feat: use cookie to assess if user is already authenticated

GaloyMoney · Oct 28, 2023 · 30f36a3 · 30f36a3
1 parent 182cd7b
commit 30f36a3
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 19 deletions.
diff --git a/apps/consent/app/login/page.tsx b/apps/consent/app/login/page.tsx
@@ -1,24 +1,25 @@
-import { redirect } from "next/navigation"
-import React from "react"
+import { cookies, headers } from "next/headers"
 import Link from "next/link"
-import { headers, cookies } from "next/headers"
+import { redirect } from "next/navigation"
 
 import { hydraClient } from "../../services/hydra"
-import InputComponent from "../components/input-component"
+import PrimaryButton from "../components/button/primary-button-component"
+import SecondaryButton from "../components/button/secondary-button-component"
 import Card from "../components/card"
-import MainContent from "../components/main-container"
-import Logo from "../components/logo"
-import Heading from "../components/heading"
-import SubHeading from "../components/sub-heading"
 import FormComponent from "../components/form-component"
+import Heading from "../components/heading"
+import InputComponent from "../components/input-component"
+import Logo from "../components/logo"
+import MainContent from "../components/main-container"
 import Separator from "../components/separator"
-import PrimaryButton from "../components/button/primary-button-component"
-import SecondaryButton from "../components/button/secondary-button-component"
+import SubHeading from "../components/sub-heading"
 import { LoginType, SubmitValue } from "../index.types"
 
 import { LoginEmailResponse } from "./email-login.types"
 
+import { env } from "@/env"
 import authApi from "@/services/galoy-auth"
+import axios from "axios"
 
 //  this page is for login via email
 interface LoginProps {
@@ -94,8 +95,8 @@ async function submitForm(formData: FormData): Promise<LoginEmailResponse | void
       value: email,
       remember,
     }),
-    { secure: true },
-  )
+    { secure: true, sameSite: "lax" }
+  );
 
   const params = new URLSearchParams({
     login_challenge,
@@ -138,6 +139,34 @@ const Login = async ({ searchParams }: { searchParams: LoginProps }) => {
     redirect(String(response.redirect_to))
   }
 
+  const useSecureCookies = env.DASHBOARD_URL.startsWith("https://");
+  const cookiePrefix = useSecureCookies ? "__Secure-" : "";
+  const cookieNameSession = `${cookiePrefix}next-auth.session-token`;
+  const cookie = cookies().get(cookieNameSession);
+
+  if (cookie) {
+    const response = await axios(`${env.DASHBOARD_URL}/api/auth/session`, {
+      method: "GET",
+      headers: {
+        Cookie: cookies().toString(),
+      },
+    });
+    const userId = response?.data?.userData?.data?.me?.id;
+
+    if (userId) {
+      const response2 = await hydraClient.acceptOAuth2LoginRequest({
+        loginChallenge: login_challenge,
+        acceptOAuth2LoginRequest: {
+          subject: userId,
+          remember: true,
+          remember_for: 3600,
+          acr: "2", // FIXME
+        },
+      });
+      redirect(response2.data.redirect_to);
+    }
+  }
+
   return (
     <MainContent>
       <Card>

diff --git a/apps/consent/env.ts b/apps/consent/env.ts
@@ -5,6 +5,7 @@ export const env = createEnv({
   server: {
     HYDRA_ADMIN_URL: z.string().default("http://localhost:4445"),
     CORE_AUTH_URL: z.string().default("http://localhost:4455/auth"),
+    DASHBOARD_URL: z.string().default("http://localhost:3001"),
   },
   shared: {
     GRAPHQL_ENDPOINT: z.string().default("http://localhost:4455/graphql"),
@@ -19,5 +20,6 @@ export const env = createEnv({
     OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
     TRACING_SERVICE_NAME: process.env.TRACING_SERVICE_NAME,
     NODE_ENV: process.env.NODE_ENV,
+    DASHBOARD_URL: process.env.DASHBOARD_URL,
   },
 })
diff --git a/apps/dashboard/app/api/auth/[...nextauth]/route.ts b/apps/dashboard/app/api/auth/[...nextauth]/route.ts
@@ -1,11 +1,13 @@
-import NextAuth, { AuthOptions } from "next-auth"
-
-import { ApolloQueryResult } from "@apollo/client"
-
 import { fetchUserData } from "@/services/graphql/queries/me-data"
+import NextAuth, { AuthOptions } from "next-auth"
 import { env } from "@/env"
 import { MeQuery } from "@/services/graphql/generated"
 
+const useSecureCookies = process.env.NEXTAUTH_URL?.startsWith("https://")
+const cookiePrefix = useSecureCookies ? "__Secure-" : ""
+
+import { ApolloQueryResult } from "@apollo/client"
+
 declare module "next-auth" {
   interface Profile {
     id: string
@@ -17,7 +19,10 @@ declare module "next-auth" {
   }
 }
 
-const type = "oauth" as const
+const heightHours = 8 * 60 * 60 * 1000
+const expires = new Date(Date.now() + heightHours)
+
+const type = "oauth" as const;
 export const authOptions: AuthOptions = {
   providers: [
     {
@@ -68,6 +73,19 @@ export const authOptions: AuthOptions = {
       return session
     },
   },
+  cookies: {
+    sessionToken: {
+      name: `${cookiePrefix}next-auth.session-token`,
+      options: {
+        httpOnly: true,
+        sameSite: "lax",
+        path: "/",
+        // domain: ".localhost", // FIXME: use env variable
+        secure: useSecureCookies,
+        expires,
+      },
+    },
+  },
 }
 
 const handler = NextAuth(authOptions)

diff --git a/apps/dashboard/env.ts b/apps/dashboard/env.ts
@@ -7,17 +7,19 @@ export const env = createEnv({
     CLIENT_ID: z.string().default("CLIENT_ID"),
     CLIENT_SECRET: z.string().default("CLIENT_SECRET"),
     HYDRA_PUBLIC: z.string().default("http://localhost:4444"),
+    HYDRA_ADMIN: z.string().default("http://localhost:4445"),
     NEXTAUTH_URL: z.string().default(""),
     NEXTAUTH_SECRET: z.string().default("secret"),
     OTEL_EXPORTER_OTLP_ENDPOINT: z.string().default("http://localhost:4318"),
   },
   runtimeEnv: {
     CORE_URL: process.env.CORE_URL,
-    NEXTAUTH_URL: process.env.NEXTAUTH_URL,
-    NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET,
     CLIENT_ID: process.env.CLIENT_ID,
     CLIENT_SECRET: process.env.CLIENT_SECRET,
     HYDRA_PUBLIC: process.env.HYDRA_PUBLIC,
+    HYDRA_ADMIN: process.env.HYDRA_ADMIN,
+    NEXTAUTH_URL: process.env.NEXTAUTH_URL,
+    NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET,
     OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
   },
 })