Skip to content

Commit

Permalink
fix(#523): deduplicate the setCookie call
Browse files Browse the repository at this point in the history
  • Loading branch information
@phoenix-ru
phoenix-ru committed Feb 29, 2024
1 parent 0a50c4d commit 9f024e1
Showing 1 changed file with 25 additions and 1 deletion.
26 changes: 25 additions & 1 deletion src/runtime/server/services/authjs/nuxtAuthHandler.ts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import type { IncomingHttpHeaders } from 'http'
import { getQuery, setCookie, readBody, sendRedirect, eventHandler, parseCookies, createError, isMethod, getHeaders, getResponseHeader, setResponseHeader } from 'h3'
import type { H3Event } from 'h3'
import type { CookieSerializeOptions } from 'cookie-es'

import { AuthHandler } from 'next-auth/core'
import { getToken as nextGetToken } from 'next-auth/jwt'
Expand Down Expand Up @@ -150,7 +151,7 @@ export const NuxtAuthHandler = (nuxtAuthOptions?: AuthOptions) => {
if (nextResult.status) {
res.statusCode = nextResult.status
}
nextResult.cookies?.forEach(cookie => setCookie(event, cookie.name, cookie.value, cookie.options))
nextResult.cookies?.forEach(cookie => setCookieDeduped(event, cookie.name, cookie.value, cookie.options))
nextResult.headers?.forEach(header => appendHeaderDeduped(event, header.key, header.value))

// 3. Return either:
Expand Down Expand Up @@ -251,3 +252,26 @@ function appendHeaderDeduped (event: H3Event, name: string, value: string) {
current.push(value)
setResponseHeader(event, name, current)
}

/**
* Adds a cookie, overriding its previous value.
* Related to https://github.com/sidebase/nuxt-auth/issues/523
*/
function setCookieDeduped (event: H3Event, name: string, value: string, serializeOptions: CookieSerializeOptions) {
// Deduplicate by removing the same name cookie
let setCookiesHeader = getResponseHeader(event, 'set-cookie')
if (setCookiesHeader) {
if (!Array.isArray(setCookiesHeader)) {
setCookiesHeader = [setCookiesHeader.toString()]
}

// Safety: `cookie-es` builds up the cookie by using `name + '=' + encodedValue`
// https://github.com/unjs/cookie-es/blob/a3495860248b98e7015c9a3ade8c6c47ad3403df/src/index.ts#L102
const filterBy = `${name}=`
setCookiesHeader = setCookiesHeader.filter(cookie => !cookie.startsWith(filterBy))

setResponseHeader(event, 'set-cookie', setCookiesHeader)
}

setCookie(event, name, value, serializeOptions)
}

0 comments on commit 9f024e1

Please sign in to comment.