stacker.news/pages/login.js

import { getProviders } from 'next-auth/react'
import { getServerSession } from 'next-auth/next'
import { getAuthOptions } from './api/auth/[...nextauth]'
import Link from 'next/link'
import { StaticLayout } from '@/components/layout'
import Login from '@/components/login'
import { isExternal } from '@/lib/url'

export async function getServerSideProps ({ req, res, query: { callbackUrl, multiAuth = false, error = null } }) {
  let session = await getServerSession(req, res, getAuthOptions(req))

  // required to prevent infinite redirect loops if we switch to anon
  // but are on a page that would redirect us to /signup.
  // without this code, /signup would redirect us back to the callbackUrl.
  if (req.cookies['multi_auth.user-id'] === 'anonymous') {
    session = null
  }

  // prevent open redirects. See https://github.com/stackernews/stacker.news/issues/264
  // let undefined urls through without redirect ... otherwise this interferes with multiple auth linking
  let external = true
  try {
    external = isExternal(decodeURIComponent(callbackUrl))
  } catch (err) {
    console.error('error decoding callback:', callbackUrl, err)
  }

  if (external) {
    callbackUrl = '/'
  }

  if (session && callbackUrl && !multiAuth) {
    // in the case of auth linking we want to pass the error back to settings
    // in the case of multi auth, don't redirect if there is already a session
    if (error) {
      const url = new URL(callbackUrl, process.env.NEXT_PUBLIC_URL)
      url.searchParams.set('error', error)
      callbackUrl = url.pathname + url.search
    }

    return {
      redirect: {
        destination: callbackUrl,
        permanent: false
      }
    }
  }

  const providers = await getProviders()

  return {
    props: {
      providers,
      callbackUrl,
      error,
      multiAuth
    }
  }
}

function LoginFooter ({ callbackUrl }) {
  return (
    <small className='fw-bold text-muted pt-4'>New to town? <Link href={{ pathname: '/signup', query: { callbackUrl } }}>sign up</Link></small>
  )
}

function LoginHeader () {
  return (
    <>
      <h3 className='w-100 pb-2'>
        Login
      </h3>
      <div className='fw-bold text-muted w-100 text-start pb-4'>Ain't you a sight for sore eyes.</div>
    </>
  )
}

export default function LoginPage (props) {
  return (
    <StaticLayout footerLinks={false}>
      <Login
        Footer={() => <LoginFooter callbackUrl={props.callbackUrl} />}
        Header={() => <LoginHeader />}
        {...props}
      />
    </StaticLayout>
  )
}
upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 19:38:20 +00:00			`import { getProviders } from 'next-auth/react'`
			`import { getServerSession } from 'next-auth/next'`
			`import { getAuthOptions } from './api/auth/[...nextauth]'`
sign up buttons 2023-01-10 00:33:44 +00:00			`import Link from 'next/link'`
Use module path aliases (#938) * Use module path aliases * fix broken refactor * path mapping for svgs, style, and remaining places (bonus: lose babel dep) --------- Co-authored-by: keyan <keyan.kousha+huumn@gmail.com> 2024-03-20 00:37:31 +00:00			`import { StaticLayout } from '@/components/layout'`
			`import Login from '@/components/login'`
			`import { isExternal } from '@/lib/url'`
custom auth page 2021-04-24 21:05:07 +00:00
Account Switching (#644) * WIP: Account switching * Fix empty USER query ANON_USER_ID was undefined and thus the query for @anon had no variables. * Apply multiAuthMiddleware in /api/graphql * Fix 'you must be logged in' query error on switch to anon * Add smart 'switch account' button "smart" means that it only shows if there are accounts to which one can switch * Fix multiAuth not set in backend * Comment fixes, minor changes * Use fw-bold instead of 'selected' * Close dropdown and offcanvas Inside a dropdown, we can rely on autoClose but need to wrap the buttons with <Dropdown.Item> for that to work. For the offcanvas, we need to pass down handleClose. * Use button to add account * Some pages require hard reload on account switch * Reinit settings form on account switch * Also don't refetch WalletHistory * Formatting * Use width: fit-content for standalone SignUpButton * Remove unused className * Use fw-bold and text-underline on selected * Fix inconsistent padding of login buttons * Fix duplicate redirect from /settings on anon switch * Never throw during refetch * Throw errors which extend GraphQLError * Only use meAnonSats if logged out * Use reactive variable for meAnonSats The previous commit broke the UI update after anon zaps because we actually updated item.meSats in the cache and not item.meAnonSats. Updating item.meAnonSats was not possible because it's a local field. For that, one needs to use reactive variables. We do this now and thus also don't need the useEffect hack in item-info.js anymore. * Switch to new user * Fix missing cleanup during logout If we logged in but never switched to any other account, the 'multi_auth.user-id' cookie was not set. This meant that during logout, the other 'multi_auth.' cookies were not deleted. This broke the account switch modal. This is fixed by setting the 'multi_auth.user-id' cookie on login. Additionally, we now cleanup if cookie pointer OR session is set (instead of only if both are set). Fix comments in middleware * Remove unnecessary effect dependencies setState is stable and thus only noise in effect dependencies * Show but disable unavailable auth methods * make signup button consistent with others * Always reload page on switch * refine account switch styling * logout barrier --------- Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com> Co-authored-by: k00b <k00b@stacker.news> 2024-09-12 18:05:11 +00:00			`export async function getServerSideProps ({ req, res, query: { callbackUrl, multiAuth = false, error = null } }) {`
			`let session = await getServerSession(req, res, getAuthOptions(req))`

