-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9a33e42
commit 6d0477f
Showing
5 changed files
with
492 additions
and
492 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,118 +1,118 @@ | ||
import { type NextRequest, NextResponse } from "next/server"; | ||
import { createClient } from "@supabase/supabase-js"; | ||
import jwt from "jsonwebtoken"; | ||
import { NextResponse, type NextRequest } from 'next/server'; | ||
import { createClient } from '@supabase/supabase-js'; | ||
import jwt from 'jsonwebtoken'; | ||
|
||
import type { Database } from "@/utils/supabase/database.types"; | ||
import type { Database } from '@/utils/supabase/database.types'; | ||
|
||
const CORS_HEADERS = { | ||
"Access-Control-Allow-Origin": "*", | ||
"Access-Control-Allow-Methods": "GET OPTIONS", | ||
"Access-Control-Allow-Headers": "Content-Type", | ||
'Access-Control-Allow-Origin': '*', | ||
'Access-Control-Allow-Methods': 'GET OPTIONS', | ||
'Access-Control-Allow-Headers': 'Content-Type', | ||
}; | ||
|
||
export async function GET(request: NextRequest) { | ||
try { | ||
const token = request.headers.get("Authorization")?.replace("Bearer ", ""); | ||
try { | ||
const token = request.headers.get('Authorization')?.replace('Bearer ', ''); | ||
|
||
if (!token) { | ||
return new NextResponse("Unauthorized", { | ||
status: 401, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} | ||
if (!token) { | ||
return new NextResponse('Unauthorized', { | ||
status: 401, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} | ||
|
||
const user = jwt.verify(token, process.env.SUPABASE_JWT_SECRET!) as { | ||
sub: string; | ||
address: string; | ||
aud: string; | ||
role: string; | ||
iat: number; | ||
exp: number; | ||
}; | ||
const user = jwt.verify(token, process.env.SUPABASE_JWT_SECRET!) as { | ||
sub: string; | ||
address: string; | ||
aud: string; | ||
role: string; | ||
iat: number; | ||
exp: number; | ||
}; | ||
|
||
const supabase = createClient<Database>( | ||
process.env.NEXT_PUBLIC_SUPABASE_URL!, | ||
process.env.SUPABASE_SECRET_KEY!, | ||
); | ||
const supabase = createClient<Database>( | ||
process.env.NEXT_PUBLIC_SUPABASE_URL!, | ||
process.env.SUPABASE_SECRET_KEY! | ||
); | ||
|
||
const { data: selectData, error: selectError } = await supabase | ||
.from("sessions") | ||
.select("id") | ||
.eq("user_id", user.sub); | ||
const { data: selectData, error: selectError } = await supabase | ||
.from('sessions') | ||
.select('id') | ||
.eq('user_id', user.sub); | ||
|
||
if (selectError) { | ||
return new NextResponse("Internal Server Error", { | ||
status: 500, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} | ||
if (selectError) { | ||
return new NextResponse('Internal Server Error', { | ||
status: 500, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} | ||
|
||
// If session is found delete it | ||
if (selectData.length !== 0) { | ||
const { error: deleteError } = await supabase | ||
.from("sessions") | ||
.delete() | ||
.eq("user_id", user.sub); | ||
// If session is found delete it | ||
if (selectData.length !== 0) { | ||
const { error: deleteError } = await supabase | ||
.from('sessions') | ||
.delete() | ||
.eq('user_id', user.sub); | ||
|
||
if (deleteError) { | ||
return new NextResponse("Internal Server Error", { | ||
status: 500, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} | ||
} | ||
if (deleteError) { | ||
return new NextResponse('Internal Server Error', { | ||
status: 500, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} | ||
} | ||
|
||
// Create a new session | ||
const { data: insertData, error: insertError } = await supabase | ||
.from("sessions") | ||
.insert({ | ||
user_id: user.sub, | ||
}) | ||
.select() | ||
.limit(1) | ||
.single(); | ||
// Create a new session | ||
const { data: insertData, error: insertError } = await supabase | ||
.from('sessions') | ||
.insert({ | ||
user_id: user.sub, | ||
}) | ||
.select() | ||
.limit(1) | ||
.single(); | ||
|
||
if (insertError || !insertData) { | ||
return new NextResponse("Internal Server Error", { | ||
status: 500, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} | ||
