supertokens
diff --git a/‎examples/with-next-ssr-app-directory/middleware.ts
Lines changed: 65 additions & 39 deletions b/‎examples/with-next-ssr-app-directory/middleware.ts
Lines changed: 65 additions & 39 deletions
diff --git a/‎lib/ts/custom.ts
Lines changed: 0 additions & 98 deletions b/‎lib/ts/custom.ts
Lines changed: 0 additions & 98 deletions
diff --git a/‎lib/ts/nextjs/middleware.ts
Lines changed: 37 additions & 50 deletions b/‎lib/ts/nextjs/middleware.ts
Lines changed: 37 additions & 50 deletions
diff --git a/‎lib/ts/nextjs/ssr.ts
Lines changed: 3 additions & 1 deletion b/‎lib/ts/nextjs/ssr.ts
Lines changed: 3 additions & 1 deletion
diff --git a/‎lib/ts/recipe/session/framework/index.ts
Lines changed: 0 additions & 1 deletion b/‎lib/ts/recipe/session/framework/index.ts
Lines changed: 0 additions & 1 deletion
@@ -1,59 +1,85 @@
 import { NextResponse } from "next/server";
 import type { NextRequest } from "next/server";
-import { SessionContainer } from "supertokens-node/recipe/session";
+import { SessionContainer, VerifySessionOptions } from "supertokens-node/recipe/session";
 import { withSession } from "supertokens-node/nextjs";
 import { ensureSuperTokensInit } from "./app/config/backend";
 import { ssrConfig } from "./app/config/ssr";
-import { refreshSession } from "supertokens-auth-react/nextjs/middleware";
+import { refreshSession, revokeSession } from "supertokens-auth-react/nextjs/middleware";
+import { SuperTokensConfig } from "supertokens-auth-react/lib/build/types";
 
 ensureSuperTokensInit();
 
-export async function middleware(request: NextRequest & { session?: SessionContainer }) {
-    if (request.nextUrl.pathname.startsWith("/api")) {
-        if (request.headers.has("x-user-id")) {
-            console.warn(
-                "The FE tried to pass x-user-id, which is only supposed to be a backend internal header. Ignoring."
-            );
-            request.headers.delete("x-user-id");
-        }
+const CURRENT_PATH_COOKIE_NAME = "sCurrentPath";
+const FORCE_LOGOUT_PATH_PARAM_NAME = "forceLogout";
 
-        if (request.nextUrl.pathname.startsWith("/api/auth/session/refresh") && request.method === "GET") {
-            return refreshSession(ssrConfig(), request);
-        }
+export default superTokensMiddleware(ssrConfig());
 
-        if (request.nextUrl.pathname.startsWith("/api/auth")) {
-            // this hits our pages/api/auth/* endpoints
-            return NextResponse.next();
+function superTokensMiddleware(
+    config: SuperTokensConfig,
+    options?: VerifySessionOptions
+): (request: NextRequest & { session?: SessionContainer }) => Promise<Response | void> {
+    const usesNextjsForTheAuthenticationServer = true;
+
+    return async (request: NextRequest & { session?: SessionContainer }) => {
+        if (request.nextUrl.pathname.startsWith("/api/auth/session/refresh") && request.method === "GET") {
+            return refreshSession(config, request);
         }
 
-        return withSession(request, async (err, session) => {
-            if (err) {
-                return NextResponse.json(err, { status: 500 });
+        if (request.nextUrl.pathname.startsWith("/api") && usesNextjsForTheAuthenticationServer) {
+            if (request.headers.has("x-user-id")) {
+                console.warn(
+                    "The FE tried to pass x-user-id, which is only supposed to be a backend internal header. Ignoring."
+                );
+                request.headers.delete("x-user-id");
             }
 
