Refactor multiAuthMiddleware

middleware.js

@@ -15,20 +15,39 @@ const referrerMiddleware = (request) => {
 
 const multiAuthMiddleware = (request) => {
   // switch next-auth session cookie with multi_auth cookie if cookie pointer present
-  const userId = request.cookies?.get('multi_auth.user-id')?.value
+
+  // is there a cookie pointer?
+  const cookiePointerName = 'multi_auth.user-id'
+  const hasCookiePointer = request.cookies?.has(cookiePointerName)
+  // is there a session?
   const sessionCookieName = '__Secure-next-auth.session-token'
   const hasSession = request.cookies?.has(sessionCookieName)
-  if (userId && hasSession) {
-    if (userId === 'anonymous') {
-      // user switched to anon
-      request.cookies.delete(sessionCookieName)
-    } else {
-      const userJWT = request.cookies.get(`multi_auth.${userId}`)?.value
-      if (userJWT) request.cookies.set(sessionCookieName, userJWT)
-    }
+
+  if (!hasCookiePointer || !hasSession) {
+    // no session or no cookie pointer. do nothing.
+    return NextResponse.next({ request })
   }
-  const response = NextResponse.next({ request })
-  return response
+
+  const userId = request.cookies?.get(cookiePointerName)?.value
+  if (userId === 'anonymous') {
+    // user switched to anon. only delete session cookie.
+    request.cookies.delete(sessionCookieName)
+    return NextResponse.next({ request })
+  }
+
+  const userJWT = request.cookies.get(`multi_auth.${userId}`)?.value
+  if (!userJWT) {
+    // no multi auth JWT found
+    return NextResponse.next({ request })
+  }
+
+  if (userJWT) {
+    // multi auth JWT found in cookie that pointed to by cookie pointer that is different to current session cookie.
+    request.cookies.set(sessionCookieName, userJWT)
+    return NextResponse.next({ request })
+  }
+
+  return NextResponse.next({ request })
 }
 
 export function middleware (request) {