Skip to content

Commit 912da9a

Browse files
CrawlerCodeCrawlerCode
committed
fix: Destroy authjs session using payload logout hook instead of overriding logout endpoints
Until now, I have overwritten the logout endpoint to delete the authjs session cookies. However, this could also be achieved by adding an afterLogout hook and setting the cookies with Next.js. This simplifies the process and is likely to be the correct approach. This also corrects the logout server action that was introduced with payloadcms/payload#11900.
1 parent c064b33 commit 912da9a

File tree

3 files changed

+53
-112
lines changed

3 files changed

+53
-112
lines changed

packages/payload-authjs/src/payload/collection/endpoints/logout.ts

Lines changed: 0 additions & 109 deletions
This file was deleted.

packages/payload-authjs/src/payload/collection/hooks/logout.ts

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
import NextAuth from "next-auth";
2+
import { revalidateTag } from "next/cache";
3+
import { cookies } from "next/headers";
4+
import type { CollectionAfterLogoutHook } from "payload";
5+
import { withPayload } from "../../../authjs/withPayload";
6+
import { AUTHJS_STRATEGY_NAME } from "../../AuthjsAuthStrategy";
7+
import type { AuthjsPluginConfig } from "../../plugin";
8+
9+
/**
10+
* Add logout hook to destroy the authjs session
11+
*
12+
* @see https://payloadcms.com/docs/hooks/collections#afterlogout
13+
* @see https://github.com/payloadcms/payload/blob/main/packages/payload/src/auth/operations/logout.ts
14+
*/
15+
export const logoutHook: (
16+
pluginOptions: AuthjsPluginConfig,
17+
) => CollectionAfterLogoutHook = pluginOptions => {
18+
// Return the logout hook
19+
return async ({ req }) => {
20+
// Check if user is authenticated using the authjs strategy
21+
if (req.user?._strategy !== AUTHJS_STRATEGY_NAME) {
22+
return;
23+
}
24+
25+
// Create authjs instance
26+
const { signOut } = NextAuth(
27+
withPayload(pluginOptions.authjsConfig, {
28+
payload: req.payload,
29+
userCollectionSlug: pluginOptions.userCollectionSlug,
30+
}),
31+
);
32+
33+
// Sign out and generate expired cookies using authjs
34+
const { cookies: authJsCookies } = (await signOut({ redirect: false })) as {
35+
cookies: {
36+
name: string;
37+
value: string;
38+
options: object;
39+
}[];
40+
};
41+
42+
// Destroy the authjs session cookies
43+
const requestCookies = await cookies();
44+
for (const cookie of authJsCookies) {
45+
requestCookies.set(cookie.name, cookie.value, cookie.options);
46+
}
47+
48+
// Revalidate the cache for the payload session
49+
revalidateTag("payload-session");
50+
};
51+
};

packages/payload-authjs/src/payload/collection/index.ts

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,12 @@ import { AuthjsAuthStrategy } from "../AuthjsAuthStrategy";
44
import type { AuthjsPluginConfig } from "../plugin";
55
import { mergeFields } from "../utils/mergeFields";
66
import { defaultAccess } from "./access";
7-
import { logoutEndpoint } from "./endpoints/logout";
87
import { refreshEndpoint } from "./endpoints/refresh";
98
import { accountsField } from "./fields/accounts";
109
import { generalFields } from "./fields/general";
1110
import { sessionsField } from "./fields/session";
1211
import { verificationTokensField } from "./fields/verificationTokens";
12+
import { logoutHook } from "./hooks/logout";
1313
import { meHook } from "./hooks/me";
1414
import { refreshHook } from "./hooks/refresh";
1515

@@ -103,13 +103,12 @@ export const generateUsersCollection = (
103103
...collection.hooks,
104104
me: [...(collection.hooks?.me || []), meHook(collection, pluginOptions)],
105105
refresh: [...(collection.hooks?.refresh || []), refreshHook(collection, pluginOptions)],
106+
afterLogout: [...(collection.hooks?.afterLogout || []), logoutHook(pluginOptions)],
106107
};
107108

108109
// Add custom endpoints to users collection
109110
collection.endpoints = [
110111
...(collection.endpoints || []),
111-
// Add the logout endpoint
112-
logoutEndpoint(pluginOptions),
113112
// Add the refresh endpoint
114113
refreshEndpoint(pluginOptions),
115114
];

0 commit comments

Comments
 (0)