fix(web): integration cookie retrieval

tryabby · Aug 29, 2024 · d29e448 · d29e448
1 parent 86b2542
commit d29e448
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/apps/web/src/api/helpers.ts b/apps/web/src/api/helpers.ts
@@ -26,8 +26,15 @@ export const authMiddleware: MiddlewareHandler<{
     user: UserSession & DefaultSession["user"];
   };
 }> = async (c, next) => {
-  const tokenCookie = getCookie(c, "next-auth.session-token");
-  if (!tokenCookie) return next();
+  const tokenCookie = getCookie(
+    c,
+    env.NODE_ENV === "production"
+      ? "__Secure-next-auth.session-token"
+      : "next-auth.session-token"
+  );
+  if (!tokenCookie) {
+    return c.json({ error: "Unauthorized" }, { status: 401 });
+  }
   if (!env.NEXTAUTH_SECRET) {
     throw new Error("NEXTAUTH_SECRET is not set");
   }

diff --git a/apps/web/src/api/routes/integrations.ts b/apps/web/src/api/routes/integrations.ts
@@ -1,5 +1,6 @@
 import { zValidator } from "@hono/zod-validator";
 import { authMiddleware } from "api/helpers";
+import { env } from "env/server.mjs";
 import { Hono } from "hono";
 import { getGithubApp } from "server/common/github-app";
 import type { GithubIntegrationSettings } from "server/common/integrations";
@@ -24,7 +25,7 @@ export function makeIntegrationsRoute() {
           where: { id: projectId, users: { some: { userId: user.id } } },
           include: { integrations: true },
         });
-        const referrer = new URL(c.req.header("Referer") ?? "/");
+        const referrer = new URL(c.req.header("Referer") ?? env.NEXTAUTH_URL);
 
         if (!project) {
           referrer.searchParams.set("error", "Unauthorized");