Parse session update

lukevella · Feb 7, 2025 · 3326b2c · 3326b2c
1 parent 80209d7
commit 3326b2c
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 7 deletions.
diff --git a/apps/web/declarations/next-auth.d.ts b/apps/web/declarations/next-auth.d.ts
@@ -12,6 +12,7 @@ declare module "next-auth" {
   interface Session {
     user?: {
       id: string;
+      email?: string | null;
       timeZone?: string | null;
       timeFormat?: TimeFormat | null;
       locale?: string | null;

diff --git a/apps/web/src/next-auth.config.ts b/apps/web/src/next-auth.config.ts
@@ -1,4 +1,3 @@
-import type { TimeFormat } from "@rallly/database";
 import type { NextAuthConfig } from "next-auth";
 
 import { env } from "@/env";
@@ -13,10 +12,10 @@ export const nextAuthConfig = {
     async session({ session, token }) {
       session.user.id = token.sub as string;
       session.user.email = token.email as string;
-      session.user.locale = token.locale as string;
-      session.user.timeFormat = token.timeFormat as TimeFormat;
-      session.user.timeZone = token.timeZone as string;
-      session.user.weekStart = token.weekStart as number;
+      session.user.locale = token.locale;
+      session.user.timeFormat = token.timeFormat;
+      session.user.timeZone = token.timeZone;
+      session.user.weekStart = token.weekStart;
       return session;
     },
   },

diff --git a/apps/web/src/next-auth.ts b/apps/web/src/next-auth.ts
@@ -2,6 +2,7 @@ import { prisma } from "@rallly/database";
 import { posthog } from "@rallly/posthog/server";
 import NextAuth from "next-auth";
 import type { Provider } from "next-auth/providers";
+import z from "zod";
 
 import { CustomPrismaAdapter } from "./auth/adapters/prisma";
 import { isEmailBlocked } from "./auth/is-email-blocked";
@@ -14,6 +15,13 @@ import { OIDCProvider } from "./auth/providers/oidc";
 import { RegistrationTokenProvider } from "./auth/providers/registration-token";
 import { nextAuthConfig } from "./next-auth.config";
 
+const sessionUpdateSchema = z.object({
+  locale: z.string().nullish(),
+  timeFormat: z.enum(["12h", "24h"]).nullish(),
+  timeZone: z.string().nullish(),
+  weekStart: z.number().nullish(),
+});
+
 export const { auth, handlers, signIn, signOut } = NextAuth({
   ...nextAuthConfig,
   adapter: CustomPrismaAdapter({
@@ -119,10 +127,13 @@ export const { auth, handlers, signIn, signOut } = NextAuth({
     },
     async jwt({ token, session, trigger }) {
       if (trigger === "update") {
-        if (session) {
-          Object.entries(session).forEach(([key, value]) => {
+        const parsed = sessionUpdateSchema.safeParse(session);
+        if (parsed.success) {
+          Object.entries(parsed.data).forEach(([key, value]) => {
             token[key] = value;
           });
+        } else {
+          console.error(parsed.error);
         }
       } else {
         const userId = token.sub;