diff --git a/pages/api/auth/[...nextauth].js b/pages/api/auth/[...nextauth].js index 56b9cfdd..2d1160ab 100644 --- a/pages/api/auth/[...nextauth].js +++ b/pages/api/auth/[...nextauth].js @@ -14,6 +14,7 @@ import { schnorr } from '@noble/curves/secp256k1' import { notifyReferral } from '@/lib/webPush' import { hashEmail } from '@/lib/crypto' import * as cookie from 'cookie' +import { multiAuthMiddleware } from '@/pages/api/graphql' /** * Stores userIds in user table @@ -132,6 +133,9 @@ function setMultiAuthCookies (req, res, { id, jwt, name, photoId }) { // add JWT to **httpOnly** cookie res.appendHeader('Set-Cookie', cookie.serialize(`multi_auth.${id}`, jwt, cookieOptions)) + // switch to user we just added + res.appendHeader('Set-Cookie', cookie.serialize('multi_auth.user-id', id, { ...cookieOptions, httpOnly: false })) + let newMultiAuth = [{ id, name, photoId }] if (req.cookies.multi_auth) { const oldMultiAuth = b64Decode(req.cookies.multi_auth) @@ -140,9 +144,6 @@ function setMultiAuthCookies (req, res, { id, jwt, name, photoId }) { newMultiAuth = [...oldMultiAuth, ...newMultiAuth] } res.appendHeader('Set-Cookie', cookie.serialize('multi_auth', b64Encode(newMultiAuth), { ...cookieOptions, httpOnly: false })) - - // switch to user we just added - res.appendHeader('Set-Cookie', cookie.serialize('multi_auth.user-id', id, { ...cookieOptions, httpOnly: false })) } async function pubkeyAuth (credentials, req, res, pubkeyColumnName) { @@ -165,6 +166,7 @@ async function pubkeyAuth (credentials, req, res, pubkeyColumnName) { let user = await prisma.user.findUnique({ where: { [pubkeyColumnName]: pubkey } }) // get token if it exists + req = multiAuthMiddleware(req) const token = await getToken({ req }) if (!user) { // we have not seen this pubkey before diff --git a/pages/api/graphql.js b/pages/api/graphql.js index 7d41ee57..9d6626e9 100644 --- a/pages/api/graphql.js +++ b/pages/api/graphql.js @@ -82,7 +82,7 @@ export default startServerAndCreateNextHandler(apolloServer, { } }) -function multiAuthMiddleware (request) { +export function multiAuthMiddleware (request) { // switch next-auth session cookie with multi_auth cookie if cookie pointer present // is there a cookie pointer?