diff --git a/src/app/api/machines/sessions/route.ts b/src/app/api/machines/sessions/route.ts index 31f611c..3bb793e 100644 --- a/src/app/api/machines/sessions/route.ts +++ b/src/app/api/machines/sessions/route.ts @@ -59,9 +59,41 @@ export async function POST(request: Request) { if (single) setCookies.push(single) } - for (const cookie of setCookies) { - // Usa append para não sobrescrever múltiplos cookies (authsession e assinatura, por exemplo) - response.headers.append("set-cookie", cookie) + // Converte os Set-Cookie recebidos em cookies do Next (maior compatibilidade) + const toPairs = (raw: string) => { + const [nameValue, ...attrs] = raw.split(/;\s*/) + const [name, ...v] = nameValue.split("=") + const value = v.join("=") + const record: Record = { name, value } + for (const attr of attrs) { + const [k, ...vv] = attr.split("=") + const key = k.toLowerCase() + const val = vv.join("=") + if (!val && (key === "httponly" || key === "secure")) { + record[key] = true + } else if (val) { + record[key] = val + } + } + return record + } + for (const raw of setCookies) { + const rec = toPairs(raw) + const name = String(rec.name) + const value = String(rec.value) + const options: Parameters[1] = { + httpOnly: Boolean(rec["httponly"]) || /httponly/i.test(raw), + secure: /;\s*secure/i.test(raw), + path: typeof rec["path"] === "string" ? (rec["path"] as string) : "/", + } + if (typeof rec["samesite"] === "string") { + const s = String(rec["samesite"]).toLowerCase() as "lax" | "strict" | "none" + options.sameSite = s + } + if (typeof rec["domain"] === "string") options.domain = rec["domain"] as string + if (typeof rec["expires"] === "string") options.expires = new Date(rec["expires"] as string) + if (typeof rec["max-age"] === "string") options.maxAge = Number(rec["max-age"]) + response.cookies.set(name, value, options) } const machineCookiePayload = { diff --git a/src/app/machines/handshake/route.ts b/src/app/machines/handshake/route.ts index 67430fb..4f103f2 100644 --- a/src/app/machines/handshake/route.ts +++ b/src/app/machines/handshake/route.ts @@ -65,8 +65,41 @@ export async function GET(request: NextRequest) { if (single) setCookies = [single] } - for (const cookie of setCookies) { - response.headers.append("set-cookie", cookie) + // Converte os Set-Cookie recebidos em cookies do Next (maior compatibilidade) + const toPairs = (raw: string) => { + const [nameValue, ...attrs] = raw.split(/;\s*/) + const [name, ...v] = nameValue.split("=") + const value = v.join("=") + const record: Record = { name, value } + for (const attr of attrs) { + const [k, ...vv] = attr.split("=") + const key = k.toLowerCase() + const val = vv.join("=") + if (!val && (key === "httponly" || key === "secure")) { + record[key] = true + } else if (val) { + record[key] = val + } + } + return record + } + for (const raw of setCookies) { + const rec = toPairs(raw) + const name = String(rec.name) + const value = String(rec.value) + const options: Parameters[1] = { + httpOnly: Boolean(rec["httponly"]) || /httponly/i.test(raw), + secure: /;\s*secure/i.test(raw), + path: typeof rec["path"] === "string" ? (rec["path"] as string) : "/", + } + if (typeof rec["samesite"] === "string") { + const s = String(rec["samesite"]).toLowerCase() as "lax" | "strict" | "none" + options.sameSite = s + } + if (typeof rec["domain"] === "string") options.domain = rec["domain"] as string + if (typeof rec["expires"] === "string") options.expires = new Date(rec["expires"] as string) + if (typeof rec["max-age"] === "string") options.maxAge = Number(rec["max-age"]) + response.cookies.set(name, value, options) } const machineCookiePayload = {