create middleware block and update proxy file also make token stored in cookes and up date user page to can show user details also fixed delete user error and delete car error and broken corse inginx image block now we can uplode image to server and but it in my app

This commit is contained in:
m7amedez5511
2026-06-17 17:01:53 +03:00
parent 6ca2cc08d1
commit a23d21f222
15 changed files with 1017 additions and 137 deletions

View File

@@ -0,0 +1,35 @@
// app/api/auth/set-cookie/route.ts
// Receives the JWT from the client immediately after login and stores it
// in an HttpOnly, Secure, SameSite=Strict cookie.
// The client never stores the raw token — it passes through this endpoint once.
import { NextRequest, NextResponse } from "next/server";
export async function POST(request: NextRequest) {
const body = await request.json().catch(() => null);
const token: unknown = body?.token;
if (typeof token !== "string" || !token) {
return NextResponse.json({ error: "Invalid token" }, { status: 400 });
}
const isProduction = process.env.NODE_ENV === "production";
// Build the Set-Cookie header manually so we have full control over flags.
// - HttpOnly: JavaScript cannot read this cookie.
// - Secure: Only sent over HTTPS (omitted in development for localhost).
// - SameSite=Strict: Not sent on cross-site requests, mitigating CSRF.
// - Path=/: Available for all routes (needed for the middleware to read it).
const cookieParts = [
`auth_token=${encodeURIComponent(token)}`,
"HttpOnly",
isProduction ? "Secure" : "", // Omit Secure on localhost (no HTTPS)
"SameSite=Strict",
"Path=/",
"Max-Age=604800", // 7 days in seconds
].filter(Boolean);
const response = NextResponse.json({ ok: true });
response.headers.set("Set-Cookie", cookieParts.join("; "));
return response;
}