-            if (session === undefined) {
+            if (request.nextUrl.pathname.startsWith("/api/auth")) {
+                // this hits our pages/api/auth/* endpoints
                 return NextResponse.next();
             }
-            return NextResponse.next({
-                headers: {
-                    "x-user-id": session.getUserId(),
+
+            return withSession(
+                request,
+                async (err, session) => {
+                    if (err) {
+                        return NextResponse.json(err, { status: 500 });
+                    }
+
+                    if (session === undefined) {
+                        return NextResponse.next();
+                    }
+                    return NextResponse.next({
+                        headers: {
+                            "x-user-id": session.getUserId(),
+                        },
+                    });
                 },
-            });
-        });
-    }
-    // Save the current path so that we can use it during SSR
-    // Used to redirect the user to the correct path after login/refresh
-    // https://github.com/vercel/next.js/issues/43704#issuecomment-2090798307
-    // TL;DR: You can not access pathname in SSR and requests that originate from redirect()
-    // do not have an origin header
-    const response = new Response(null, {
-        status: 200,
-    });
-    response.headers.append(
-        "set-cookie",
-        `sCurrentPath=${request.nextUrl.pathname}; Path=/; HttpOnly; SameSite=Strict`
-    );
-    return response;
+                options
+            );
+        }
+
+        if (
+            request.nextUrl.pathname.startsWith("/auth") &&
+            request.nextUrl.searchParams.get(FORCE_LOGOUT_PATH_PARAM_NAME) === "true"
+        ) {
+            return revokeSession(config);
+        }
+
+        // Save the current path so that we can use it during SSR
+        // Used to redirect the user to the correct path after login/refresh
+        // https://github.com/vercel/next.js/issues/43704#issuecomment-2090798307
+        // TL;DR: You can not access pathname in SSR and requests that originate from redirect()
+        // do not have an origin header
+        // const response = NextResponse.next();
+        // response.cookies.set("sCurrentPath", request.nextUrl.pathname);
+        const response = new Response(null, {});
+        response.headers.set("x-middleware-next", "1");
+        response.headers.append(
+            "set-cookie",
+            `${CURRENT_PATH_COOKIE_NAME}=${request.nextUrl.pathname}; Path=/; HttpOnly; SameSite=Strict`
+        );
+        return response;
+    };
 }
 
 export const config = {
 
@@ -13,60 +13,11 @@ const ANTI_CSRF_TOKEN_HEADER_NAME = "anti-csrf";
 
 const REDIRECT_ATTEMPT_MAX_COUNT = 5;
 const REDIRECT_PATH_PARAM_NAME = "stRedirectTo";
+const FORCE_LOGOUT_PATH_PARAM_NAME = "forceLogout";
 const REDIRECT_ATTEMPT_COUNT_COOKIE_NAME = "sSsrSessionRefreshAttempt";
 
 let AppInfo: SuperTokensNextjsConfig["appInfo"];
 
-// export async function superTokensMiddeware(config: SuperTokensNextjsConfig): () => Promise<Response | void> {
-//     AppInfo = config.appInfo;
-//     if (config.enableDebugLogs) {
-//         enableLogging();
-//     }
-//
-//     return (request: Request) => {
-//         const url = new URL(request.url);
-//         if (url.pathname.startsWith("/api")) {
-//             if (request.headers.has("x-user-id")) {
-//                 console.warn(
-//                     "The FE tried to pass x-user-id, which is only supposed to be a backend internal header. Ignoring."
-//                 );
-//                 request.headers.delete("x-user-id");
-//             }
-//
-//             if (url.pathname.startsWith("/api/auth/session/refresh") && request.method === "GET") {
-//                 return refreshSession(ssrConfig(), request);
-//             }
-//
-//             if (url.pathname.startsWith("/api/auth")) {
-//                 // this hits our pages/api/auth/* endpoints
-//                 return;
-//             }
-//
-//             return withSession(request, async (err, session) => {
-//                 if (err) {
-//                     return NextResponse.json(err, { status: 500 });
-//                 }
-//
-//                 if (session === undefined) {
-//                     return NextResponse.next();
-//                 }
-//                 return NextResponse.next({
-//                     headers: {
-//                         "x-user-id": session.getUserId(),
-//                     },
-//                 });
-//             });
-//         }
-//         // Save the current path so that we can use it during SSR
-//         // Used to redirect the user to the correct path after login/refresh
-//         // https://github.com/vercel/next.js/issues/43704#issuecomment-2090798307
-//         // TL;DR: You can not access pathname in SSR and requests that originate from redirect()
-//         // do not have an origin header
-//         const response = NextResponse.next();
-//         response.cookies.set("sCurrentPath", request.nextUrl.pathname);
-//     };
-// }
-
 export async function refreshSession(config: SuperTokensNextjsConfig, request: Request): Promise<Response> {
     AppInfo = config.appInfo;
     if (config.enableDebugLogs) {
@@ -134,9 +85,45 @@ export async function refreshSession(config: SuperTokensNextjsConfig, request: R
     }
 }
 
