Update auth-handler.ts

Author: jnsdls

packages/thirdweb/.size-limit.json

@@ -2,13 +2,13 @@
   {
     "name": "thirdweb (esm)",
     "path": "./dist/esm/exports/thirdweb.js",
-    "limit": "60 kB",
+    "limit": "90 kB",
     "import": "*"
   },
   {
     "name": "thirdweb (cjs)",
     "path": "./dist/cjs/exports/thirdweb.js",
-    "limit": "350 kB"
+    "limit": "375 kB"
   },
   {
     "name": "thirdweb (minimal + tree-shaking)",

packages/thirdweb/src/login/client/login.ts

@@ -1,6 +1,7 @@
 import type { Chain } from "../../chains/types.js";
 import type { ThirdwebClient } from "../../client/client.js";
 import type { PreparedTransaction } from "../../transaction/prepare-transaction.js";
+import { getAddress } from "../../utils/address.js";
 import type { AsyncStorage } from "../../utils/storage/AsyncStorage.js";
 import { inAppWallet } from "../../wallets/in-app/web/in-app.js";
 import type { Account, Wallet } from "../../wallets/interfaces/wallet.js";
@@ -121,8 +122,6 @@ export async function login(loginOptions: LoginOptions) {
       };
     }
 
-    // google login
-
     // wallet login
     case "wallet": {
       const account = await IAW.connect({
@@ -146,10 +145,10 @@ export async function login(loginOptions: LoginOptions) {
 
         return mapAccount(account, IAW, loginOptions.baseURL);
       }
+
+      throw new Error(`Invalid login type: ${loginOptions.type}`);
     }
   }
-
-  throw new Error("Invalid login type");
 }
 
 function mapAccount(
@@ -205,11 +204,14 @@ function mapAccount(
           : undefined,
       });
       // if the JWT is valid, we can simply return it
-      if (data?.address === account.address) {
+      if (
+        data?.address &&
+        getAddress(data.address) === getAddress(account.address)
+      ) {
         // set the JWT in the local state
         jwt_cache = {
           jwt: data.jwt,
-          expiresAt: data.expiresAt,
+          expiresAt: new Date(data.expiresAt),
         };
         // return the JWT
         return data.jwt;
@@ -265,7 +267,7 @@ function mapAccount(
       // set the jwt cache
       jwt_cache = {
         jwt: loginResponse.data.jwt,
-        expiresAt: loginResponse.data.expiresAt,
+        expiresAt: new Date(loginResponse.data.expiresAt),
       };
       return loginResponse.data.jwt;
     },

packages/thirdweb/src/login/server/auth-handler.ts

@@ -70,7 +70,7 @@ export function createAuthHandler({
   basePath = "/api/auth",
   ...options
 }: CreateAuthHandlerOptions) {
-  // re-map the server wallet to to the admin account option
+  // re-map the server wallet to the admin account option
   const twAuth = createAuth({ ...options, adminAccount: serverWallet });
 
   // payload generation endpoint
@@ -80,14 +80,13 @@ export function createAuthHandler({
       method: "GET",
       query: z.object({
         address: z.string().refine(isAddress, "Invalid address"),
-        chainId: z.number().optional(),
+        chainId: z.coerce.number().optional(),
       }),
     },
     (ctx) => {
-      const { address, chainId } = ctx.query;
       return twAuth.generatePayload({
-        address,
-        chainId: chainId ? Number(chainId) : undefined,
+        address: ctx.query.address,
+        chainId: ctx.query.chainId,
       });
     },
   );
@@ -127,23 +126,38 @@ export function createAuthHandler({
       // construct the JWT
       const jwt = await twAuth.generateJWT({ payload: result.payload });
 
-      const expiresAt = new Date(decodeJWT(jwt).payload.exp * 1000);
+      const decodedJWT = decodeJWT(jwt);
+      const expTime =
+        typeof decodedJWT.payload.exp === "string"
+          ? Number.parseInt(decodedJWT.payload.exp, 10)
+          : decodedJWT.payload.exp;
+
+      if (!expTime || Number.isNaN(expTime)) {
+        throw ctx.error(500, {
+          message: "Invalid JWT expiration time",
+        });
+      }
+
+      const expiresAt = new Date(expTime * 1000);
+      const thirtyDaysInSeconds = 60 * 60 * 24 * 30;
+      const maxAgeInSeconds = Math.min(
+        thirtyDaysInSeconds,
+        Math.floor((expiresAt.getTime() - Date.now()) / 1000),
+      );
 
       // try to set the JWT on the client's cookies
       ctx.setCookie("tw:jwt", jwt, {
         httpOnly: true,
         secure: true,
         sameSite: "lax",
-        maxAge: 60 * 60 * 24 * 30, // 30 days by default
-        // set the expiration date to the expiration time of the JWT, no point in setting it for longer
+        maxAge: maxAgeInSeconds,
         expires: expiresAt,
       });
 
       // return the constructed JWT
       return {
         jwt,
-        // have to decode it again to get the expiration time (lul)
-        expiresAt,
+        expiresAt: expiresAt.toISOString(),
       };
     },
   );
@@ -158,7 +172,7 @@ export function createAuthHandler({
       let [type, token] = ctx.headers.get("authorization")?.split(" ") ?? [];
 
       // if the token is set but the type is not Bearer, return a 401 error
-      if (token && type !== "Bearer") {
+      if (token && (!type || type !== "Bearer")) {
         throw ctx.error(401, {
           message: "Invalid authorization header",
         });
@@ -185,7 +199,7 @@ export function createAuthHandler({
       return {
         address: result.parsedJWT.aud,
         jwt: token,
-        expiresAt: new Date(result.parsedJWT.exp * 1000),
+        expiresAt: new Date(result.parsedJWT.exp * 1000).toISOString(),
       };
     },
   );