Open pranaydwivedi444 opened 1 week ago
Hi @pranaydwivedi444
I think the screenshot says all of the things:
It's not a bug.
https://medium-blog-worker-serverless.vercel.app/blog/all I have deployed it , here is my front end , here is my backend , https://backend.pranaydwivedi444.workers.dev/ I still can't understand the issue why the CORS error Post Man easily can run this
app.post("/signup", async (c) => {
//fetching body
const body = await c.req.json();
const prisma = c.get("prisma");
const { success } = signupInput.safeParse(body);
if (!success) {
return c.text("invalid inputs", 411);
}
//create user in db
const existingUser = await prisma.user.findUnique({
where: { email: body.email },
});
if (existingUser) {
return c.json({ error: "User already exists" }, 409); // Conflict status code
}
try {
const user = await prisma.user.create({
data: {
email: body.email,
name: body.name || " ",
password: body.password,
},
});
const secret = c.env.JWT_SECRET;
const JWT = await sign({ id: user.id }, secret);
const cookie_secret = c.env.COOKIE_SECRET;
await setSignedCookie(c, "bearer_token", JWT, cookie_secret, {
expires: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
sameSite: "None",
secure: true,
httpOnly: true,
});
// return jwt token
return c.json({
message: "successfull signed in",
success : true,
});
} catch (err) {
c.status(403);
return c.json({ error: `error while signingup + ${err}` });
}
});
app.post("/signin", async (c) => {
const prisma = c.get("prisma");
const body = await c.req.json();
const { success } = signinInput.safeParse(body);
if (!success) {
return c.text("invalid inputs", 411);
}
const user = await prisma.user.findUnique({
where: {
email: body.email,
password: body.password,
},
});
if (!user) {
c.status(403);
return c.json({ error: "user not found" });
}
const jwt = await sign({ id: user.id }, c.env.JWT_SECRET);
const cookie_secret = c.env.COOKIE_SECRET;
await setSignedCookie(c, "bearer_token", jwt, cookie_secret, {
expires: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
});
return c.json({ message :"successfully signed in ", success: true });
});
Here is my auth middleware :
export const authMiddleware: MiddlewareHandler = async function (c, next) {
try {
// const headerToken = c.req.header("Authorization") || "";
// const token = headerToken.split(" ")[1];
const cookie_secret = c.env.COOKIE_SECRET;
const token = await getSignedCookie(c, cookie_secret, "bearer_token");
if (!token) {
c.status(401);
return c.json({
message: "Tokken missing",
});
}
const secret = c.env.JWT_SECRET;
const response = await verify(token, secret);
if (response.id) {
c.set("authorId", response.id);
await next();
}
} catch (error) {
c.status(401);
return c.json({
message: "Tokken error" + error,
});
}
};
I am using axios to send request
async function handleAPIBlogRequest(url: string) {
try {
const response = await axios.get(`${backendUrl}/${url}`, {
withCredentials: true,
});
return response.data;
} catch (error) {
throw error;
}
}
@pranaydwivedi444
It's difficult to run your code on my machine. Please provide a minimal project that does not use Prisma, Zod, or some libraries. If not, I'll close this issue.
What version of Hono are you using?
4.5.11
What runtime/platform is your app running on?
Cloudfare workers
What steps can reproduce the bug?
I try to sign the cookie , it does return token and everything , but when i try to check it in browser , it doesn't show me cookie in application tab via localhost , and says authorization error I am working on a backend using Hono, JWT, and signed cookies. When a user signs in, I generate a JWT token and set it as a signed cookie using the following code:
c``` onst jwt = await sign({ id: user.id }, c.env.JWT_SECRET); const cookie_secret = c.env.COOKIE_SECRET; console.log(jwt); await setSignedCookie(c, "bearer_token", jwt, cookie_secret, { expires: new Date(Date.now() + 7 24 60 60 1000), // Cookie expiry (1 week) httpOnly: true, // Only accessible via HTTP (prevents JavaScript access) sameSite: "None", // Allows cross-site cookies }); return c.json({ message: "successfully signed in", success: true });