fix AuthHandler, add getServerSession

apps/playground-sveltekit/src/hooks.server.ts

@@ -1,12 +1,12 @@
 import type { Handle } from "@sveltejs/kit"
-// import { getServerSession, options as nextAuthOptions } from "$lib/next-auth"
+import { authOptions } from "./routes/api/auth/[...nextauth]/+server"
+import { getServerSession } from 'next-auth-sveltekit'
 
 export const handle: Handle = async function handle({
   event,
   resolve,
 }): Promise<Response> {
-  // const session = await getServerSession(event.request, nextAuthOptions)
-  const session = {}
+  const session = await getServerSession(event.request, authOptions)
   if (session) {
     event.locals.session = session
   }

apps/playground-sveltekit/src/routes/api/auth/[...nextauth]/+server.ts

@@ -1,8 +1,14 @@
 import SvelteKitAuth from "next-auth-sveltekit"
-import GitHub from 'next-auth-core/dist/providers/github';
+import GitHub from 'next-auth-core/providers/github';
+import {
+  GITHUB_CLIENT_ID,
+  GITHUB_CLIENT_SECRET,
+} from "$env/static/private"
 
-export const { GET, POST } = SvelteKitAuth({
+export const authOptions = {
   providers: [
-    GitHub({ clientId: process.env.GITHUB_ID!, clientSecret: process.env.GITHUB_SECRET! }),
+    GitHub({ clientId: GITHUB_CLIENT_ID, clientSecret: GITHUB_CLIENT_SECRET }),
   ]
-})
+}
+
+export const { GET, POST } = SvelteKitAuth(authOptions)

package.json

@@ -65,5 +65,10 @@
       "type": "opencollective",
       "url": "https://opencollective.com/nextauth"
     }
-  ]
+  ],
+  "pnpm": {
+    "overrides": {
+      "undici": "5.11.0"
+    }
+  }
 }

packages/frameworks/sveltekit/package.json

@@ -14,7 +14,6 @@
 		"@sveltejs/adapter-auto": "next",
 		"@sveltejs/kit": "next",
 		"@sveltejs/package": "next",
-		"@types/cookie": "^0.5.1",
 		"@typescript-eslint/eslint-plugin": "^5.45.0",
 		"@typescript-eslint/parser": "^5.45.0",
 		"eslint": "^8.28.0",
@@ -31,7 +30,6 @@
 	},
 	"type": "module",
 	"dependencies": {
-		"cookie": "^0.5.0",
 		"next-auth-core": "workspace:^0.0.1"
 	}
 }

packages/frameworks/sveltekit/src/app.d.ts

@@ -13,4 +13,9 @@ declare namespace App {
 
 declare module '$env/static/private' {
 	export const AUTH_SECRET: string
+}
+declare module '$env/static/public' {
+	export const PUBLIC_NEXTAUTH_URL: string
+	export const VERCEL: string
+	export const AUTH_TRUST_HOST: string
 }

packages/frameworks/sveltekit/src/lib/index.ts

@@ -2,17 +2,70 @@ import type { ServerLoadEvent } from "@sveltejs/kit"
 import {
   AUTH_SECRET,
 } from "$env/static/private"
+import {
+  AUTH_TRUST_HOST,
+  VERCEL,
+  PUBLIC_NEXTAUTH_URL,
+} from "$env/static/public"
 import { AuthHandler, type AuthOptions } from "next-auth-core"
 
+function getURL(
+  url: string | undefined | null,
+  trusted: boolean | undefined = !!(
+    AUTH_TRUST_HOST ?? VERCEL
+  ),
+  forwardedValue: string | string[] | undefined | null
+): URL | Error {
+  try {
+    let host = PUBLIC_NEXTAUTH_URL
+
+    if (trusted && forwardedValue) {
+      host = Array.isArray(forwardedValue) ? forwardedValue[0] : forwardedValue
+    }
+
+    if (!host) throw new TypeError("Invalid host")
+
+    return new URL(url ?? "", new URL(host))
+  } catch (error) {
+    return error as Error
+  }
+}
+export const getServerSession = async (
+  req: Request,
+  options: AuthOptions
+): Promise<unknown> => {
+
+  options.secret ??= AUTH_SECRET
+  const urlOrError = getURL(
+    "/api/auth/session",
+    options.trustHost,
+    req.headers.get("x-forwarded-host") ?? req.headers.get('host')
+  )
+
+  if (urlOrError instanceof Error) throw urlOrError
+  const response = await AuthHandler(
+    new Request(urlOrError, { headers: req.headers }),
+    options
+  )
+
+  const { status = 200 } = response
+
+  const data = await response.json()
+
+  if (!data || !Object.keys(data).length) return null
+
+  if (status === 200) {
+    return data
+  }
+  throw new Error(data.message)
+}
 
 const SKAuthHandler = async (
   { request }: ServerLoadEvent,
   options: AuthOptions
 ): Promise<Response> => {
-  options.secret = AUTH_SECRET
+  options.secret ??= AUTH_SECRET
 
-  console.log("SKAuthHandler", request, options)
-  // TODO Glue handling of cookies and headers etc.
   return await AuthHandler(request, options)
 }
 
@@ -31,3 +84,4 @@ function SvelteKitAuth(
 }
 
 export default SvelteKitAuth
+// export * from './getServerSession.js'