next-auth icon indicating copy to clipboard operation
next-auth copied to clipboard

Published 20 hours ago โ€ข verified publisher icon nextauthjs

fix(middleware): improve handling of custom nextjs basePath

Open psperber opened this issue 2 years ago โ€ข 5 comments

โ˜•๏ธ Reasoning

The middleware did not respect the nextjs base path correct. It was not prepended to the path at the redirect. Within this PR I introduce a function to get the nextjs base path from the req.nextUrl object, which is then used in the middleware to perform a correct validation and redirect.

๐Ÿงข Checklist

  • [ ] Documentation
  • [x] Tests
  • [x] Ready to be merged

๐ŸŽซ Affected issues

Please scout and link issues that might be solved by this PR.

๐Ÿ“Œ Resources

psperber avatar Aug 06 '22 13:08 psperber

The latest updates on your projects. Learn more about Vercel for Git โ†—๏ธŽ

1 Ignored Deployment
Name Status Preview Updated
next-auth โฌœ๏ธ Ignored (Inspect) Oct 8, 2022 at 6:06PM (UTC)

vercel[bot] avatar Aug 06 '22 13:08 vercel[bot]

Hi @psperber, could you provide a simple reproduction of the issue? We need to verify if it's really an issue first before accepting this PR ๐Ÿ™Œ

ThangHuuVu avatar Aug 13 '22 09:08 ThangHuuVu

Hi, of course. Hope that's sufficient: https://github.com/psperber/next-auth-issues

psperber avatar Aug 14 '22 19:08 psperber

Hey, anything I can do to help you going forward with my PR?

psperber avatar Sep 06 '22 20:09 psperber

Thanks for raising the PR ๐Ÿ™Œ I added a comment, let me know what you think. While you're at it, please help resolve the conflicts, too

Conflict is resolved, verified if it is still working with the current version. Also checked with NEXTAUTH_URL=http://localhost:3000/custom-base with the latest next-auth version released as you suggested, but it is not working.

psperber avatar Sep 21 '22 14:09 psperber

Noticed that you've removed the tests, can you add back at least one? ๐Ÿ™Œ

I added the test from @lavcraft branch, thanks for that :)

psperber avatar Oct 06 '22 07:10 psperber

Noticed that you've removed the tests, can you add back at least one? ๐Ÿ™Œ

I added the test from @lavcraft branch, thanks for that :)

Nice. But i have one more not committed test for check valid redirect when browser follow to first redirect (should return undefined and skip auth process for signin page for example)

Feel free and add this test too if you want :)

it("should redirect according to nextUrl basePath", async () => {
  // given
  const options: NextAuthMiddlewareOptions = {
    secret: "secret"
  }
  const handleMiddleware = withAuth(options) as NextMiddleware

  // when
  const res = await handleMiddleware({
    nextUrl: {
      pathname: "/protected/pathA",
      search: "",
      origin: "http://127.0.0.1",
      basePath: "/custom-base-path"
    }, headers: { authorization: "" }
  } as any, null as any)

  //then
  expect(res).toBeDefined()
  expect(res.status).toEqual(307)
  expect(res.headers.get("location")).toContain("http://127.0.0.1/api/auth/signin?callbackUrl=%2Fcustom-base-path%2Fprotected%2FpathA")

  // and when follow redirect
  const resFromRedirectedUrl = await handleMiddleware({
    nextUrl: {
      pathname: "/api/auth/signin",
      search: "callbackUrl=%2Fcustom-base-path%2Fprotected%2FpathA",
      origin: "http://127.0.0.1",
      basePath: "/custom-base-path"
    }, headers: { authorization: "" }
  } as any, null as any)

  // then return sign in page
  expect(resFromRedirectedUrl).toBeUndefined()
})

@ThangHuuVu which step is next? :)

lavcraft avatar Oct 06 '22 11:10 lavcraft

Thank you @lavcraft ! I added your test as well.

psperber avatar Oct 06 '22 12:10 psperber

@ThangHuuVu could i help with sth for merging this? Looks like it's good now, but i don't understand what we are waiting for :)

lavcraft avatar Oct 07 '22 06:10 lavcraft

๐Ÿ™Œ

ThangHuuVu avatar Oct 09 '22 04:10 ThangHuuVu

@ThangHuuVu thanks. Already throw it to production, it works :) Many thanks!

lavcraft avatar Oct 20 '22 18:10 lavcraft