From c650d0cc658303c86cc2539a7a7995d7bfd7d486 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Orb=C3=A1n?= Date: Thu, 7 Nov 2024 17:05:48 +0100 Subject: [PATCH] fix(core): filter unnecessary param before passing to session callback --- packages/core/src/adapters.ts | 1 + packages/core/src/index.ts | 24 +++++++++++++++--------- packages/core/src/lib/actions/session.ts | 5 +++-- packages/core/src/lib/init.ts | 5 ++++- 4 files changed, 23 insertions(+), 12 deletions(-) diff --git a/packages/core/src/adapters.ts b/packages/core/src/adapters.ts index 43c4800870..41a2819ecc 100644 --- a/packages/core/src/adapters.ts +++ b/packages/core/src/adapters.ts @@ -215,6 +215,7 @@ export interface AdapterSession { * A randomly generated value that is used to look up the session in the database * when using `"database"` `AuthConfig.strategy` option. * This value is saved in a secure, HTTP-Only cookie on the client. + * @internal */ sessionToken: string /** Connects the active session to a user in the database */ diff --git a/packages/core/src/index.ts b/packages/core/src/index.ts index 41380ef0ca..f14c5fbb0b 100644 --- a/packages/core/src/index.ts +++ b/packages/core/src/index.ts @@ -400,15 +400,21 @@ export interface AuthConfig { * ``` */ session?: ( - params: ({ - session: { user: AdapterUser } & AdapterSession - /** Available when {@link AuthConfig.session} is set to `strategy: "database"`. */ - user: AdapterUser - } & { - session: Session - /** Available when {@link AuthConfig.session} is set to `strategy: "jwt"` */ - token: JWT - }) & { + params: ( + | { + session: { user: AdapterUser } & Omit< + AdapterSession, + "sessionToken" + > + /** Available when {@link AuthConfig.session} is set to `strategy: "database"`. */ + user: AdapterUser + } + | { + session: Session + /** Available when {@link AuthConfig.session} is set to `strategy: "jwt"` */ + token: JWT + } + ) & { /** * Available when using {@link AuthConfig.session} `strategy: "database"` and an update is triggered for the session. * diff --git a/packages/core/src/lib/actions/session.ts b/packages/core/src/lib/actions/session.ts index 7ff6f7f357..b5af615bcf 100644 --- a/packages/core/src/lib/actions/session.ts +++ b/packages/core/src/lib/actions/session.ts @@ -100,7 +100,9 @@ export async function session( } if (userAndSession) { - const { user, session } = userAndSession + const { user, session: _session } = userAndSession + // We never really need to pass this to the user, so filtered off of the session object + const { sessionToken: _, ...session } = _session const sessionUpdateAge = options.session.updateAge // Calculate last updated date to throttle write updates to database @@ -125,7 +127,6 @@ export async function session( const sessionPayload = await callbacks.session({ // TODO: user already passed below, // remove from session object in https://github.com/nextauthjs/next-auth/pull/9702 - // @ts-expect-error session: { ...session, user }, user, newSession, diff --git a/packages/core/src/lib/init.ts b/packages/core/src/lib/init.ts index 9e8ca122f6..a8f59ad371 100644 --- a/packages/core/src/lib/init.ts +++ b/packages/core/src/lib/init.ts @@ -42,7 +42,10 @@ export const defaultCallbacks: InternalOptions["callbacks"] = { email: session.user?.email, image: session.user?.image, }, - expires: session.expires?.toISOString?.() ?? session.expires, + expires: + typeof session.expires === "string" + ? session.expires + : session.expires.toISOString(), } }, jwt({ token }) {