From a32d1f21771d569f28c1c9f5463ce0c01e9f2388 Mon Sep 17 00:00:00 2001
From: ekzyis <ek@stacker.news>
Date: Fri, 13 Sep 2024 19:27:52 +0200
Subject: [PATCH] Use X-Forwarded-Proto to detect scheme (#1403)

---
 .platform/nginx/conf.d/elasticbeanstalk/00_application.conf | 1 +
 pages/api/auth/[...nextauth].js                             | 3 ++-
 pages/api/graphql.js                                        | 4 +++-
 pages/api/signout.js                                        | 6 ++++--
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/.platform/nginx/conf.d/elasticbeanstalk/00_application.conf b/.platform/nginx/conf.d/elasticbeanstalk/00_application.conf
index e853cf2d..7ebb62e8 100644
--- a/.platform/nginx/conf.d/elasticbeanstalk/00_application.conf
+++ b/.platform/nginx/conf.d/elasticbeanstalk/00_application.conf
@@ -22,4 +22,5 @@ location / {
      proxy_set_header    Host                $host;
      proxy_set_header    X-Real-IP           $remote_addr;
      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+     proxy_set_header    X-Forwarded-Proto   $scheme;
 }
\ No newline at end of file
diff --git a/pages/api/auth/[...nextauth].js b/pages/api/auth/[...nextauth].js
index 5c19a289..c92a242d 100644
--- a/pages/api/auth/[...nextauth].js
+++ b/pages/api/auth/[...nextauth].js
@@ -118,10 +118,11 @@ function setMultiAuthCookies (req, res, { id, jwt, name, photoId }) {
 
   // default expiration for next-auth JWTs is in 1 month
   const expiresAt = datePivot(new Date(), { months: 1 })
+  const secure = req.headers['x-forwarded-proto'] === 'https'
   const cookieOptions = {
     path: '/',
     httpOnly: true,
-    secure: req.secure,
+    secure,
     sameSite: 'lax',
     expires: expiresAt
   }
diff --git a/pages/api/graphql.js b/pages/api/graphql.js
index 0e7ead75..0a117763 100644
--- a/pages/api/graphql.js
+++ b/pages/api/graphql.js
@@ -88,8 +88,10 @@ function multiAuthMiddleware (request) {
   const cookiePointerName = 'multi_auth.user-id'
   const hasCookiePointer = !!request.cookies[cookiePointerName]
 
+  const secure = request.headers['x-forwarded-proto'] === 'https'
+
   // is there a session?
-  const sessionCookieName = request.secure ? '__Secure-next-auth.session-token' : 'next-auth.session-token'
+  const sessionCookieName = secure ? '__Secure-next-auth.session-token' : 'next-auth.session-token'
   const hasSession = !!request.cookies[sessionCookieName]
 
   if (!hasCookiePointer || !hasSession) {
diff --git a/pages/api/signout.js b/pages/api/signout.js
index 3d8b56b5..94e6a14d 100644
--- a/pages/api/signout.js
+++ b/pages/api/signout.js
@@ -11,8 +11,10 @@ export default (req, res) => {
   const cookiePointerName = 'multi_auth.user-id'
   const userId = req.cookies[cookiePointerName]
 
+  const secure = req.headers['x-forwarded-proto'] === 'https'
+
   // is there a session?
-  const sessionCookieName = req.secure ? '__Secure-next-auth.session-token' : 'next-auth.session-token'
+  const sessionCookieName = secure ? '__Secure-next-auth.session-token' : 'next-auth.session-token'
   const sessionJWT = req.cookies[sessionCookieName]
 
   if (!userId && !sessionJWT) {
@@ -25,7 +27,7 @@ export default (req, res) => {
 
   const cookieOptions = {
     path: '/',
-    secure: req.secure,
+    secure,
     httpOnly: true,
     sameSite: 'lax',
     expires: datePivot(new Date(), { months: 1 })