Mike/freno-dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

callback change

Browse Source
This commit is contained in:
Michael Freno
2026-01-07 18:53:41 -05:00
parent 1b3c832fc3
commit 244c8b6fb5
5 changed files with 21 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/routes/api/auth/callback/github.ts
View File

@@ -1,7 +1,6 @@
import type { APIEvent } from "@solidjs/start/server";
import { appRouter } from "~/server/api/root";
import { createTRPCContext } from "~/server/api/utils";
import { getResponseHeaders } from "vinxi/http";
export async function GET(event: APIEvent) {
const url = new URL(event.request.url);
@@ -46,41 +45,12 @@ export async function GET(event: APIEvent) {
result.redirectTo
);
// Get the response headers that were set by the session (includes Set-Cookie)
const responseHeaders = getResponseHeaders(event.nativeEvent);
console.log(
"[GitHub OAuth Callback] Response headers from event:",
Object.keys(responseHeaders)
);
// Create redirect response with the session cookie
// Vinxi's updateSession already set the cookie headers automatically
// Just redirect - the cookies are already in the response
const redirectUrl = result.redirectTo || "/account";
const headers = new Headers({
Location: redirectUrl
});
// Copy Set-Cookie headers from the session response
if (responseHeaders["set-cookie"]) {
const cookies = Array.isArray(responseHeaders["set-cookie"])
? responseHeaders["set-cookie"]
: [responseHeaders["set-cookie"]];
console.log("[GitHub OAuth Callback] Found cookies:", cookies.length);
cookies.forEach((cookie) => {
headers.append("Set-Cookie", cookie);
console.log(
"[GitHub OAuth Callback] Adding cookie:",
cookie.substring(0, 50) + "..."
);
});
} else {
console.error("[GitHub OAuth Callback] NO SET-COOKIE HEADER FOUND!");
console.error("[GitHub OAuth Callback] All headers:", responseHeaders);
}
return new Response(null, {
status: 302,
headers
headers: { Location: redirectUrl }
});
} else {
console.error(

36
src/routes/api/auth/callback/google.ts
View File

@@ -1,7 +1,6 @@
import type { APIEvent } from "@solidjs/start/server";
import { appRouter } from "~/server/api/root";
import { createTRPCContext } from "~/server/api/utils";
import { getResponseHeaders } from "vinxi/http";
export async function GET(event: APIEvent) {
const url = new URL(event.request.url);
@@ -46,41 +45,12 @@ export async function GET(event: APIEvent) {
result.redirectTo
);
// Get the response headers that were set by the session (includes Set-Cookie)
const responseHeaders = getResponseHeaders(event.nativeEvent);
console.log(
"[Google OAuth Callback] Response headers from event:",
Object.keys(responseHeaders)
);
// Create redirect response with the session cookie
// Vinxi's updateSession already set the cookie headers automatically
// Just redirect - the cookies are already in the response
const redirectUrl = result.redirectTo || "/account";
const headers = new Headers({
Location: redirectUrl
});
// Copy Set-Cookie headers from the session response
if (responseHeaders["set-cookie"]) {
const cookies = Array.isArray(responseHeaders["set-cookie"])
? responseHeaders["set-cookie"]
: [responseHeaders["set-cookie"]];
console.log("[Google OAuth Callback] Found cookies:", cookies.length);
cookies.forEach((cookie) => {
headers.append("Set-Cookie", cookie);
console.log(
"[Google OAuth Callback] Adding cookie:",
cookie.substring(0, 50) + "..."
);
});
} else {
console.error("[Google OAuth Callback] NO SET-COOKIE HEADER FOUND!");
console.error("[Google OAuth Callback] All headers:", responseHeaders);
}
return new Response(null, {
status: 302,
headers
headers: { Location: redirectUrl }
});
} else {
console.error(

