From 19f3beae1ab33bb3257694c742d1b3e5487a187d Mon Sep 17 00:00:00 2001
From: divyam234 <47589864+divyam234@users.noreply.github.com>
Date: Thu, 4 Jul 2024 10:37:21 +0530
Subject: [PATCH] fix(auth-js): Fix immutable headers error in x-forwarded
 request (#614)

* fix: immutable headers error in x-forwarded req

* added changeset
---
 .changeset/chatty-dragons-juggle.md |  5 ++
 packages/auth-js/src/index.ts       | 71 ++++++++++++++---------------
 2 files changed, 39 insertions(+), 37 deletions(-)
 create mode 100644 .changeset/chatty-dragons-juggle.md

diff --git a/.changeset/chatty-dragons-juggle.md b/.changeset/chatty-dragons-juggle.md
new file mode 100644
index 000000000..dbd79f032
--- /dev/null
+++ b/.changeset/chatty-dragons-juggle.md
@@ -0,0 +1,5 @@
+---
+'@hono/auth-js': patch
+---
+
+fix immutable headers error in x-forwarded req
diff --git a/packages/auth-js/src/index.ts b/packages/auth-js/src/index.ts
index b48ca04f4..0379517a5 100644
--- a/packages/auth-js/src/index.ts
+++ b/packages/auth-js/src/index.ts
@@ -4,11 +4,10 @@ import type { AdapterUser } from '@auth/core/adapters'
 import type { JWT } from '@auth/core/jwt'
 import type { Session } from '@auth/core/types'
 import type { Context, MiddlewareHandler } from 'hono'
-import { env ,getRuntimeKey} from 'hono/adapter'
+import { env, getRuntimeKey } from 'hono/adapter'
 import { HTTPException } from 'hono/http-exception'
 import { setEnvDefaults as coreSetEnvDefaults } from '@auth/core'
 
-
 declare module 'hono' {
   interface ContextVariableMap {
     authUser: AuthUser
@@ -39,34 +38,31 @@ export function setEnvDefaults(env: AuthEnv, config: AuthConfig) {
   coreSetEnvDefaults(env, config)
 }
 
-async function cloneRequest(input: URL | string, request: Request){
-
-  if ( getRuntimeKey() === "bun") {
-  return new Request(input, {
-    method: request.method,
-    headers:new Headers(request.headers),
-    body:
-      request.method === "GET" || request.method === "HEAD"
-        ? undefined
-        : await request.blob(),
-    // @ts-ignore: TS2353
-    referrer: "referrer" in request ? (request.referrer as string) : undefined,
-    // deno-lint-ignore no-explicit-any
-    referrerPolicy: request.referrerPolicy as any,
-    mode: request.mode,
-    credentials: request.credentials,
-    // @ts-ignore: TS2353
-    cache: request.cache,
-    redirect: request.redirect,
-    integrity: request.integrity,
-    keepalive: request.keepalive,
-    signal: request.signal
-  })
-}
-return new Request(input, request)
+async function cloneRequest(input: URL | string, request: Request, headers?: Headers) {
+  if (getRuntimeKey() === 'bun') {
+    return new Request(input, {
+      method: request.method,
+      headers: headers ?? new Headers(request.headers),
+      body:
+        request.method === 'GET' || request.method === 'HEAD' ? undefined : await request.blob(),
+      // @ts-ignore: TS2353
+      referrer: 'referrer' in request ? (request.referrer as string) : undefined,
+      // deno-lint-ignore no-explicit-any
+      referrerPolicy: request.referrerPolicy as any,
+      mode: request.mode,
+      credentials: request.credentials,
+      // @ts-ignore: TS2353
+      cache: request.cache,
+      redirect: request.redirect,
+      integrity: request.integrity,
+      keepalive: request.keepalive,
+      signal: request.signal,
+    })
+  }
+  return new Request(input, request)
 }
 
-export async  function reqWithEnvUrl(req: Request, authUrl?: string){
+export async function reqWithEnvUrl(req: Request, authUrl?: string) {
   if (authUrl) {
     const reqUrlObj = new URL(req.url)
     const authUrlObj = new URL(authUrl)
@@ -75,19 +71,20 @@ export async  function reqWithEnvUrl(req: Request, authUrl?: string){
     return cloneRequest(reqUrlObj.href, req)
   } else {
     const url = new URL(req.url)
-    const proto = req.headers.get('x-forwarded-proto')
-    const host = req.headers.get('x-forwarded-host') ?? req.headers.get('host')
+    const headers = new Headers(req.headers)
+    const proto = headers.get('x-forwarded-proto')
+    const host = headers.get('x-forwarded-host') ?? headers.get('host')
     if (proto != null) url.protocol = proto.endsWith(':') ? proto : proto + ':'
-    if (host!=null) {
+    if (host != null) {
       url.host = host
       const portMatch = host.match(/:(\d+)$/)
       if (portMatch) url.port = portMatch[1]
       else url.port = ''
-      req.headers.delete("x-forwarded-host")
-      req.headers.delete("Host")
-      req.headers.set("Host", host)
+      headers.delete('x-forwarded-host')
+      headers.delete('Host')
+      headers.set('Host', host)
     }
-    return cloneRequest(url.href, req)
+    return cloneRequest(url.href, req, headers)
   }
 }
 
@@ -150,7 +147,7 @@ export function authHandler(): MiddlewareHandler {
   return async (c) => {
     const config = c.get('authConfig')
     const ctxEnv = env(c) as AuthEnv
-    
+
     setEnvDefaults(ctxEnv, config)
 
     if (!config.secret || config.secret.length === 0) {
@@ -161,4 +158,4 @@ export function authHandler(): MiddlewareHandler {
     const res = await Auth(authReq, config)
     return new Response(res.body, res)
   }
-}
\ No newline at end of file
+}