiddleware, NextResponse } from "next/server"
import { findLang } from "@/constants/languages"
@@ -9,9 +8,12 @@ import {
webviews,
} from "@/constants/routes/webviews"
import { env } from "@/env/server"
import { badRequest } from "@/server/errors/next"
import { badRequest, notFound } from "@/server/errors/next"
import { decryptData } from "@/utils/aes"
import { resolve as resolveEntry } from "@/utils/entry"
import { getDefaultRequestHeaders } from "./utils"
import type { MiddlewareMatcher } from "@/types/middleware"
@@ -19,22 +21,25 @@ export const middleware: NextMiddleware = async (request) => {
const { nextUrl } = request
const lang = findLang(nextUrl.pathname)
const pathNameWithoutLang = nextUrl.pathname.replace(`/${lang}/webview`, "")
const headers = new Headers()
// If user is redirected to /lang/webview/refresh/, the webview token is invalid and we remove the cookie
if (refreshWebviews.includes(nextUrl.pathname)) {
headers.set(
"Set-Cookie",
`webviewToken=0; Max-Age=0; Secure; HttpOnly; Path=/; SameSite=Strict;`
)
return NextResponse.rewrite(new URL(`/${lang}/webview/refresh`, nextUrl), {
headers,
headers: {
"Set-Cookie": `webviewToken=0; Max-Age=0; Secure; HttpOnly; Path=/; SameSite=Strict;`,
},
})
}
const searchParams = new URLSearchParams(request.nextUrl.searchParams)
searchParams.set("uri", pathNameWithoutLang)
const pathNameWithoutLang = nextUrl.pathname.replace(`/${lang}/webview`, "")
const { uid } = await resolveEntry(pathNameWithoutLang, lang)
if (!uid) {
throw notFound(
`Unable to resolve CMS entry for locale "${lang}": ${pathNameWithoutLang}`
)
}
const headers = getDefaultRequestHeaders(request)
headers.set("x-uid", uid)
const webviewToken = request.cookies.get("webviewToken")
if (webviewToken) {
@@ -42,14 +47,21 @@ export const middleware: NextMiddleware = async (request) => {
// we're done, allow it
if (myPagesWebviews.includes(nextUrl.pathname)) {
return NextResponse.rewrite(
new URL(`/${lang}/webview/my-pages?${searchParams.toString()}`, nextUrl)
new URL(`/${lang}/webview/my-pages`, nextUrl),
{
request: {
headers,
},
}
)
} else if (loyaltyPagesWebviews.includes(nextUrl.pathname)) {
return NextResponse.rewrite(
new URL(
`/${lang}/webview/loyalty-page?${searchParams.toString()}`,
nextUrl
)
new URL(`/${lang}/webview/loyalty-page`, nextUrl),
{
request: {
headers,
},
}
)
} else {
return notFound()
@@ -77,32 +89,30 @@ export const middleware: NextMiddleware = async (request) => {
authorization
)
headers.set(
"Set-Cookie",
`webviewToken=${decryptedData}; Secure; HttpOnly; Path=/; SameSite=Strict;`
)
headers.set("Cookie", `webviewToken=${decryptedData}`)
console.log("IN WEBVIEW MIDDLEWARE", decryptedData)
if (myPagesWebviews.includes(nextUrl.pathname)) {
return NextResponse.rewrite(
new URL(
`/${lang}/webview/my-pages?${searchParams.toString()}`,
nextUrl
),
new URL(`/${lang}/webview/my-pages`, nextUrl),
{
headers,
headers: {
"Set-Cookie": `webviewToken=${decryptedData}; Secure; HttpOnly; Path=/; SameSite=Strict;`,
Cookie: `webviewToken=${decryptedData}`,
},
request: {
headers,
},
}
)
} else if (loyaltyPagesWebviews.includes(nextUrl.pathname)) {
return NextResponse.rewrite(
new URL(
`/${lang}/webview/loyalty-page?${searchParams.toString()}`,
nextUrl
),
new URL(`/${lang}/webview/loyalty-page`, nextUrl),
{
headers,
headers: {
"Set-Cookie": `webviewToken=${decryptedData}; Secure; HttpOnly; Path=/; SameSite=Strict;`,
Cookie: `webviewToken=${decryptedData}`,
},
request: {
headers,
},
}
)
}