jazzymc/homarr
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: credentials login behind proxy no longer works (#2177)

Browse Source
This commit is contained in:
Meier Lukas
2024-11-01 10:03:45 +01:00
committed by GitHub
parent 9caf72aae7
commit 22732e33e5
2 changed files with 68 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/server/auth.ts
View File

@@ -7,6 +7,7 @@ import { decode, encode } from 'next-auth/jwt';
import { env } from '~/env'; import { env } from '~/env';
import { secondsFromTimeString } from '~/tools/client/parseDuration'; import { secondsFromTimeString } from '~/tools/client/parseDuration';
import { adapter, getProviders, onCreateUser } from '~/utils/auth'; import { adapter, getProviders, onCreateUser } from '~/utils/auth';
import { createCookiesWithDefaultOptions } from '~/utils/auth/cookies';
import { createRedirectUri } from '~/utils/auth/oidc'; import { createRedirectUri } from '~/utils/auth/oidc';
import EmptyNextAuthProvider from '~/utils/empty-provider'; import EmptyNextAuthProvider from '~/utils/empty-provider';
import { fromDate, generateSessionToken } from '~/utils/session'; import { fromDate, generateSessionToken } from '~/utils/session';
@@ -106,17 +107,7 @@ export const constructAuthOptions = async (
}, },
adapter: adapter as Adapter, adapter: adapter as Adapter,
providers: [...(await getProviders(req.headers)), EmptyNextAuthProvider()], providers: [...(await getProviders(req.headers)), EmptyNextAuthProvider()],
cookies: { cookies: createCookiesWithDefaultOptions(req.url?.startsWith('https:') ?? false),
sessionToken: {
name: 'next-auth.session-token',
options: {
httpOnly: true,
sameSite: 'lax',
path: '/',
secure: true,
},
},
},
jwt: { jwt: {
async encode(params) { async encode(params) {
if (!isCredentialsRequest(req)) { if (!isCredentialsRequest(req)) {

66
src/utils/auth/cookies.ts Normal file
View File

@@ -0,0 +1,66 @@
export const createCookiesWithDefaultOptions = (useSecureCookies: boolean) => {
const cookiePrefix = useSecureCookies ? '__Secure-' : '';
return {
// default cookie options
sessionToken: {
// We don't use __Secure prefix as the cookie is used in the code
name: `next-auth.session-token`,
options: {
httpOnly: true,
sameSite: 'lax',
path: '/',
secure: useSecureCookies,
},
},
callbackUrl: {
name: `${cookiePrefix}next-auth.callback-url`,
options: {
httpOnly: true,
sameSite: 'lax',
path: '/',
secure: useSecureCookies,
},
},
csrfToken: {
// Default to __Host- for CSRF token for additional protection if using useSecureCookies
// NB: The `__Host-` prefix is stricter than the `__Secure-` prefix.
name: `${useSecureCookies ? '__Host-' : ''}next-auth.csrf-token`,
options: {
httpOnly: true,
sameSite: 'lax',
path: '/',
secure: useSecureCookies,
},
},
pkceCodeVerifier: {
name: `${cookiePrefix}next-auth.pkce.code_verifier`,
options: {
httpOnly: true,
sameSite: 'lax',
path: '/',
secure: useSecureCookies,
maxAge: 60 * 15, // 15 minutes in seconds
},
},
state: {
name: `${cookiePrefix}next-auth.state`,
options: {
httpOnly: true,
sameSite: 'lax',
path: '/',
secure: useSecureCookies,
maxAge: 60 * 15, // 15 minutes in seconds
},
},
nonce: {
name: `${cookiePrefix}next-auth.nonce`,
options: {
httpOnly: true,
sameSite: 'lax',
path: '/',
secure: useSecureCookies,
},
},
} as const;
};