34 lines
1.1 KiB
TypeScript
34 lines
1.1 KiB
TypeScript
|
import { type NextResponse } from "next/server";
|
||
|
|
|
||
|
|
import { ACCESS_TOKEN_COOKIE, REFRESH_TOKEN_COOKIE } from "@/lib/auth/constants";
|
||
|
|
|
||
|
|
const REFRESH_MAX_AGE = 60 * 60 * 24 * 30; // 30 days, matches Identity refresh TTL
|
||
|
|
|
||
|
|
/** Write the Identity access + refresh tokens as httpOnly cookies on a response. */
|
||
|
|
export function setAuthCookies(
|
||
|
|
res: NextResponse,
|
||
|
|
accessToken: string,
|
||
|
|
refreshToken: string,
|
||
|
|
accessExpiresIn: number
|
||
|
|
): NextResponse {
|
||
|
|
const secure = process.env.NODE_ENV === "production";
|
||
|
|
const base = { httpOnly: true, sameSite: "lax", secure, path: "/" } as const;
|
||
|
|
res.cookies.set(ACCESS_TOKEN_COOKIE, accessToken, {
|
||
|
|
...base,
|
||
|
|
maxAge: accessExpiresIn,
|
||
|
|
});
|
||
|
|
res.cookies.set(REFRESH_TOKEN_COOKIE, refreshToken, {
|
||
|
|
...base,
|
||
|
|
maxAge: REFRESH_MAX_AGE,
|
||
|
|
});
|
||
|
|
return res;
|
||
|
|
}
|
||
|
|
|
||
|
|
/** Expire both auth cookies (logout / failed refresh). */
|
||
|
|
export function clearAuthCookies(res: NextResponse): NextResponse {
|
||
|
|
for (const name of [ACCESS_TOKEN_COOKIE, REFRESH_TOKEN_COOKIE]) {
|
||
|
|
res.cookies.set(name, "", { httpOnly: true, path: "/", maxAge: 0 });
|
||
|
|
}
|
||
|
|
return res;
|
||
|
|
}
|