From 4cb1e1119e763dcad7dad3b2a8e31ce041d315ee Mon Sep 17 00:00:00 2001
From: alma <alma@governance-labs.org>
Date: Fri, 18 Apr 2025 14:07:40 +0200
Subject: [PATCH] session correction logout 3 rest 2

---
 app/api/auth/[...nextauth]/route.ts | 38 ++++++-----------------------
 components/auth/signout-handler.tsx |  6 ++---
 lib/session.ts                      |  7 ++++--
 3 files changed, 15 insertions(+), 36 deletions(-)

diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index df46d5cf..62ec21cb 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -1,29 +1,12 @@
 import NextAuth, { NextAuthOptions } from "next-auth";
 import KeycloakProvider from "next-auth/providers/keycloak";
 import { prisma } from '@/lib/prisma';
-import { ExtendedJWT, ExtendedSession, ServiceToken, invalidateServiceTokens, clearAllCookies } from '@/lib/session';
+import { ExtendedJWT, ExtendedSession, ServiceToken, invalidateServiceTokens } from '@/lib/session';
 import { Session } from "next-auth";
 
 declare module "next-auth" {
   interface Session extends ExtendedSession {}
-  interface JWT {
-    accessToken?: string;
-    refreshToken?: string;
-    accessTokenExpires?: number;
-    role?: string[];
-    username?: string;
-    first_name?: string;
-    last_name?: string;
-    name?: string | null;
-    email?: string | null;
-    serviceTokens: {
-      rocketChat?: ServiceToken;
-      leantime?: ServiceToken;
-      calendar?: ServiceToken;
-      mail?: ServiceToken;
-      [key: string]: ServiceToken | undefined;
-    };
-  }
+  interface JWT extends ExtendedJWT {}
 }
 
 function getRequiredEnvVar(name: string): string {
@@ -55,7 +38,7 @@ export const authOptions: NextAuthOptions = {
   ],
   session: {
     strategy: "jwt",
-    maxAge: 8 * 60 * 60, // 8 hours
+    maxAge: 24 * 60 * 60, // 1 day
   },
   cookies: {
     sessionToken: {
@@ -67,7 +50,7 @@ export const authOptions: NextAuthOptions = {
         sameSite: 'lax',
         path: '/',
         secure: process.env.NODE_ENV === 'production',
-        maxAge: 8 * 60 * 60 // 8 hours
+        maxAge: 24 * 60 * 60 // 1 day
       }
     },
     callbackUrl: {
@@ -79,7 +62,7 @@ export const authOptions: NextAuthOptions = {
         sameSite: 'lax',
         path: '/',
         secure: process.env.NODE_ENV === 'production',
-        maxAge: 8 * 60 * 60 // 8 hours
+        maxAge: 24 * 60 * 60 // 1 day
       }
     },
     csrfToken: {
@@ -91,7 +74,7 @@ export const authOptions: NextAuthOptions = {
         sameSite: 'lax',
         path: '/',
         secure: process.env.NODE_ENV === 'production',
-        maxAge: 8 * 60 * 60 // 8 hours
+        maxAge: 24 * 60 * 60 // 1 day
       }
     }
   },
@@ -103,7 +86,6 @@ export const authOptions: NextAuthOptions = {
       }
 
       try {
-        // Create or update user in local database
         await prisma.user.upsert({
           where: { id: user.id },
           update: {
@@ -177,20 +159,14 @@ export const authOptions: NextAuthOptions = {
           accessToken: extendedToken.accessToken ?? '',
           refreshToken: extendedToken.refreshToken,
           serviceTokens: extendedToken.serviceTokens ?? {},
-          expires: new Date(Date.now()).toISOString(), // Expire immediately
+          expires: new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString(),
         } as ExtendedSession);
-
-        // Force clear all cookies on signout
-        if (typeof window !== 'undefined') {
-          clearAllCookies();
-        }
       }
     }
   },
   pages: {
     signIn: '/signin',
     error: '/signin',
-    signOut: '/signin', // Redirect to signin after signout
   },
   debug: process.env.NODE_ENV === 'development',
 };
diff --git a/components/auth/signout-handler.tsx b/components/auth/signout-handler.tsx
index da840e64..bd28645c 100644
--- a/components/auth/signout-handler.tsx
+++ b/components/auth/signout-handler.tsx
@@ -2,13 +2,13 @@
 
 import { useEffect } from "react";
 import { signOut } from "next-auth/react";
-import { clearAllCookies } from "@/lib/session";
+import { clearAuthCookies } from "@/lib/session";
 
 export function SignOutHandler() {
   useEffect(() => {
     const handleSignOut = async () => {
-      // Clear all cookies first
-      clearAllCookies();
+      // Clear only auth-related cookies
+      clearAuthCookies();
       
       // Then sign out from NextAuth
       await signOut({ 
diff --git a/lib/session.ts b/lib/session.ts
index 5737b2c5..8456e090 100644
--- a/lib/session.ts
+++ b/lib/session.ts
@@ -90,10 +90,13 @@ export async function invalidateServiceTokens(session: ExtendedSession) {
   await Promise.all(invalidatePromises);
 }
 
-export function clearAllCookies() {
+export function clearAuthCookies() {
   const cookies = document.cookie.split(';');
   for (const cookie of cookies) {
     const [name] = cookie.split('=');
-    document.cookie = `${name.trim()}=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;`;
+    // Only clear auth-related cookies
+    if (name.trim().startsWith('next-auth.') || name.trim().startsWith('__Secure-next-auth.') || name.trim().startsWith('__Host-next-auth.')) {
+      document.cookie = `${name.trim()}=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;`;
+    }
   }
 } 
\ No newline at end of file