fix: last auth provider cookie (wrong domain)

2026-02-27 23:41:38 +01:00
parent 1272466235
commit b801d6a8ef
3 changed files with 22 additions and 16 deletions
--- a/apps/api/src/controllers/oauth-callback.controller.tsx
+++ b/apps/api/src/controllers/oauth-callback.controller.tsx
@@ -5,6 +5,7 @@ import {
  github,
  google,
  type OAuth2Tokens,
+  setLastAuthProviderCookie,
  setSessionTokenCookie,
 } from '@openpanel/auth';
 import { type Account, connectUserToOrganization, db } from '@openpanel/db';
@@ -76,11 +77,10 @@ async function handleExistingUser({
    sessionToken,
    session.expiresAt
  );
-  reply.setCookie('last-auth-provider', providerName, {
-    maxAge: 60 * 60 * 24 * 365,
-    path: '/',
-    sameSite: 'lax',
-  });
+  setLastAuthProviderCookie(
+    (...args) => reply.setCookie(...args),
+    providerName
+  );
  return reply.redirect(
    process.env.DASHBOARD_URL || process.env.NEXT_PUBLIC_DASHBOARD_URL!
  );
@@ -145,11 +145,10 @@ async function handleNewUser({
    sessionToken,
    session.expiresAt
  );
-  reply.setCookie('last-auth-provider', providerName, {
-    maxAge: 60 * 60 * 24 * 365,
-    path: '/',
-    sameSite: 'lax',
-  });
+  setLastAuthProviderCookie(
+    (...args) => reply.setCookie(...args),
+    providerName
+  );
  return reply.redirect(
    process.env.DASHBOARD_URL || process.env.NEXT_PUBLIC_DASHBOARD_URL!
  );
--- a/packages/auth/src/cookie.ts
+++ b/packages/auth/src/cookie.ts
@@ -7,7 +7,17 @@ export function setSessionTokenCookie(
  expiresAt: Date
 ): void {
  setCookie('session', token, {
-    maxAge: Math.floor((expiresAt.getTime() - new Date().getTime()) / 1000),
+    maxAge: Math.floor((expiresAt.getTime() - Date.now()) / 1000),
+    ...COOKIE_OPTIONS,
+  });
+}
+
+export function setLastAuthProviderCookie(
+  setCookie: ISetCookie,
+  provider: string
+): void {
+  setCookie('last-auth-provider', provider, {
+    maxAge: 60 * 60 * 24 * 365,
    ...COOKIE_OPTIONS,
  });
 }
--- a/packages/trpc/src/routers/auth.ts
+++ b/packages/trpc/src/routers/auth.ts
@@ -8,6 +8,7 @@ import {
  google,
  hashPassword,
  invalidateSession,
+  setLastAuthProviderCookie,
  setSessionTokenCookie,
  validateSessionToken,
  verifyPasswordHash,
@@ -225,11 +226,7 @@ export const authRouter = createTRPCRouter({
      const token = generateSessionToken();
      const session = await createSession(token, user.id);
      setSessionTokenCookie(ctx.setCookie, token, session.expiresAt);
-      ctx.setCookie('last-auth-provider', 'email', {
-        maxAge: 60 * 60 * 24 * 365,
-        path: '/',
-        sameSite: 'lax',
-      });
+      setLastAuthProviderCookie(ctx.setCookie, 'email');
      return {
        type: 'email',
      };