Clean up middleware, add security-headers to non-Zammad pages

2024-09-04 12:09:28 +02:00 · 2024-09-04 12:09:28 +02:00 · 8c6e954fdf
commit 8c6e954fdf
parent 027aac3a92
9 changed files with 81 additions and 62 deletions
--- a/apps/link/app/_lib/authentication.ts
+++ b/apps/link/app/_lib/authentication.ts
@ -101,30 +101,19 @@ export const authOptions: NextAuthOptions = {
  callbacks: {
    signIn: async ({ user }) => {
      const roles = (await getUserRoles(user.email)) ?? [];
-      return (
-        roles.includes("admin") ||
-        roles.includes("agent") ||
-        process.env.SETUP_MODE === "true"
-      );
+      return roles.includes("admin") || roles.includes("agent");
    },
    session: async ({ session, token }) => {
      // @ts-ignore
      session.user.roles = token.roles ?? [];
-      // @ts-ignore
-      session.user.leafcutter = token.leafcutter; // remove
-      // @ts-ignore
-      session.user.zammadCsrfToken = token.zammadCsrfToken;

      return session;
    },
-    jwt: async ({ token, user, trigger, session }) => {
+    jwt: async ({ token, user }) => {
      if (user) {
        token.roles = (await getUserRoles(user.email)) ?? [];
      }

-      if (session && trigger === "update") {
-        token.zammadCsrfToken = session.zammadCsrfToken;
-      }
      return token;
    },
  },
--- a/apps/link/app/_lib/zammad.ts
+++ b/apps/link/app/_lib/zammad.ts
@ -1,5 +1,4 @@
 import { getServerSession } from "app/_lib/authentication";
-import { redirect } from "next/navigation";
 import { cookies } from "next/headers";

 const getHeaders = async () => {
@ -8,8 +7,6 @@ const getHeaders = async () => {
  const headers = {
    "Content-Type": "application/json",
    Accept: "application/json",
-    // @ts-ignore
-    "X-CSRF-Token": session.user.zammadCsrfToken,
    "X-Browser-Fingerprint": `${session.expires}`,
    Cookie: allCookies
      .map((cookie: any) => `${cookie.name}=${cookie.value}`)