From b772f7d1df97934fd9355af98005c0afced023ec Mon Sep 17 00:00:00 2001
From: Jaleel Bennett <jaleelbennett58@gmail.com>
Date: Sat, 27 Jul 2024 01:42:35 -0400
Subject: [PATCH] feat(auth): setting domain to allow cookies to be shared
 across subdomains ??

---
 env.ts         |  2 ++
 middleware.ts  | 43 +++++++------------------------------------
 server/auth.ts |  3 +++
 3 files changed, 12 insertions(+), 36 deletions(-)

diff --git a/env.ts b/env.ts
index 5c3664d..604fd8e 100644
--- a/env.ts
+++ b/env.ts
@@ -21,10 +21,12 @@ export const env = createEnv({
   },
   client: {
     NEXT_PUBLIC_APP_URL: z.string().min(1),
+    NEXT_PUBLIC_DOMAIN: z.string().min(1),
   },
   runtimeEnv: {
     NODE_ENV: process.env.NODE_ENV,
     NEXT_PUBLIC_APP_URL: process.env.NEXT_PUBLIC_APP_URL,
+    NEXT_PUBLIC_DOMAIN: process.env.NEXT_PUBLIC_DOMAIN,
     DATABASE_URL: process.env.DATABASE_URL,
     DB_AUTH_TOKEN: process.env.DB_AUTH_TOKEN,
     GOOGLE_CLIENT_ID: process.env.GOOGLE_CLIENT_ID,
diff --git a/middleware.ts b/middleware.ts
index 5cbc1c8..302a730 100644
--- a/middleware.ts
+++ b/middleware.ts
@@ -1,44 +1,15 @@
 import { NextResponse } from "next/server";
 import type { NextRequest } from "next/server";
+import { validateRequest } from "./server/auth";
 
-export function middleware(request: NextRequest) {
-  const res = NextResponse.next();
-
-  const origin = request.headers.get("origin");
-  const allowedOrigins = ["https://www.readiumx.com", "https://readiumx.com"];
-
-  if (request.method === "OPTIONS") {
-    res.headers.append("Access-Control-Allow-Origin", origin!);
-    res.headers.append("Access-Control-Allow-Credentials", "true");
-    res.headers.append(
-      "Access-Control-Allow-Methods",
-      "GET,DELETE,PATCH,POST,PUT,OPTIONS",
-    );
-    res.headers.append(
-      "Access-Control-Allow-Headers",
-      "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version",
-    );
-
-    return res;
+export async function middleware(request: NextRequest) {
+  const { session } = await validateRequest();
+  if (!session) {
+    return NextResponse.redirect(new URL("/signin", request.url));
   }
-
-  if (origin && !allowedOrigins.includes(origin)) {
-    res.headers.append("Access-Control-Allow-Origin", origin);
-  }
-
-  res.headers.append("Access-Control-Allow-Credentials", "true");
-  res.headers.append(
-    "Access-Control-Allow-Methods",
-    "GET,DELETE,PATCH,POST,PUT,OPTIONS",
-  );
-  res.headers.append(
-    "Access-Control-Allow-Headers",
-    "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version",
-  );
-
-  return res;
+  return NextResponse.next();
 }
 
 export const config = {
-  matcher: "/api/:path*",
+  matcher: ["/history", "/bookmarks"],
 };
diff --git a/server/auth.ts b/server/auth.ts
index 87a2ead..ced62a5 100644
--- a/server/auth.ts
+++ b/server/auth.ts
@@ -18,6 +18,9 @@ export const lucia = new Lucia(adapter, {
       secure: process.env.NODE_ENV === "production",
       sameSite: "lax",
       path: "/", // Ensure the cookie is available for all paths
+      domain: process.env.NEXT_PUBLIC_DOMAIN
+        ? env.NEXT_PUBLIC_DOMAIN
+        : undefined,
     },
   },
   getUserAttributes: (attributes) => {