48
src/routes/api/auth/email-login-callback.ts
View File

@@ -1,24 +1,18 @@
import type { APIEvent } from "@solidjs/start/server";
import { appRouter } from "~/server/api/root";
import { createTRPCContext } from "~/server/api/utils";
import { getResponseHeaders } from "vinxi/http";
export async function GET(event: APIEvent) {
const url = new URL(event.request.url);
const email = url.searchParams.get("email");
const token = url.searchParams.get("token");
const rememberMeParam = url.searchParams.get("rememberMe");
console.log("[Email Login Callback] Request received:", {
email,
hasToken: !!token,
tokenLength: token?.length,
rememberMeParam
tokenLength: token?.length
});
// Parse rememberMe parameter
const rememberMe = rememberMeParam === "true";
if (!email || !token) {
console.error("[Email Login Callback] Missing required parameters:", {
hasEmail: !!email,
@@ -37,11 +31,10 @@ export async function GET(event: APIEvent) {
const caller = appRouter.createCaller(ctx);
console.log("[Email Login Callback] Calling emailLogin procedure...");
// Call the email login handler
// Call the email login handler - rememberMe will be read from JWT payload
const result = await caller.auth.emailLogin({
email,
token,
rememberMe
token
});
console.log("[Email Login Callback] Login result:", result);
@@ -52,41 +45,12 @@ export async function GET(event: APIEvent) {
result.redirectTo
);
// Get the response headers that were set by the session (includes Set-Cookie)
const responseHeaders = getResponseHeaders(event.nativeEvent);
console.log(
"[Email Login Callback] Response headers from event:",
Object.keys(responseHeaders)
);
// Create redirect response with the session cookie
// Vinxi's updateSession already set the cookie headers automatically
// Just redirect - the cookies are already in the response
const redirectUrl = result.redirectTo || "/account";
const headers = new Headers({
Location: redirectUrl
});
// Copy Set-Cookie headers from the session response
if (responseHeaders["set-cookie"]) {
const cookies = Array.isArray(responseHeaders["set-cookie"])
? responseHeaders["set-cookie"]
: [responseHeaders["set-cookie"]];
console.log("[Email Login Callback] Found cookies:", cookies.length);
cookies.forEach((cookie) => {
headers.append("Set-Cookie", cookie);
console.log(
"[Email Login Callback] Adding cookie:",
cookie.substring(0, 50) + "..."
);
});
} else {
console.error("[Email Login Callback] NO SET-COOKIE HEADER FOUND!");
console.error("[Email Login Callback] All headers:", responseHeaders);
}
return new Response(null, {
status: 302,
headers
headers: { Location: redirectUrl }
});
} else {
console.error(

16
src/server/api/routers/auth.ts
View File

@@ -660,8 +660,8 @@ export const authRouter = createTRPCRouter({
});
}
// Use rememberMe from JWT payload (source of truth)
const rememberMe = (payload.rememberMe as boolean) || false;
// Use rememberMe from JWT payload (source of truth), default to false
const rememberMe = (payload.rememberMe as boolean) ?? false;
console.log("[Email Login] Using rememberMe from JWT:", rememberMe);
const conn = ConnectionFactory();
@@ -829,7 +829,7 @@ export const authRouter = createTRPCRouter({
const userId = (res.rows[0] as unknown as User).id;
const isAdmin = userId === env.ADMIN_ID;
// Use rememberMe from JWT if not provided in input
// Use rememberMe from JWT if not provided in input, default to false
const shouldRemember =
rememberMe ?? (payload.rememberMe as boolean) ?? false;
@@ -1008,7 +1008,7 @@ export const authRouter = createTRPCRouter({
getH3Event(ctx),
userId,
isAdmin,
false, // Registration defaults to non-remember
true, // Always use persistent sessions
clientIP,
userAgent
);
@@ -1177,7 +1177,7 @@ export const authRouter = createTRPCRouter({
getH3Event(ctx),
user.id,
isAdmin,
rememberMe || false,
rememberMe ?? false, // Default to session cookie (expires on browser close)
clientIP,
userAgent
);
@@ -1190,7 +1190,7 @@ export const authRouter = createTRPCRouter({
await logAuditEvent({
userId: user.id,
eventType: "auth.login.success",
eventData: { method: "password", rememberMe: rememberMe || false },
eventData: { method: "password", rememberMe: rememberMe ?? false },
ipAddress: clientIP,
userAgent,
success: true
@@ -1266,7 +1266,7 @@ export const authRouter = createTRPCRouter({
const secret = new TextEncoder().encode(env.JWT_SECRET_KEY);
const token = await new SignJWT({
email,
rememberMe: rememberMe ?? false,
rememberMe: rememberMe ?? false, // Default to session cookie (expires on browser close)
code: loginCode
})
.setProtectedHeader({ alg: "HS256" })
@@ -1274,7 +1274,7 @@ export const authRouter = createTRPCRouter({
.sign(secret);
const domain = env.VITE_DOMAIN || "https://freno.me";
const loginUrl = `${domain}/api/auth/email-login-callback?email=${email}&token=${token}&rememberMe=${rememberMe}`;
const loginUrl = `${domain}/api/auth/email-login-callback?email=${email}&token=${token}`;
const htmlContent = generateLoginLinkEmail({
email,

2
src/server/session-config.ts
View File

@@ -31,7 +31,7 @@ export const sessionConfig: SessionConfig = {
cookie: {
httpOnly: true,
secure: env.NODE_ENV === "production",
sameSite: "strict",
sameSite: "lax", // Allow cookies on top-level navigation (OAuth/email redirects) for WebKit compatibility
path: "/"
}
};