From bf54044a96494514999098dae5a44d73397172f9 Mon Sep 17 00:00:00 2001
From: ekzyis <ek@stacker.news>
Date: Tue, 4 Mar 2025 08:58:48 -0600
Subject: [PATCH] Also check for `user` before setting multi auth cookies
 (#1941)

* Move multi auth init

* Store same token as we return in jwt callback
---
 pages/api/auth/[...nextauth].js | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/pages/api/auth/[...nextauth].js b/pages/api/auth/[...nextauth].js
index 8f2d7ffa..04f8f0b8 100644
--- a/pages/api/auth/[...nextauth].js
+++ b/pages/api/auth/[...nextauth].js
@@ -125,15 +125,12 @@ function getCallbacks (req, res) {
         token.sub = Number(token.id)
       }
 
-      // this only runs during a signup/login because response is only defined during signup/login
-      // and will add the multi_auth cookies for the user we just logged in as
-      if (req && res) {
-        req = new NodeNextRequest(req)
-        res = new NodeNextResponse(res)
+      // add multi_auth cookie for user that just logged in
+      if (user && req && res) {
         const secret = process.env.NEXTAUTH_SECRET
         const jwt = await encodeJWT({ token, secret })
         const me = await prisma.user.findUnique({ where: { id: token.id } })
-        setMultiAuthCookies(req, res, { ...me, jwt })
+        setMultiAuthCookies(new NodeNextRequest(req), new NodeNextResponse(res), { ...me, jwt })
       }
 
       return token