61 lines
1.8 KiB
TypeScript
61 lines
1.8 KiB
TypeScript
import { cookies } from "next/headers"
|
|
import { NextResponse } from "next/server"
|
|
import { platformUserFromToken } from "@/lib/auth/jwt-claims"
|
|
import { resolveServerOidcConfig } from "@/lib/auth/oidc-config"
|
|
import {
|
|
SESSION_COOKIE_NAMES,
|
|
applySessionCookies,
|
|
computeExpiresAt,
|
|
exchangeRefreshToken,
|
|
isAccessTokenValid,
|
|
resolveBearerToken,
|
|
} from "@/lib/auth/session"
|
|
|
|
export async function GET() {
|
|
const jar = await cookies()
|
|
const accessToken = jar.get(SESSION_COOKIE_NAMES.accessToken)?.value
|
|
const refreshToken = jar.get(SESSION_COOKIE_NAMES.refreshToken)?.value
|
|
const expiresAtRaw = jar.get(SESSION_COOKIE_NAMES.expiresAt)?.value
|
|
|
|
if (!accessToken && !refreshToken) {
|
|
return NextResponse.json({ authenticated: false })
|
|
}
|
|
|
|
if (isAccessTokenValid(accessToken, expiresAtRaw)) {
|
|
const expiresAt = Number(expiresAtRaw)
|
|
const user = platformUserFromToken(accessToken!)
|
|
return NextResponse.json({
|
|
authenticated: true,
|
|
accessToken,
|
|
refreshToken: refreshToken ?? null,
|
|
expiresAt,
|
|
user,
|
|
})
|
|
}
|
|
|
|
if (!refreshToken) {
|
|
return NextResponse.json({ authenticated: false, expired: true })
|
|
}
|
|
|
|
try {
|
|
const cfg = await resolveServerOidcConfig()
|
|
const tokens = await exchangeRefreshToken(refreshToken, cfg)
|
|
const bearer = resolveBearerToken(tokens)
|
|
const expiresAt = computeExpiresAt(tokens.expires_in ?? 3600)
|
|
const user = platformUserFromToken(bearer)
|
|
|
|
const response = NextResponse.json({
|
|
authenticated: true,
|
|
accessToken: bearer,
|
|
refreshToken: tokens.refresh_token ?? refreshToken,
|
|
expiresAt,
|
|
user,
|
|
refreshed: true,
|
|
})
|
|
applySessionCookies(response, tokens, bearer)
|
|
return response
|
|
} catch {
|
|
return NextResponse.json({ authenticated: false, expired: true })
|
|
}
|
|
}
|