			`// required to prevent infinite redirect loops if we switch to anon`
			`// but are on a page that would redirect us to /signup.`
			`// without this code, /signup would redirect us back to the callbackUrl.`
			`if (req.cookies['multi_auth.user-id'] === 'anonymous') {`
			`session = null`
			`}`
custom auth page 2021-04-24 21:05:07 +00:00
attempt to fix auth linking regression 2023-07-10 17:18:17 +00:00			`// prevent open redirects. See https://github.com/stackernews/stacker.news/issues/264`
			`// let undefined urls through without redirect ... otherwise this interferes with multiple auth linking`
fix credentials login/signup/link bug 2023-07-11 00:20:38 +00:00			`let external = true`
Use fallback instead of 500 if callback malformed (#296) Co-authored-by: ekzyis <ek@stacker.news> 2023-06-01 00:48:14 +00:00			`try {`
			`external = isExternal(decodeURIComponent(callbackUrl))`
			`} catch (err) {`
Fix code style (#303) Co-authored-by: ekzyis <ek@stacker.news> 2023-06-05 19:07:29 +00:00			`console.error('error decoding callback:', callbackUrl, err)`
Use fallback instead of 500 if callback malformed (#296) Co-authored-by: ekzyis <ek@stacker.news> 2023-06-01 00:48:14 +00:00			`}`
attempt to fix auth linking regression 2023-07-10 17:18:17 +00:00
Return 500 if callback URL is external 2023-05-07 11:59:19 +00:00			`if (external) {`
slight mods to open redirect fix 2023-05-07 13:33:51 +00:00			`callbackUrl = '/'`
Return 500 if callback URL is external 2023-05-07 11:59:19 +00:00			`}`

Account Switching (#644) * WIP: Account switching * Fix empty USER query ANON_USER_ID was undefined and thus the query for @anon had no variables. * Apply multiAuthMiddleware in /api/graphql * Fix 'you must be logged in' query error on switch to anon * Add smart 'switch account' button "smart" means that it only shows if there are accounts to which one can switch * Fix multiAuth not set in backend * Comment fixes, minor changes * Use fw-bold instead of 'selected' * Close dropdown and offcanvas Inside a dropdown, we can rely on autoClose but need to wrap the buttons with <Dropdown.Item> for that to work. For the offcanvas, we need to pass down handleClose. * Use button to add account * Some pages require hard reload on account switch * Reinit settings form on account switch * Also don't refetch WalletHistory * Formatting * Use width: fit-content for standalone SignUpButton * Remove unused className * Use fw-bold and text-underline on selected * Fix inconsistent padding of login buttons * Fix duplicate redirect from /settings on anon switch * Never throw during refetch * Throw errors which extend GraphQLError * Only use meAnonSats if logged out * Use reactive variable for meAnonSats The previous commit broke the UI update after anon zaps because we actually updated item.meSats in the cache and not item.meAnonSats. Updating item.meAnonSats was not possible because it's a local field. For that, one needs to use reactive variables. We do this now and thus also don't need the useEffect hack in item-info.js anymore. * Switch to new user * Fix missing cleanup during logout If we logged in but never switched to any other account, the 'multi_auth.user-id' cookie was not set. This meant that during logout, the other 'multi_auth.' cookies were not deleted. This broke the account switch modal. This is fixed by setting the 'multi_auth.user-id' cookie on login. Additionally, we now cleanup if cookie pointer OR session is set (instead of only if both are set). Fix comments in middleware * Remove unnecessary effect dependencies setState is stable and thus only noise in effect dependencies * Show but disable unavailable auth methods * make signup button consistent with others * Always reload page on switch * refine account switch styling * logout barrier --------- Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com> Co-authored-by: k00b <k00b@stacker.news> 2024-09-12 18:05:11 +00:00			`if (session && callbackUrl && !multiAuth) {`
			`// in the case of auth linking we want to pass the error back to settings`
			`// in the case of multi auth, don't redirect if there is already a session`
show errors on settings during auth linking 2023-07-30 20:39:18 +00:00			`if (error) {`
add NEXT_PUBLIC_URL 2024-04-08 22:54:39 +00:00			`const url = new URL(callbackUrl, process.env.NEXT_PUBLIC_URL)`
show errors on settings during auth linking 2023-07-30 20:39:18 +00:00			`url.searchParams.set('error', error)`
			`callbackUrl = url.pathname + url.search`
			`}`

upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 19:38:20 +00:00			`return {`
			`redirect: {`
			`destination: callbackUrl,`
			`permanent: false`
			`}`
			`}`
custom auth page 2021-04-24 21:05:07 +00:00			`}`

Account Switching (#644) * WIP: Account switching * Fix empty USER query ANON_USER_ID was undefined and thus the query for @anon had no variables. * Apply multiAuthMiddleware in /api/graphql * Fix 'you must be logged in' query error on switch to anon * Add smart 'switch account' button "smart" means that it only shows if there are accounts to which one can switch * Fix multiAuth not set in backend * Comment fixes, minor changes * Use fw-bold instead of 'selected' * Close dropdown and offcanvas Inside a dropdown, we can rely on autoClose but need to wrap the buttons with <Dropdown.Item> for that to work. For the offcanvas, we need to pass down handleClose. * Use button to add account * Some pages require hard reload on account switch * Reinit settings form on account switch * Also don't refetch WalletHistory * Formatting * Use width: fit-content for standalone SignUpButton * Remove unused className * Use fw-bold and text-underline on selected * Fix inconsistent padding of login buttons * Fix duplicate redirect from /settings on anon switch * Never throw during refetch * Throw errors which extend GraphQLError * Only use meAnonSats if logged out * Use reactive variable for meAnonSats The previous commit broke the UI update after anon zaps because we actually updated item.meSats in the cache and not item.meAnonSats. Updating item.meAnonSats was not possible because it's a local field. For that, one needs to use reactive variables. We do this now and thus also don't need the useEffect hack in item-info.js anymore. * Switch to new user * Fix missing cleanup during logout If we logged in but never switched to any other account, the 'multi_auth.user-id' cookie was not set. This meant that during logout, the other 'multi_auth.' cookies were not deleted. This broke the account switch modal. This is fixed by setting the 'multi_auth.user-id' cookie on login. Additionally, we now cleanup if cookie pointer OR session is set (instead of only if both are set). Fix comments in middleware * Remove unnecessary effect dependencies setState is stable and thus only noise in effect dependencies * Show but disable unavailable auth methods * make signup button consistent with others * Always reload page on switch * refine account switch styling * logout barrier --------- Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com> Co-authored-by: k00b <k00b@stacker.news> 2024-09-12 18:05:11 +00:00			`const providers = await getProviders()`

