apunkt/dograh
1
0
Fork 0
mirror of https://github.com/dograh-hq/dograh.git synced 2026-06-28 08:49:42 +02:00
Code Issues Projects Releases Packages Wiki Activity
dograh/ui/src/app/impersonate/route.ts
Abhishek a7f2238044
feat: Update Dograh's UI Design (#67) 
* feat: create app sidebar and update layout

* fix: fix loading errors

* fix: fix stack auth hydration issue

* fix: fix design for create-workflow

* fix: fix service configuration page design

* Add header for workflow detail

* feat: fix workflow editor design

* Fix css classes

* Fix callback status parsing for Vobiz

* Fix filter and remove gender service
2025-11-29 15:39:57 +05:30

44 lines
1.6 KiB
TypeScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

import { NextRequest, NextResponse } from "next/server";
/**
* Helper route that receives a refresh token via query parameters, stores it as
* the regular Stack cookie *for the current sub-domain only* and finally
* redirects the user to the requested path.
*
* Example usage (client side):
* /impersonate?refresh_token=<TOKEN>&redirect_path=/workflow/123
*/
export async function GET(request: NextRequest) {
const { searchParams } = new URL(request.url);
const refreshToken = searchParams.get("refresh_token");
const redirectPath = searchParams.get("redirect_path") ?? "/workflow/create";
if (!refreshToken) {
return new Response("Missing refresh_token", { status: 400 });
}
// Prepare redirect if the supplied redirect path is an absolute URL we use
// it as-is, otherwise we resolve it relative to the current request.
const redirectUrl = redirectPath.startsWith("http")
? redirectPath
: new URL(redirectPath, request.url).toString();
const response = NextResponse.redirect(redirectUrl);
// One day in seconds
const maxAge = 60 * 60 * 24;
// Store the refresh token cookie without an explicit domain so that it is
// scoped to the current (sub-)domain. This avoids collisions between the
// admin (superadmin.*) and the regular app (app.*) domains.
response.cookies.set(`stack-refresh-${process.env.NEXT_PUBLIC_STACK_PROJECT_ID}` as string, refreshToken, {
path: "/",
maxAge,
secure: true,
httpOnly: false, // Must be accessible from the browser for Stack SDK
sameSite: "lax",
});
return response;
}
Reference in a new issue View git blame Copy permalink