-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinitAuth.js
100 lines (94 loc) · 3.56 KB
/
initAuth.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
/* globals window */
import { init } from 'next-firebase-auth'
import absoluteUrl from 'next-absolute-url'
const TWELVE_DAYS_IN_MS = 12 * 60 * 60 * 24 * 1000
const initAuth = () => {
init({
debug: true,
// This demonstrates setting a dynamic destination URL when
// redirecting from app pages. Alternatively, you can simply
// specify `authPageURL: '/auth-ssr'`.
authPageURL: ({ ctx }) => {
const isServerSide = typeof window === 'undefined'
const origin = isServerSide
? absoluteUrl(ctx.req).origin
: window.location.origin
const destPath =
typeof window === 'undefined' ? ctx.resolvedUrl : window.location.href
const destURL = new URL(destPath, origin)
return `auth?destination=${encodeURIComponent(destURL)}`
},
// This demonstrates setting a dynamic destination URL when
// redirecting from auth pages. Alternatively, you can simply
// specify `appPageURL: '/'`.
appPageURL: ({ ctx }) => {
const isServerSide = typeof window === 'undefined'
const origin = isServerSide
? absoluteUrl(ctx.req).origin
: window.location.origin
const params = isServerSide
? new URL(ctx.req.url, origin).searchParams
: new URLSearchParams(window.location.search)
const destinationParamVal = params.get('destination')
? decodeURIComponent(params.get('destination'))
: undefined
// By default, go to the index page if the destination URL
// is invalid or unspecified.
let destURL = '/'
if (destinationParamVal) {
// Verify the redirect URL host is allowed.
// https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/04-Testing_for_Client_Side_URL_Redirect
const allowedHosts = ['localhost:3000', 'next-food-plan.vercel.app']
const allowed =
allowedHosts.indexOf(new URL(destinationParamVal).host) > -1
if (allowed) {
destURL = destinationParamVal
} else {
// eslint-disable-next-line no-console
console.warn(
`Redirect destination host must be one of ${allowedHosts.join(
', '
)}.`
)
}
}
return destURL
},
loginAPIEndpoint: '/api/login',
logoutAPIEndpoint: '/api/logout',
firebaseAdminInitConfig: {
credential: {
projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID,
clientEmail: process.env.FIREBASE_CLIENT_EMAIL,
// Using JSON to handle newline problems when storing the
// key as a secret in Vercel. See:
// https://github.com/vercel/vercel/issues/749#issuecomment-707515089
privateKey: process.env.FIREBASE_PRIVATE_KEY
? JSON.parse(process.env.FIREBASE_PRIVATE_KEY)
: undefined,
},
databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE_URL,
},
firebaseClientInitConfig: {
apiKey: process.env.NEXT_PUBLIC_FIREBASE_PUBLIC_API_KEY,
authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN,
databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE_URL,
projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID,
},
cookies: {
name: 'FoodPlan',
keys: [
process.env.COOKIE_SECRET_CURRENT,
process.env.COOKIE_SECRET_PREVIOUS,
],
httpOnly: true,
maxAge: TWELVE_DAYS_IN_MS,
overwrite: true,
path: '/',
sameSite: 'strict',
secure: process.env.NEXT_PUBLIC_COOKIE_SECURE === 'true',
signed: true,
},
})
}
export default initAuth