From 01799d2610cb2d08fd65b1133df564b43d5cee17 Mon Sep 17 00:00:00 2001 From: divyam234 <47589864+divyam234@users.noreply.github.com> Date: Fri, 3 May 2024 16:20:03 +0530 Subject: [PATCH] fix(auth-js): react package work with ssr --- .changeset/thin-dodos-marry.md | 5 +++++ packages/auth-js/src/index.ts | 11 +++++++---- packages/auth-js/src/react.tsx | 11 ++--------- 3 files changed, 14 insertions(+), 13 deletions(-) create mode 100644 .changeset/thin-dodos-marry.md diff --git a/.changeset/thin-dodos-marry.md b/.changeset/thin-dodos-marry.md new file mode 100644 index 000000000..410434de9 --- /dev/null +++ b/.changeset/thin-dodos-marry.md @@ -0,0 +1,5 @@ +--- +'@hono/auth-js': patch +--- + +fix for ssr diff --git a/packages/auth-js/src/index.ts b/packages/auth-js/src/index.ts index 9f4480f41..4ba88a782 100644 --- a/packages/auth-js/src/index.ts +++ b/packages/auth-js/src/index.ts @@ -15,6 +15,7 @@ declare module 'hono' { } export type AuthEnv = { + AUTH_URL?: string AUTH_SECRET: string AUTH_REDIRECT_PROXY_URL?: string [key: string]: string | undefined @@ -63,8 +64,9 @@ function setEnvDefaults(env: AuthEnv, config: AuthConfig) { export async function getAuthUser(c: Context): Promise { const config = c.get('authConfig') - setEnvDefaults(env(c), config) - const origin = env(c)['AUTH_URL'] ? new URL(env(c)['AUTH_URL']).origin : new URL(c.req.url).origin + let ctxEnv = env(c) as AuthEnv + setEnvDefaults(ctxEnv, config) + const origin = ctxEnv.AUTH_URL ? new URL(ctxEnv.AUTH_URL).origin : new URL(c.req.url).origin const request = new Request(`${origin}${config.basePath}/session`, { headers: { cookie: c.req.header('cookie') ?? '' }, }) @@ -117,14 +119,15 @@ export function initAuthConfig(cb: ConfigHandler): MiddlewareHandler { export function authHandler(): MiddlewareHandler { return async (c) => { const config = c.get('authConfig') + let ctxEnv = env(c) as AuthEnv - setEnvDefaults(env(c), config) + setEnvDefaults(ctxEnv, config) if (!config.secret) { throw new HTTPException(500, { message: 'Missing AUTH_SECRET' }) } - const res = await Auth(reqWithEnvUrl(c.req.raw, env(c)['AUTH_URL']), config) + const res = await Auth(reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL), config) return new Response(res.body, res) } } diff --git a/packages/auth-js/src/react.tsx b/packages/auth-js/src/react.tsx index da48505a0..4ff710509 100644 --- a/packages/auth-js/src/react.tsx +++ b/packages/auth-js/src/react.tsx @@ -31,8 +31,8 @@ export { SessionProviderProps } class AuthConfigManager { private static instance: AuthConfigManager | null = null _config: AuthClientConfig = { - baseUrl: parseUrl(window.location.origin).origin, - basePath: parseUrl(window.location.origin).path, + baseUrl: typeof window !== 'undefined' ? parseUrl(window.location.origin).origin : '', + basePath: typeof window !== 'undefined' ? parseUrl(window.location.origin).path : '/api/auth', credentials: 'same-origin', _lastSync: 0, _session: undefined, @@ -148,13 +148,6 @@ export async function getSession(params?: GetSessionParams) { return session } -/** - * Returns the current Cross-Site Request Forgery Token (CSRF Token) - * required to make requests that changes state. (e.g. signing in or out, or updating the session). - * - * [CSRF Prevention: Double Submit Cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie) - * @internal - */ export async function getCsrfToken() { const response = await fetchData<{ csrfToken: string }>( 'csrf',