UNPKG

next-auth

Version:

Authentication for Next.js

authjs.dev

nextauthjs/next-auth

175 lines (145 loc) 5.46 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
import { fromDate } from "../lib/utils" import type { InternalOptions } from "../types" import type { ResponseInternal } from ".." import type { Session } from "../.." import type { SessionStore } from "../lib/cookie" interface SessionParams { options: InternalOptions sessionStore: SessionStore isUpdate?: boolean newSession?: any } /** * Return a session object (without any private fields) * for Single Page App clients */ export default async function session( params: SessionParams ): Promise<ResponseInternal<Session | {}>> { const { options, sessionStore, newSession, isUpdate } = params const { adapter, jwt, events, callbacks, logger, session: { strategy: sessionStrategy, maxAge: sessionMaxAge }, } = options const response: ResponseInternal<Session | {}> = { body: {}, headers: [{ key: "Content-Type", value: "application/json" }], cookies: [], } const sessionToken = sessionStore.value if (!sessionToken) return response if (sessionStrategy === "jwt") { try { const decodedToken = await jwt.decode({ ...jwt, token: sessionToken }) if (!decodedToken) throw new Error("JWT invalid") // @ts-expect-error const token = await callbacks.jwt({ token: decodedToken, ...(isUpdate && { trigger: "update" }), session: newSession, }) const newExpires = fromDate(sessionMaxAge) // By default, only exposes a limited subset of information to the client // as needed for presentation purposes (e.g. "you are logged in as..."). // @ts-expect-error Property 'user' is missing in type const updatedSession = await callbacks.session({ session: { user: { name: decodedToken?.name, email: decodedToken?.email, image: decodedToken?.picture, }, expires: newExpires.toISOString(), }, token, }) // Return session payload as response response.body = updatedSession // Refresh JWT expiry by re-signing it, with an updated expiry date const newToken = await jwt.encode({ ...jwt, token, maxAge: options.session.maxAge, }) // Set cookie, to also update expiry date on cookie const sessionCookies = sessionStore.chunk(newToken, { expires: newExpires, }) response.cookies?.push(...sessionCookies) await events.session?.({ session: updatedSession, token }) } catch (error) { // If JWT not verifiable, make sure the cookie for it is removed and return empty object logger.error("JWT_SESSION_ERROR", error as Error) response.cookies?.push(...sessionStore.clean()) } } else { try { // @ts-expect-error -- adapter is checked to be defined in `init` const { getSessionAndUser, deleteSession, updateSession } = adapter let userAndSession = await getSessionAndUser(sessionToken) // If session has expired, clean up the database if ( userAndSession && userAndSession.session.expires.valueOf() < Date.now() ) { await deleteSession(sessionToken) userAndSession = null } if (userAndSession) { const { user, session } = userAndSession const sessionUpdateAge = options.session.updateAge // Calculate last updated date to throttle write updates to database // Formula: ({expiry date} - sessionMaxAge) + sessionUpdateAge // e.g. ({expiry date} - 30 days) + 1 hour const sessionIsDueToBeUpdatedDate = session.expires.valueOf() - sessionMaxAge * 1000 + sessionUpdateAge * 1000 const newExpires = fromDate(sessionMaxAge) // Trigger update of session expiry date and write to database, only // if the session was last updated more than {sessionUpdateAge} ago if (sessionIsDueToBeUpdatedDate <= Date.now()) { await updateSession({ sessionToken, expires: newExpires }) } // Pass Session through to the session callback // @ts-expect-error Property 'token' is missing in type const sessionPayload = await callbacks.session({ // By default, only exposes a limited subset of information to the client // as needed for presentation purposes (e.g. "you are logged in as..."). session: { user: { name: user.name, email: user.email, image: user.image }, expires: session.expires.toISOString(), }, user, newSession, ...(isUpdate ? { trigger: "update" } : {}), }) // Return session payload as response response.body = sessionPayload // Set cookie again to update expiry response.cookies?.push({ name: options.cookies.sessionToken.name, value: sessionToken, options: { ...options.cookies.sessionToken.options, expires: newExpires, }, }) // @ts-expect-error await events.session?.({ session: sessionPayload }) } else if (sessionToken) { // If `sessionToken` was found set but it's not valid for a session then // remove the sessionToken cookie from browser. response.cookies?.push(...sessionStore.clean()) } } catch (error) { logger.error("SESSION_ERROR", error as Error) } } return response }