ekzyis/stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use X-Forwarded-Proto to detect scheme (#1403)

Browse Source
This commit is contained in:
ekzyis 2024-09-13 19:27:52 +02:00 committed by GitHub
parent c8975038bd
commit a32d1f2177
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.platform/nginx/conf.d/elasticbeanstalk/00_application.conf
View File

@ -22,4 +22,5 @@ location / {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
} }

3
pages/api/auth/[...nextauth].js
View File

@ -118,10 +118,11 @@ function setMultiAuthCookies (req, res, { id, jwt, name, photoId }) {
// default expiration for next-auth JWTs is in 1 month // default expiration for next-auth JWTs is in 1 month
const expiresAt = datePivot(new Date(), { months: 1 }) const expiresAt = datePivot(new Date(), { months: 1 })
const secure = req.headers['x-forwarded-proto'] === 'https'
const cookieOptions = { const cookieOptions = {
path: '/', path: '/',
httpOnly: true, httpOnly: true,
secure: req.secure, secure,
sameSite: 'lax', sameSite: 'lax',
expires: expiresAt expires: expiresAt
} }

4
pages/api/graphql.js
View File

@ -88,8 +88,10 @@ function multiAuthMiddleware (request) {
const cookiePointerName = 'multi_auth.user-id' const cookiePointerName = 'multi_auth.user-id'
const hasCookiePointer = !!request.cookies[cookiePointerName] const hasCookiePointer = !!request.cookies[cookiePointerName]
const secure = request.headers['x-forwarded-proto'] === 'https'
// is there a session? // is there a session?
const sessionCookieName = request.secure ? '__Secure-next-auth.session-token' : 'next-auth.session-token' const sessionCookieName = secure ? '__Secure-next-auth.session-token' : 'next-auth.session-token'
const hasSession = !!request.cookies[sessionCookieName] const hasSession = !!request.cookies[sessionCookieName]
if (!hasCookiePointer || !hasSession) { if (!hasCookiePointer || !hasSession) {

6
pages/api/signout.js
View File

@ -11,8 +11,10 @@ export default (req, res) => {
const cookiePointerName = 'multi_auth.user-id' const cookiePointerName = 'multi_auth.user-id'
const userId = req.cookies[cookiePointerName] const userId = req.cookies[cookiePointerName]
const secure = req.headers['x-forwarded-proto'] === 'https'
// is there a session? // is there a session?
const sessionCookieName = req.secure ? '__Secure-next-auth.session-token' : 'next-auth.session-token' const sessionCookieName = secure ? '__Secure-next-auth.session-token' : 'next-auth.session-token'
const sessionJWT = req.cookies[sessionCookieName] const sessionJWT = req.cookies[sessionCookieName]
if (!userId && !sessionJWT) { if (!userId && !sessionJWT) {
@ -25,7 +27,7 @@ export default (req, res) => {
const cookieOptions = { const cookieOptions = {
path: '/', path: '/',
secure: req.secure, secure,
httpOnly: true, httpOnly: true,
sameSite: 'lax', sameSite: 'lax',
expires: datePivot(new Date(), { months: 1 }) expires: datePivot(new Date(), { months: 1 })