fix: get access token from headers

2024-05-02 10:41:37 +02:00
parent 888c33e3b3
commit d07826b2a3
3 changed files with 15 additions and 8 deletions
--- a/app/[lang]/webview/test/page.tsx
+++ b/app/[lang]/webview/test/page.tsx
@@ -1,14 +1,21 @@
 import { cookies, headers } from "next/headers"
 import { serverClient } from "@/lib/trpc/server"
 import type { Metadata } from "next"
 export const metadata: Metadata = {
  title: "Hello World from Webview",
 }
-export default function WebViewTestPage() {
+export default async function WebViewTestPage() {
  const data = await serverClient().user.get()
  return (
    <main>
      <header>
        <h1>Hello From WebView Test Page!</h1>
        <p>{data.firstName}</p>
      </header>
    </main>
  )
--- a/middlewares/webView.ts
+++ b/middlewares/webView.ts
@@ -37,12 +37,13 @@ export const middleware: NextMiddleware = async (request) => {
      authorization
    )
-    // Pass the webview token via cookie to the page
+    const response = NextResponse.next()
-    return NextResponse.next({
+    response.cookies.set("webviewToken", decryptedData, {
-      headers: {
+      httpOnly: true,
-        "Set-Cookie": `webviewToken=${decryptedData}; Secure; HttpOnly;`,
+      secure: true,
      },
    })
    return response
  } catch (e) {
    if (e instanceof Error) {
      console.error(`${e.name}: ${e.message}`)
--- a/server/trpc.ts
+++ b/server/trpc.ts
@@ -29,8 +29,7 @@ export const contentstackProcedure = t.procedure.use(async function (opts) {
 })
 export const protectedProcedure = t.procedure.use(async function (opts) {
  const authRequired = opts.meta?.authRequired ?? true
-  const session = await opts.ctx.auth()
+  const session = await (await opts.ctx).session
  if (!authRequired && env.NODE_ENV === "development") {
    console.info(
      `❌❌❌❌ You are opting out of authorization, if its done on purpose maybe you should use the publicProcedure instead. ❌❌❌❌`