Wrap Posts route with a private set

2024-10-04 09:51:20 +02:00
parent 1a12ed6c9c
commit 5251a637de
2 changed files with 17 additions and 13 deletions
--- a/api/src/functions/auth.ts
+++ b/api/src/functions/auth.ts
@ -6,6 +6,20 @@ import type { DbAuthHandlerOptions, UserType } from '@redwoodjs/auth-dbauth-api'
 import { cookieName } from 'src/lib/auth'
 import { db } from 'src/lib/db'

+export const cookie = {
+  attributes: {
+    HttpOnly: true,
+    Path: '/',
+    SameSite: 'Strict',
+    Secure: process.env.NODE_ENV !== 'development',
+
+    // If you need to allow other domains (besides the api side) access to
+    // the dbAuth session cookie:
+    // Domain: 'example.com',
+  },
+  name: cookieName,
+}
+
 export const handler = async (
  event: APIGatewayProxyEvent,
  context: Context
@ -183,19 +197,7 @@ export const handler = async (

    // Specifies attributes on the cookie that dbAuth sets in order to remember
    // who is logged in. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies
-    cookie: {
-      attributes: {
-        HttpOnly: true,
-        Path: '/',
-        SameSite: 'Strict',
-        Secure: process.env.NODE_ENV !== 'development',
-
-        // If you need to allow other domains (besides the api side) access to
-        // the dbAuth session cookie:
-        // Domain: 'example.com',
-      },
-      name: cookieName,
-    },
+    cookie,

    forgotPassword: forgotPasswordOptions,
    login: loginOptions,