+export async function revokeSession(config: SuperTokensNextjsConfig): Promise<Response | void> {
+    AppInfo = config.appInfo;
+    if (config.enableDebugLogs) {
+        enableLogging();
+    }
+    const signOutURL = new URL(`${AppInfo.apiBasePath}/signout`, AppInfo.apiDomain);
+    try {
+        const signOutResponse = await fetch(signOutURL, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+            },
+            credentials: "include",
+        });
+
+        if (signOutResponse.status !== 200) {
+            return;
+        }
+
+        const response = new Response(null, {});
+        response.headers.set("x-middleware-next", "1");
+        // TODO: Delete only the cookies that are auth related
+        response.headers.delete("set-cookie");
+        response.headers.delete(ACCESS_TOKEN_HEADER_NAME);
+        response.headers.delete(REFRESH_TOKEN_HEADER_NAME);
+        response.headers.delete(FRONT_TOKEN_HEADER_NAME);
+        response.headers.delete(ANTI_CSRF_TOKEN_HEADER_NAME);
+        return response;
+    } catch (err) {
+        logDebugMessage("Error revoking session");
+        logDebugMessage(err as unknown as string);
+        return;
+    }
+}
+
 function redirectToAuthPage(request: Request): Response {
     const authPagePath = AppInfo.websiteBasePath || "/auth";
     const redirectUrl = new URL(authPagePath, request.url);
+    redirectUrl.searchParams.set(FORCE_LOGOUT_PATH_PARAM_NAME, "true");
     logDebugMessage(`Redirecting to: ${redirectUrl}`);
     return new Response(null, {
         status: 307,
 
@@ -13,6 +13,7 @@ const FRONT_TOKEN_NAME = "sFrontToken";
 const FRONT_TOKEN_HEADER_NAME = "front-token";
 
 const CURRENT_PATH_COOKIE_NAME = "sCurrentPath";
+const FORCE_LOGOUT_PATH_PARAM_NAME = "forceLogout";
 const REDIRECT_PATH_PARAM_NAME = "stRedirectTo";
 
 type SSRSessionState =
@@ -114,7 +115,8 @@ export const getSSRSession = SuperTokensNextjsSSRAPIWrapper.getSSRSession;
 export const getServerSidePropsSession = SuperTokensNextjsSSRAPIWrapper.getServerSidePropsSession;
 
 function getAuthPagePath(): string {
-    return SuperTokensNextjsSSRAPIWrapper.getConfigOrThrow().appInfo.websiteBasePath || "/auth";
+    const authPagePath = SuperTokensNextjsSSRAPIWrapper.getConfigOrThrow().appInfo.websiteBasePath || "/auth";
+    return `${authPagePath}?${FORCE_LOGOUT_PATH_PARAM_NAME}=true`;
 }
 
 function getRefreshLocation(): string {