custom auth page 2021-04-24 21:05:07 +00:00			`return {`
			`props: {`
Account Switching (#644) * WIP: Account switching * Fix empty USER query ANON_USER_ID was undefined and thus the query for @anon had no variables. * Apply multiAuthMiddleware in /api/graphql * Fix 'you must be logged in' query error on switch to anon * Add smart 'switch account' button "smart" means that it only shows if there are accounts to which one can switch * Fix multiAuth not set in backend * Comment fixes, minor changes * Use fw-bold instead of 'selected' * Close dropdown and offcanvas Inside a dropdown, we can rely on autoClose but need to wrap the buttons with <Dropdown.Item> for that to work. For the offcanvas, we need to pass down handleClose. * Use button to add account * Some pages require hard reload on account switch * Reinit settings form on account switch * Also don't refetch WalletHistory * Formatting * Use width: fit-content for standalone SignUpButton * Remove unused className * Use fw-bold and text-underline on selected * Fix inconsistent padding of login buttons * Fix duplicate redirect from /settings on anon switch * Never throw during refetch * Throw errors which extend GraphQLError * Only use meAnonSats if logged out * Use reactive variable for meAnonSats The previous commit broke the UI update after anon zaps because we actually updated item.meSats in the cache and not item.meAnonSats. Updating item.meAnonSats was not possible because it's a local field. For that, one needs to use reactive variables. We do this now and thus also don't need the useEffect hack in item-info.js anymore. * Switch to new user * Fix missing cleanup during logout If we logged in but never switched to any other account, the 'multi_auth.user-id' cookie was not set. This meant that during logout, the other 'multi_auth.' cookies were not deleted. This broke the account switch modal. This is fixed by setting the 'multi_auth.user-id' cookie on login. Additionally, we now cleanup if cookie pointer OR session is set (instead of only if both are set). Fix comments in middleware * Remove unnecessary effect dependencies setState is stable and thus only noise in effect dependencies * Show but disable unavailable auth methods * make signup button consistent with others * Always reload page on switch * refine account switch styling * logout barrier --------- Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com> Co-authored-by: k00b <k00b@stacker.news> 2024-09-12 18:05:11 +00:00			`providers,`
create invite page 2021-10-15 17:56:54 +00:00			`callbackUrl,`
Account Switching (#644) * WIP: Account switching * Fix empty USER query ANON_USER_ID was undefined and thus the query for @anon had no variables. * Apply multiAuthMiddleware in /api/graphql * Fix 'you must be logged in' query error on switch to anon * Add smart 'switch account' button "smart" means that it only shows if there are accounts to which one can switch * Fix multiAuth not set in backend * Comment fixes, minor changes * Use fw-bold instead of 'selected' * Close dropdown and offcanvas Inside a dropdown, we can rely on autoClose but need to wrap the buttons with <Dropdown.Item> for that to work. For the offcanvas, we need to pass down handleClose. * Use button to add account * Some pages require hard reload on account switch * Reinit settings form on account switch * Also don't refetch WalletHistory * Formatting * Use width: fit-content for standalone SignUpButton * Remove unused className * Use fw-bold and text-underline on selected * Fix inconsistent padding of login buttons * Fix duplicate redirect from /settings on anon switch * Never throw during refetch * Throw errors which extend GraphQLError * Only use meAnonSats if logged out * Use reactive variable for meAnonSats The previous commit broke the UI update after anon zaps because we actually updated item.meSats in the cache and not item.meAnonSats. Updating item.meAnonSats was not possible because it's a local field. For that, one needs to use reactive variables. We do this now and thus also don't need the useEffect hack in item-info.js anymore. * Switch to new user * Fix missing cleanup during logout If we logged in but never switched to any other account, the 'multi_auth.user-id' cookie was not set. This meant that during logout, the other 'multi_auth.' cookies were not deleted. This broke the account switch modal. This is fixed by setting the 'multi_auth.user-id' cookie on login. Additionally, we now cleanup if cookie pointer OR session is set (instead of only if both are set). Fix comments in middleware * Remove unnecessary effect dependencies setState is stable and thus only noise in effect dependencies * Show but disable unavailable auth methods * make signup button consistent with others * Always reload page on switch * refine account switch styling * logout barrier --------- Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com> Co-authored-by: k00b <k00b@stacker.news> 2024-09-12 18:05:11 +00:00			`error,`
			`multiAuth`
custom auth page 2021-04-24 21:05:07 +00:00			`}`
			`}`
			`}`

sign up buttons 2023-01-10 00:33:44 +00:00			`function LoginFooter ({ callbackUrl }) {`
			`return (`
enhance navigation 2024-02-23 15:32:20 +00:00			`<small className='fw-bold text-muted pt-4'>New to town? <Link href={{ pathname: '/signup', query: { callbackUrl } }}>sign up</Link></small>`
			`)`
			`}`

			`function LoginHeader () {`
			`return (`
			`<>`
			`<h3 className='w-100 pb-2'>`
			`Login`
			`</h3>`
			`<div className='fw-bold text-muted w-100 text-start pb-4'>Ain't you a sight for sore eyes.</div>`
			`</>`
sign up buttons 2023-01-10 00:33:44 +00:00			`)`
			`}`

			`export default function LoginPage (props) {`
			`return (`
Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"" This reverts commit 18910fa2ed470fe12ffbfb83df18e206101f0a05. 2023-07-23 15:08:43 +00:00			`<StaticLayout footerLinks={false}>`
global modal + small fixes/enhancements 2023-01-10 23:13:37 +00:00			`<Login`
			`Footer={() => <LoginFooter callbackUrl={props.callbackUrl} />}`
enhance navigation 2024-02-23 15:32:20 +00:00			`Header={() => <LoginHeader />}`
global modal + small fixes/enhancements 2023-01-10 23:13:37 +00:00			`{...props}`
			`/>`
Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"" This reverts commit 18910fa2ed470fe12ffbfb83df18e206101f0a05. 2023-07-23 15:08:43 +00:00			`</StaticLayout>`
sign up buttons 2023-01-10 00:33:44 +00:00			`)`
			`}`