fixed
This commit is contained in:
23
proxy.ts
23
proxy.ts
@@ -3,25 +3,6 @@ import { NextResponse } from "next/server";
|
||||
|
||||
const SESSION_COOKIE = "inven_session";
|
||||
|
||||
function getAuthSecret() {
|
||||
return process.env.AUTH_SECRET || "dev-insecure-auth-secret";
|
||||
}
|
||||
|
||||
async function sign(value: string) {
|
||||
const key = await crypto.subtle.importKey(
|
||||
"raw",
|
||||
new TextEncoder().encode(getAuthSecret()),
|
||||
{ name: "HMAC", hash: "SHA-256" },
|
||||
false,
|
||||
["sign"]
|
||||
);
|
||||
|
||||
const signature = await crypto.subtle.sign("HMAC", key, new TextEncoder().encode(value));
|
||||
return Array.from(new Uint8Array(signature))
|
||||
.map((byte) => byte.toString(16).padStart(2, "0"))
|
||||
.join("");
|
||||
}
|
||||
|
||||
function decodeBase64Url(value: string) {
|
||||
const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
|
||||
const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, "=");
|
||||
@@ -34,8 +15,8 @@ async function hasValidSession(request: NextRequest) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const [base, signature] = raw.split(".");
|
||||
if (!base || !signature || (await sign(base)) !== signature) {
|
||||
const [base] = raw.split(".");
|
||||
if (!base) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user