diff --git a/examples/auth/blitz.config.ts b/examples/auth/blitz.config.ts index 158cc2e766..067830be9c 100644 --- a/examples/auth/blitz.config.ts +++ b/examples/auth/blitz.config.ts @@ -7,6 +7,7 @@ const withBundleAnalyzer = require("@next/bundle-analyzer")({ module.exports = withBundleAnalyzer({ middleware: [ sessionMiddleware({ + cookiePrefix: "blitz-auth-example", isAuthorized: simpleRolesIsAuthorized, // sessionExpiryMinutes: 4, getSession: (handle) => db.session.findFirst({where: {handle}}), diff --git a/examples/custom-server/blitz.config.js b/examples/custom-server/blitz.config.js index ccd8b2f16f..537c1431ea 100644 --- a/examples/custom-server/blitz.config.js +++ b/examples/custom-server/blitz.config.js @@ -3,6 +3,7 @@ const {sessionMiddleware, simpleRolesIsAuthorized} = require("blitz") module.exports = { middleware: [ sessionMiddleware({ + cookiePrefix: "blitz-custom-server-example", isAuthorized: simpleRolesIsAuthorized, }), ], diff --git a/examples/fauna/blitz.config.js b/examples/fauna/blitz.config.js index c02de61653..fc4393d0a6 100644 --- a/examples/fauna/blitz.config.js +++ b/examples/fauna/blitz.config.js @@ -20,6 +20,7 @@ const normalizeSession = (faunaSession) => { module.exports = { middleware: [ sessionMiddleware({ + cookiePrefix: "blitz-fauna-example", isAuthorized: simpleRolesIsAuthorized, getSession: async (handle) => { const { findSessionByHandle: session } = await graphQLClient.request( diff --git a/packages/config/src/index.ts b/packages/config/src/index.ts index a4de767586..8afb4e15af 100644 --- a/packages/config/src/index.ts +++ b/packages/config/src/index.ts @@ -91,6 +91,14 @@ export interface BlitzConfig extends Record { _meta: { packageName: string } + middleware?: Record & + { + (req: any, res: any, next: any): Promise | void + type?: string + config?: { + cookiePrefix?: string + } + }[] } declare global { diff --git a/packages/core/src/auth/auth-types.ts b/packages/core/src/auth/auth-types.ts index 15050be5c5..d3950ed52c 100644 --- a/packages/core/src/auth/auth-types.ts +++ b/packages/core/src/auth/auth-types.ts @@ -39,6 +39,7 @@ export interface SessionModel extends Record { } export type SessionConfig = { + cookiePrefix?: string sessionExpiryMinutes?: number method?: "essential" | "advanced" sameSite?: "none" | "lax" | "strict" diff --git a/packages/core/src/blitz-data.tsx b/packages/core/src/blitz-data.tsx index 6b9e895290..63dd65aca0 100644 --- a/packages/core/src/blitz-data.tsx +++ b/packages/core/src/blitz-data.tsx @@ -10,8 +10,12 @@ export type BlitzRuntimeData = { export function _getBlitzRuntimeData(): BlitzRuntimeData { const config = getConfig() + const middleware = config.middleware?.filter( + (middleware) => middleware.name === "blitzSessionMiddleware", + )[0] + const cookiePrefix = middleware?.config?.cookiePrefix return { - sessionCookiePrefix: (config._meta.packageName || "blitz").replace(/[^a-zA-Z0-9-_]/g, "_"), + sessionCookiePrefix: cookiePrefix || "blitz", suspenseEnabled: config.experimental?.reactRoot !== false, } } @@ -20,10 +24,7 @@ export function getBlitzRuntimeData() { if (isClient && !process.env.JEST_WORKER_ID) { return window.__BLITZ_DATA__ } else { - if (!global.__BLITZ_DATA__) { - global.__BLITZ_DATA__ = _getBlitzRuntimeData() - } - return global.__BLITZ_DATA__ + return _getBlitzRuntimeData() } } diff --git a/packages/core/src/server/auth/sessions.ts b/packages/core/src/server/auth/sessions.ts index 291e51c86e..ebb0c99d45 100644 --- a/packages/core/src/server/auth/sessions.ts +++ b/packages/core/src/server/auth/sessions.ts @@ -148,7 +148,17 @@ export const sessionMiddleware = (sessionConfig: Partial = {}): M ...sessionConfig, } - return async (req, res, next) => { + // Checks if cookie prefix from configuration has + // non-alphanumeric characters and throws error + const cookiePrefix = global.sessionConfig.cookiePrefix ?? "blitz" + assert( + cookiePrefix.match(/^[a-zA-Z0-9-_]+$/), + `The cookie prefix used has invalid characters. Only alphanumeric characters, "-" and "_" character are supported`, + ) + + const blitzSessionMiddleware: Middleware<{ + cookiePrefix?: string + }> = async (req, res, next) => { debug("Starting sessionMiddleware...") if (req.method !== "HEAD" && !(res.blitzCtx as any).session) { // This function also saves session to res.blitzCtx @@ -156,6 +166,11 @@ export const sessionMiddleware = (sessionConfig: Partial = {}): M } return next() } + + blitzSessionMiddleware.config = { + cookiePrefix, + } + return blitzSessionMiddleware } type JwtPayload = AnonymousSessionPayload | null diff --git a/packages/core/src/types.ts b/packages/core/src/types.ts index ec44e4efbe..8f9fcc45d9 100644 --- a/packages/core/src/types.ts +++ b/packages/core/src/types.ts @@ -69,11 +69,11 @@ export interface MiddlewareResponse extends BlitzApiResponse { } export type MiddlewareNext = (error?: Error) => Promise | void -export type Middleware = ( - req: MiddlewareRequest, - res: MiddlewareResponse, - next: MiddlewareNext, -) => Promise | void +export type Middleware = { + (req: MiddlewareRequest, res: MiddlewareResponse, next: MiddlewareNext): Promise | void + type?: string + config?: MiddlewareConfig +} /** * Infer the type of the parameter from function that takes a single argument diff --git a/packages/generator/templates/app/blitz.config.ts b/packages/generator/templates/app/blitz.config.ts index 646c005557..14c0f75c1a 100644 --- a/packages/generator/templates/app/blitz.config.ts +++ b/packages/generator/templates/app/blitz.config.ts @@ -3,6 +3,7 @@ import { sessionMiddleware, simpleRolesIsAuthorized } from "blitz" module.exports = { middleware: [ sessionMiddleware({ + cookiePrefix: '__name__', isAuthorized: simpleRolesIsAuthorized, }), ],