89a5c54065
- proxy: await getUser() so refreshed session cookies land on the response - callback: gate on AUTH_ENABLED, reject non-relative next (open redirect) - page: snapshot + resume form and style image across the OAuth redirect; require login before the style-image vision parse - play: wire authResolveRef so login retries the action that hit 401; dismissing the modal no longer re-fires it - server: wrap cookie setAll in try/catch for read-only contexts Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
32 lines
1.1 KiB
TypeScript
32 lines
1.1 KiB
TypeScript
import { type NextRequest, NextResponse } from "next/server";
|
|
import { createServerClient } from "@supabase/ssr";
|
|
|
|
export async function proxy(request: NextRequest) {
|
|
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
|
|
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY;
|
|
if (!supabaseUrl || !supabaseKey) return NextResponse.next();
|
|
|
|
let response = NextResponse.next({ request });
|
|
const supabase = createServerClient(supabaseUrl, supabaseKey, {
|
|
cookies: {
|
|
getAll: () => request.cookies.getAll(),
|
|
setAll: (cookiesToSet) => {
|
|
for (const { name, value } of cookiesToSet) {
|
|
request.cookies.set(name, value);
|
|
}
|
|
response = NextResponse.next({ request });
|
|
for (const { name, value, options } of cookiesToSet) {
|
|
response.cookies.set(name, value, options);
|
|
}
|
|
},
|
|
},
|
|
});
|
|
|
|
// Must await: getUser() triggers the token refresh, and the refreshed
|
|
// cookies are written to `response` via the setAll callback above. Returning
|
|
// before it resolves can drop the refreshed session cookie.
|
|
await supabase.auth.getUser();
|
|
|
|
return response;
|
|
}
|