scandic/web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3085cccf8b1d170f26bb2036af388e2834a86ecc
web/app/[lang]/(live)/(protected)/logout/route.ts
Matilda Landström af1d65f4bb chore: add new endpoint for logout from current web
2024-05-23 14:05:02 +02:00

97 lines
2.9 KiB
TypeScript
Raw Blame History

import { createActionURL } from "@auth/core"
import { headers as nextHeaders } from "next/headers"
import { NextRequest, NextResponse } from "next/server"
import { AuthError } from "next-auth"
import { env } from "@/env/server"
import { serverClient } from "@/lib/trpc/server"
import { internalServerError } from "@/server/errors/next"
import { signOut } from "@/auth"
export async function GET(request: NextRequest) {
let redirectHeaders: Headers | undefined = undefined
let redirectTo: string
const returnUrl = request.headers.get("x-returnurl")
if (returnUrl) {
// Should check for ?currentweb in header?
redirectTo = returnUrl
} else {
// Normal logout request from New web
redirectTo =
request.cookies.get("redirectTo")?.value || // Cookie gets set by authRequired middleware
request.nextUrl.searchParams.get("redirectTo") ||
"/"
// If above fails, always redirect to startpage
if (redirectTo.startsWith("/")) {
if (!env.PUBLIC_URL) {
throw internalServerError("No value for env.PUBLIC_URL")
}
redirectTo = new URL(redirectTo, env.PUBLIC_URL).href
}
// Clean up cookie from authRequired middleware
redirectHeaders = new Headers()
redirectHeaders.append(
"set-cookie",
"redirectTo=; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Path=/; HttpOnly; SameSite=Lax"
)
try {
// Initiate the seamless logout flow
const invalidateResponse = await serverClient().user.invalidateSessions()
const redirectUrl = new URL(env.SEAMLESS_LOGOUT)
redirectUrl.searchParams.set("returnurl", redirectTo)
redirectTo = redirectUrl.toString()
} catch (e) {
console.error(
"Unable to create URL for seamless logout, proceeding without it."
)
console.error(e)
}
}
try {
/**
* Passing `redirect: false` to `signOut` will return a result object
* instead of automatically redirecting inside of `signOut`.
* https://github.com/nextauthjs/next-auth/blob/3c035ec/packages/next-auth/src/lib/actions.ts#L104
*/
console.log({ logout_NEXTAUTH_URL: process.env.NEXTAUTH_URL })
console.log({ logout_env: process.env })
console.log({ logout_redirectTo: redirectTo })
const headers = new Headers(nextHeaders())
const signOutURL = createActionURL(
"signout",
// @ts-expect-error `x-forwarded-proto` is not nullable, next.js sets it by default
headers.get("x-forwarded-proto"),
headers,
process.env
)
console.log({ logout_signOutURL: signOutURL })
const redirectUrlObj = await signOut({
redirectTo,
redirect: false,
})
if (redirectUrlObj) {
return NextResponse.redirect(redirectUrlObj.redirect, {
headers: redirectHeaders,
})
}
} catch (error) {
if (error instanceof AuthError) {
console.log({ signOutAuthError: error })
} else {
console.log({ signOutError: error })
}
}
return internalServerError()
}
Reference in New Issue View Git Blame Copy Permalink