if (insertError || !insertData) { | ||
return new NextResponse('Internal Server Error', { | ||
status: 500, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} | ||
|
||
return NextResponse.json( | ||
{ | ||
sessionId: insertData.id, | ||
}, | ||
{ | ||
status: 201, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}, | ||
); | ||
} catch (error) { | ||
return new NextResponse("Internal Server Error", { | ||
status: 500, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} | ||
return NextResponse.json( | ||
{ | ||
sessionId: insertData.id, | ||
}, | ||
{ | ||
status: 201, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
} | ||
); | ||
} catch (error) { | ||
return new NextResponse('Internal Server Error', { | ||
status: 500, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} | ||
} | ||
|
||
export async function OPTIONS() { | ||
return new NextResponse(null, { | ||
status: 200, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
return new NextResponse(null, { | ||
status: 200, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,65 +1,65 @@ | ||
import { NextResponse } from "next/server"; | ||
import { createClient } from "@supabase/supabase-js"; | ||
import { add, format } from "date-fns"; | ||
import { NextResponse } from 'next/server'; | ||
import { createClient } from '@supabase/supabase-js'; | ||
import { add, format } from 'date-fns'; | ||
|
||
import type { Database } from "@/utils/supabase/database.types"; | ||
import type { Database } from '@/utils/supabase/database.types'; | ||
|
||
const CORS_HEADERS = { | ||
"Access-Control-Allow-Origin": "*", | ||
"Access-Control-Allow-Methods": "GET OPTIONS", | ||
"Access-Control-Allow-Headers": "Content-Type", | ||
'Access-Control-Allow-Origin': '*', | ||
'Access-Control-Allow-Methods': 'GET OPTIONS', | ||
'Access-Control-Allow-Headers': 'Content-Type', | ||
}; | ||
|
||
export async function GET() { | ||
const supabase = createClient<Database>( | ||
process.env.NEXT_PUBLIC_SUPABASE_URL!, | ||
process.env.SUPABASE_SECRET_KEY!, | ||
); | ||
const supabase = createClient<Database>( | ||
process.env.NEXT_PUBLIC_SUPABASE_URL!, | ||
process.env.SUPABASE_SECRET_KEY! | ||
); | ||
|
||
// Insert a new nonce and select 1 row | ||
const { data, error } = await supabase | ||
.from("siwe") | ||
.insert({ | ||
// Expires in 5 minutes (ISO String) | ||
expires_at: format( | ||
add(new Date(), { minutes: 5 }), | ||
"yyyy-MM-dd'T'HH:mm:ss.SSSxxx", | ||
), | ||
}) | ||
.select() | ||
.limit(1) | ||
.single(); | ||
// Insert a new nonce and select 1 row | ||
const { data, error } = await supabase | ||
.from('siwe') | ||
.insert({ | ||
// Expires in 5 minutes (ISO String) | ||
expires_at: format( | ||
add(new Date(), { minutes: 5 }), | ||
"yyyy-MM-dd'T'HH:mm:ss.SSSxxx" | ||
), | ||
}) | ||
.select() | ||
.limit(1) | ||
.single(); | ||
|
||
if (error || !data) { | ||
return new NextResponse("Internal server error", { | ||
status: 500, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} | ||
if (error || !data) { | ||
return new NextResponse('Internal server error', { | ||
status: 500, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} | ||
|
||
return NextResponse.json( | ||
{ | ||
nonce: data.nonce, | ||
expiresAt: data.expires_at, | ||
createdAt: data.created_at, | ||
}, | ||
{ | ||
headers: { | ||
...CORS_HEADERS, | ||
"Set-Cookie": `verify.session=${data.id}; Path=/; HttpOnly; Secure; SameSite=Strict;`, | ||
}, | ||
status: 200, | ||
}, | ||
); | ||
return NextResponse.json( | ||
{ | ||
nonce: data.nonce, | ||
expiresAt: data.expires_at, | ||
createdAt: data.created_at, | ||
}, | ||
{ | ||
headers: { | ||
...CORS_HEADERS, | ||
'Set-Cookie': `verify.session=${data.id}; Path=/; HttpOnly; Secure; SameSite=Strict;`, | ||
}, | ||
status: 200, | ||
} | ||
); | ||
} | ||
|
||
export async function OPTIONS() { | ||
return new NextResponse(null, { | ||
status: 200, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
return new NextResponse(null, { | ||
status: 200, | ||
headers: { | ||
...CORS_HEADERS, | ||
}, | ||
}); | ||
} |
Oops, something went wrong.