From 6bae1f1a8970a2e2342dcb6471ed1d29308242d8 Mon Sep 17 00:00:00 2001 From: ekzyis Date: Wed, 20 Nov 2024 14:05:42 +0100 Subject: [PATCH 1/2] Fix account switching anon login (#1618) * Always switch to user we just logged in as If we're logged in and switch to anon and then use login to get into our previous account instead of using 'switch accounts', we only updated the JWT but we didn't switch to the user. * Fix getToken unaware of multi-auth middleware If we use login with new credentials while switched to anon (multi_auth.user-id === 'anonymous'), we updated the pubkey because getToken wasn't aware of the switch and thus believed we're logged in as a user. This is fixed by applying the middleware before calling getToken. --- pages/api/auth/[...nextauth].js | 8 +++++--- pages/api/graphql.js | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/pages/api/auth/[...nextauth].js b/pages/api/auth/[...nextauth].js index 56b9cfdd7..2d1160ab4 100644 --- a/pages/api/auth/[...nextauth].js +++ b/pages/api/auth/[...nextauth].js @@ -14,6 +14,7 @@ import { schnorr } from '@noble/curves/secp256k1' import { notifyReferral } from '@/lib/webPush' import { hashEmail } from '@/lib/crypto' import * as cookie from 'cookie' +import { multiAuthMiddleware } from '@/pages/api/graphql' /** * Stores userIds in user table @@ -132,6 +133,9 @@ function setMultiAuthCookies (req, res, { id, jwt, name, photoId }) { // add JWT to **httpOnly** cookie res.appendHeader('Set-Cookie', cookie.serialize(`multi_auth.${id}`, jwt, cookieOptions)) + // switch to user we just added + res.appendHeader('Set-Cookie', cookie.serialize('multi_auth.user-id', id, { ...cookieOptions, httpOnly: false })) + let newMultiAuth = [{ id, name, photoId }] if (req.cookies.multi_auth) { const oldMultiAuth = b64Decode(req.cookies.multi_auth) @@ -140,9 +144,6 @@ function setMultiAuthCookies (req, res, { id, jwt, name, photoId }) { newMultiAuth = [...oldMultiAuth, ...newMultiAuth] } res.appendHeader('Set-Cookie', cookie.serialize('multi_auth', b64Encode(newMultiAuth), { ...cookieOptions, httpOnly: false })) - - // switch to user we just added - res.appendHeader('Set-Cookie', cookie.serialize('multi_auth.user-id', id, { ...cookieOptions, httpOnly: false })) } async function pubkeyAuth (credentials, req, res, pubkeyColumnName) { @@ -165,6 +166,7 @@ async function pubkeyAuth (credentials, req, res, pubkeyColumnName) { let user = await prisma.user.findUnique({ where: { [pubkeyColumnName]: pubkey } }) // get token if it exists + req = multiAuthMiddleware(req) const token = await getToken({ req }) if (!user) { // we have not seen this pubkey before diff --git a/pages/api/graphql.js b/pages/api/graphql.js index 7d41ee571..9d6626e93 100644 --- a/pages/api/graphql.js +++ b/pages/api/graphql.js @@ -82,7 +82,7 @@ export default startServerAndCreateNextHandler(apolloServer, { } }) -function multiAuthMiddleware (request) { +export function multiAuthMiddleware (request) { // switch next-auth session cookie with multi_auth cookie if cookie pointer present // is there a cookie pointer? From c88afc5aaedef8043b8f1c24f0c44cd5ddb532dd Mon Sep 17 00:00:00 2001 From: Simone Cervino <6390896+Soxasora@users.noreply.github.com> Date: Wed, 20 Nov 2024 14:06:05 +0100 Subject: [PATCH 2/2] fix can't upload mp4 on safari (#1617) --- components/file-upload.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/components/file-upload.js b/components/file-upload.js index 8184d961d..d674ba436 100644 --- a/components/file-upload.js +++ b/components/file-upload.js @@ -78,6 +78,11 @@ export const FileUpload = forwardRef(({ children, className, onSelect, onUpload, element.onerror = reject element.src = window.URL.createObjectURL(file) + + // iOS Force the video to load metadata + if (element.tagName === 'VIDEO') { + element.load() + } }) }, [toaster, getSignedPOST])