make auth config & session validation more error resistant

dallen4 · Oct 20, 2023 · 35f5009 · 35f5009
1 parent 0fc4a46
commit 35f5009
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 6 deletions.
diff --git a/web/api/auth0.ts b/web/api/auth0.ts
@@ -1,4 +1,6 @@
+import { getSession } from '@auth0/nextjs-auth0';
 import { ManagementClient } from 'auth0';
+import { NextApiRequest, NextApiResponse } from 'next';
 import { UserMetadata } from 'types/users';
 
 const { host } = new URL(process.env.AUTH0_ISSUER_BASE_URL!);
@@ -36,3 +38,12 @@ export const updateUser = async (id: string, data: UserMetadata) => {
         metadata: updatedUser.user_metadata,
     };
 };
+
+export const getAuthSession = async (
+    req: NextApiRequest,
+    res: NextApiResponse,
+) =>
+    getSession(req, res).catch((err) => {
+        console.error(err);
+        return null;
+    });
diff --git a/web/pages/api/auth/[auth0].ts b/web/pages/api/auth/[auth0].ts
@@ -1,3 +1,6 @@
-import { handleAuth } from '@auth0/nextjs-auth0';
+import { handleAuth, initAuth0 } from '@auth0/nextjs-auth0';
+
+if (!process.env.AUTH0_BASE_URL)
+    process.env.AUTH0_BASE_URL = process.env.NEXT_PUBLIC_VERCEL_BRANCH_URL!;
 
 export default handleAuth();
diff --git a/web/pages/api/drop.ts b/web/pages/api/drop.ts
@@ -8,12 +8,12 @@ import { createDrop } from 'api/drops';
 import { DISABLE_CAPTCHA_COOKIE } from '@config/cookies';
 import { cors } from 'api/middleware/cors';
 import { runMiddleware } from 'api/middleware';
-import { getSession } from '@auth0/nextjs-auth0';
+import { getAuthSession } from 'api/auth0';
 
 export default async function drop(req: NextApiRequest, res: NextApiResponse) {
     await runMiddleware(req, res, cors);
 
-    const session = await getSession(req, res);
+    const session = await getAuthSession(req, res);
 
     if (!['POST', 'GET', 'DELETE'].includes(req.method!)) {
         res.setHeader('Allow', 'POST,GET,DELETE');

diff --git a/web/pages/api/me.ts b/web/pages/api/me.ts
@@ -1,8 +1,7 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 import { cors } from 'api/middleware/cors';
 import { runMiddleware } from 'api/middleware';
-import { getUserById } from 'api/auth0';
-import { getSession } from '@auth0/nextjs-auth0';
+import { getAuthSession, getUserById } from 'api/auth0';
 
 export default async function me(req: NextApiRequest, res: NextApiResponse) {
     await runMiddleware(req, res, cors);
@@ -13,7 +12,7 @@ export default async function me(req: NextApiRequest, res: NextApiResponse) {
         return;
     }
 
-    const session = await getSession(req, res);
+    const session = await getAuthSession(req, res);
 
     if (session) {
         const user = await getUserById(session!.user.sub);