diff --git a/web/src/api/createServerInstance.ts b/web/src/api/createServerInstance.ts index c23e7d470..1487cbc1a 100644 --- a/web/src/api/createServerInstance.ts +++ b/web/src/api/createServerInstance.ts @@ -2,7 +2,7 @@ import { BASE_URL } from './buster_rest/instances'; import type { RequestInit } from 'next/dist/server/web/spec-extension/request'; -import { createClient } from '../context/Supabase/server'; +import { createServerSupabaseClient } from '../context/Supabase/server'; export interface FetchConfig extends RequestInit { baseURL?: string; @@ -10,7 +10,7 @@ export interface FetchConfig extends RequestInit { } export const serverFetch = async (url: string, config: FetchConfig = {}): Promise => { - const supabase = await createClient(); + const supabase = await createServerSupabaseClient(); const sessionData = await supabase.auth.getSession(); const accessToken = sessionData.data?.session?.access_token; diff --git a/web/src/context/Supabase/server.ts b/web/src/context/Supabase/server.ts index 409d53e31..5077e0564 100644 --- a/web/src/context/Supabase/server.ts +++ b/web/src/context/Supabase/server.ts @@ -1,21 +1,21 @@ -import { createServerClient } from '@supabase/ssr'; +import { CookieOptions, createServerClient } from '@supabase/ssr'; import { cookies } from 'next/headers'; -export async function createClient() { +export const COOKIE_OPTIONS: CookieOptions = { + path: '/', + secure: process.env.NODE_ENV === 'production', // Only use secure in production + sameSite: 'lax', // Type assertion to fix the error + httpOnly: true, // Make cookies HttpOnly + maxAge: 60 * 60 * 24 * 7 // 1 week +}; + +export const createServerSupabaseClient = async () => { const cookieStore = await cookies(); - return await createServerClient( + return createServerClient( process.env.NEXT_PUBLIC_SUPABASE_URL!, process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!, { - cookieOptions: { - secure: true, - httpOnly: true - }, - auth: { - autoRefreshToken: true, - persistSession: true - }, cookies: { getAll() { return cookieStore.getAll(); @@ -23,7 +23,7 @@ export async function createClient() { setAll(cookiesToSet) { try { cookiesToSet.forEach(({ name, value, options }) => - cookieStore.set(name, value, options) + cookieStore.set(name, value, { ...options, ...COOKIE_OPTIONS }) ); } catch { // The `setAll` method was called from a Server Component. @@ -34,4 +34,4 @@ export async function createClient() { } } ); -} +}; diff --git a/web/src/middleware/supabaseMiddleware.ts b/web/src/middleware/supabaseMiddleware.ts index c51ae1b4f..edd6d0bde 100644 --- a/web/src/middleware/supabaseMiddleware.ts +++ b/web/src/middleware/supabaseMiddleware.ts @@ -1,3 +1,4 @@ +import { COOKIE_OPTIONS } from '@/context/Supabase/server'; import { createServerClient } from '@supabase/ssr'; import { User } from '@supabase/supabase-js'; import { NextResponse, type NextRequest } from 'next/server'; @@ -23,7 +24,7 @@ export async function updateSession(request: NextRequest) { request }); cookiesToSet.forEach(({ name, value, options }) => - supabaseResponse.cookies.set(name, value, options) + supabaseResponse.cookies.set(name, value, { ...options, ...COOKIE_OPTIONS }) ); } }