From f4629ad17defbc0ebf19cf99dba94cdd75ef7b56 Mon Sep 17 00:00:00 2001 From: Michael Zetterberg Date: Fri, 9 May 2025 15:24:27 +0200 Subject: [PATCH] feat(auth): limit output in session endpoint --- apps/scandic-web/auth.ts | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/apps/scandic-web/auth.ts b/apps/scandic-web/auth.ts index 8dbaa7510..67a5d5f6c 100644 --- a/apps/scandic-web/auth.ts +++ b/apps/scandic-web/auth.ts @@ -104,7 +104,7 @@ const curityProvider = { }, } satisfies OIDCConfig -export const config = { +const baseConfig = { basePath: "/api/web/auth", debug: env.NEXTAUTH_DEBUG, providers: [curityProvider], @@ -122,7 +122,10 @@ export const config = { if (session.user) { return { ...session, - token, + token: { + expires_at: token.expires_at, + error: token.error, + }, user: { ...session.user, id: token.sub, @@ -160,7 +163,7 @@ export const config = { console.log(`[auth] URL denied, returning base URL: ${baseUrl}`) return baseUrl }, - async authorized({ auth, request }) { + async authorized() { return true }, async jwt({ account, session, token, trigger, user, profile }) { @@ -223,9 +226,32 @@ export const config = { // }, } satisfies NextAuthConfig +const serverConfig = { + ...baseConfig, + callbacks: { + ...baseConfig.callbacks, + async session({ session, token }) { + session.error = token.error + if (session.user) { + return { + ...session, + token, + user: { + ...session.user, + id: token.sub, + }, + } + } + + return session + }, + }, +} satisfies NextAuthConfig + export const { handlers: { GET, POST }, - auth, signIn, signOut, -} = NextAuth(config) +} = NextAuth(baseConfig) + +export const { auth } = NextAuth(serverConfig)