diff --git a/app/[lang]/(live)/(protected)/logout/route.ts b/app/[lang]/(live)/(protected)/logout/route.ts index 23ae2ffc0..38b98361a 100644 --- a/app/[lang]/(live)/(protected)/logout/route.ts +++ b/app/[lang]/(live)/(protected)/logout/route.ts @@ -13,34 +13,14 @@ export async function GET( request: NextRequest, context: { params: { lang: Lang } } ) { - let redirectHeaders: Headers | undefined = undefined - let redirectTo: string + let redirectTo: string = "" const returnUrl = request.headers.get("x-returnurl") if (returnUrl) { + // Seamless logout request from Current web redirectTo = returnUrl } else { - // Normal logout request from New web - redirectTo = - request.cookies.get("redirectTo")?.value || // Cookie gets set by authRequired middleware - request.nextUrl.searchParams.get("redirectTo") || - "/" - - // Make relative URL to absolute URL - if (redirectTo.startsWith("/")) { - if (!env.PUBLIC_URL) { - throw internalServerError("No value for env.PUBLIC_URL") - } - redirectTo = new URL(redirectTo, env.PUBLIC_URL).href - } - // Clean up cookie from authRequired middleware - redirectHeaders = new Headers() - redirectHeaders.append( - "set-cookie", - "redirectTo=; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Path=/; HttpOnly; SameSite=Lax" - ) - try { // Initiate the seamless logout flow let redirectUrlValue @@ -65,7 +45,6 @@ export async function GET( break } const redirectUrl = new URL(redirectUrlValue) - redirectUrl.searchParams.set("returnurl", redirectTo) redirectTo = redirectUrl.toString() } catch (e) { console.error( @@ -74,6 +53,7 @@ export async function GET( console.error(e) } } + try { /** * Passing `redirect: false` to `signOut` will return a result object @@ -83,8 +63,6 @@ export async function GET( console.log({ logout_NEXTAUTH_URL: process.env.NEXTAUTH_URL }) console.log({ logout_env: process.env }) - console.log({ logout_redirectTo: redirectTo }) - const headers = new Headers(nextHeaders()) const signOutURL = createActionURL( "signout", @@ -96,15 +74,18 @@ export async function GET( console.log({ logout_signOutURL: signOutURL }) + // Redirect to Curity logout + const curityLogoutUrl = `${env.CURITY_ISSUER_USER}/authn/authenticate/logout?redirect_uri=${encodeURIComponent(redirectTo)}` + + console.log({ logout_redirectTo: curityLogoutUrl }) + const redirectUrlObj = await signOut({ - redirectTo, + redirectTo: curityLogoutUrl, redirect: false, }) if (redirectUrlObj) { - return NextResponse.redirect(redirectUrlObj.redirect, { - headers: redirectHeaders, - }) + return NextResponse.redirect(redirectUrlObj.redirect) } } catch (error) { if (error instanceof AuthError) { diff --git a/middlewares/currentWebLogout.ts b/middlewares/currentWebLogout.ts index 8dacd770a..51a1ebf83 100644 --- a/middlewares/currentWebLogout.ts +++ b/middlewares/currentWebLogout.ts @@ -1,7 +1,8 @@ import { NextResponse } from "next/server" -import { findLang } from "@/constants/languages" -import { badRequest } from "@/server/errors/next" +import { findLang, Lang } from "@/constants/languages" +import { env } from "@/env/server" +import { badRequest, internalServerError } from "@/server/errors/next" import type { NextMiddleware } from "next/server" @@ -14,9 +15,20 @@ export const middleware: NextMiddleware = (request) => { } const lang = findLang(request.nextUrl.pathname)! - return NextResponse.rewrite(new URL(`/${lang}/logout`, request.nextUrl)) -} + if (!env.PUBLIC_URL) { + throw internalServerError("No value for env.PUBLIC_URL") + } + const redirectTo = env.PUBLIC_URL + const headers = new Headers(request.headers) + headers.set("x-returnurl", redirectTo) + + return NextResponse.rewrite(new URL(`/${lang}/logout`, request.nextUrl), { + request: { + headers, + }, + }) +} export const matcher: MiddlewareMatcher = (request) => { return request.nextUrl.pathname.endsWith("/updatelogout") }