peter/tvone
1
0
Fork 0
mirror of https://github.com/PeterMaquiran/tvone.git synced 2026-04-23 12:35:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

set the right domain

Browse Source
This commit is contained in:
Peter Maquiran
2026-04-19 13:30:47 +01:00
parent 00e8f167f9
commit 26cfe4eb5b
3 changed files with 50 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/api/auth/callback/route.ts
+3 -1
View File
@@ -1,3 +1,4 @@
import { getCookieDomain } from "@/lib/getDomain";
import { NextResponse } from "next/server"; import { NextResponse } from "next/server";
export async function GET(req: Request) { export async function GET(req: Request) {
@@ -5,6 +6,7 @@ export async function GET(req: Request) {
const code = url.searchParams.get("code"); const code = url.searchParams.get("code");
const origin = url.origin; const origin = url.origin;
const isHttps = url.protocol === "https:"; const isHttps = url.protocol === "https:";
const domain = getCookieDomain(url.hostname); // ← domain only
if (!code) { if (!code) {
return NextResponse.redirect(`${origin}/login?error=missing_code`); return NextResponse.redirect(`${origin}/login?error=missing_code`);
@@ -49,7 +51,7 @@ export async function GET(req: Request) {
sameSite: "lax", sameSite: "lax",
path: "/", path: "/",
maxAge: data.expires_in, maxAge: data.expires_in,
domain: "localhost", ...(domain ? { domain } : {}),
}); });
return res; return res;
app/api/auth/route.ts
+6 -2
View File
@@ -1,6 +1,10 @@
export async function GET() { export async function GET(req: Request) {
const url = new URL(req.url);
const origin = url.origin;
const redirect = encodeURIComponent( const redirect = encodeURIComponent(
"http://localhost:3000/api/auth/callback" `${origin}/api/auth/callback`
); );
const keycloakUrl = const keycloakUrl =
lib/getDomain.ts
+41
View File
@@ -0,0 +1,41 @@
const PUBLIC_SUFFIX_BLOCKLIST = new Set([
"localhost",
"127.0.0.1",
]);
export function getCookieDomain(hostname: string): string | undefined {
if (!hostname) return undefined;
const cleanHost = hostname.toLowerCase().split(":")[0];
// 1. Local / dev environments → no domain
if (PUBLIC_SUFFIX_BLOCKLIST.has(cleanHost) || cleanHost.endsWith(".local")) {
return undefined;
}
const parts = cleanHost.split(".").filter(Boolean);
// 2. IP address → no domain cookies
const isIp = parts.every((p) => /^\d+$/.test(p));
if (isIp) return undefined;
// 3. Must have at least domain + tld
if (parts.length < 2) return undefined;
// 4. Handle common case: api.example.com → example.com
const rootDomain = parts.slice(-2).join(".");
// 5. Safety: avoid setting cookie on known public suffix-like domains
const unsafeTlds = new Set([
"vercel.app",
"netlify.app",
"github.io",
"firebaseapp.com",
]);
if (unsafeTlds.has(rootDomain)) {
return undefined;
}
return `.${rootDomain}`;
}