From d07826b2a3f4da62f443fb6da1085f15c38104eb Mon Sep 17 00:00:00 2001
From: Christel Westerberg <christel.westerberg@scandichotels.com>
Date: Thu, 2 May 2024 10:41:37 +0200
Subject: [PATCH] fix: get access token from headers

---
 app/[lang]/webview/test/page.tsx |  9 ++++++++-
 middlewares/webView.ts           | 11 ++++++-----
 server/trpc.ts                   |  3 +--
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/app/[lang]/webview/test/page.tsx b/app/[lang]/webview/test/page.tsx
index e482db7a6..bca6f0dd7 100644
--- a/app/[lang]/webview/test/page.tsx
+++ b/app/[lang]/webview/test/page.tsx
@@ -1,14 +1,21 @@
+import { cookies, headers } from "next/headers"
+
+import { serverClient } from "@/lib/trpc/server"
+
 import type { Metadata } from "next"
 
 export const metadata: Metadata = {
   title: "Hello World from Webview",
 }
 
-export default function WebViewTestPage() {
+export default async function WebViewTestPage() {
+  const data = await serverClient().user.get()
+
   return (
     <main>
       <header>
         <h1>Hello From WebView Test Page!</h1>
+        <p>{data.firstName}</p>
       </header>
     </main>
   )
diff --git a/middlewares/webView.ts b/middlewares/webView.ts
index 7b6fadee6..7d52e2ae9 100644
--- a/middlewares/webView.ts
+++ b/middlewares/webView.ts
@@ -37,12 +37,13 @@ export const middleware: NextMiddleware = async (request) => {
       authorization
     )
 
-    // Pass the webview token via cookie to the page
-    return NextResponse.next({
-      headers: {
-        "Set-Cookie": `webviewToken=${decryptedData}; Secure; HttpOnly;`,
-      },
+    const response = NextResponse.next()
+    response.cookies.set("webviewToken", decryptedData, {
+      httpOnly: true,
+      secure: true,
     })
+
+    return response
   } catch (e) {
     if (e instanceof Error) {
       console.error(`${e.name}: ${e.message}`)
diff --git a/server/trpc.ts b/server/trpc.ts
index e09d79215..eb0c5bef6 100644
--- a/server/trpc.ts
+++ b/server/trpc.ts
@@ -29,8 +29,7 @@ export const contentstackProcedure = t.procedure.use(async function (opts) {
 })
 export const protectedProcedure = t.procedure.use(async function (opts) {
   const authRequired = opts.meta?.authRequired ?? true
-  const session = await opts.ctx.auth()
-
+  const session = await (await opts.ctx).session
   if (!authRequired && env.NODE_ENV === "development") {
     console.info(
       `❌❌❌❌ You are opting out of authorization, if its done on purpose maybe you should use the publicProcedure instead. ❌❌❌❌`