Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 | 1x 12x 12x 12x 12x 12x 1x 1x 12x 12x 12x 12x 1x 1x 10x 10x 10x 10x 10x 10x 10x 12x 7x 7x 1x 1x 6x 12x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 1x 1x 1x 3x 3x 1x 1x 1x 1x 1x 1x 3x 1x 1x 1x 3x 3x 12x 1x 1x 12x 1x 1x 12x 1x 1x 12x 12x 4x 4x 4x 4x 5x 5x 5x 5x 12x 1x 1x 1x 4x 4x 4x 12x 1x 1x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 12x 12x | import { NextRequest, NextResponse } from 'next/server';
import { createClient as createAdminClient } from '@supabase/supabase-js';
import { cookies } from 'next/headers';
import { formatPhoneNumber } from '@/lib/auth/otp';
/**
* Establish a Supabase session after Twilio Verify OTP confirmation.
* This endpoint creates a session for users who verified via direct Twilio Verify.
*/
export async function POST(request: NextRequest) {
try {
const body = await request.json();
const { phone, countryCode = '+91', userId } = body;
if (!phone && !userId) {
return NextResponse.json({ error: 'Phone or user ID is required' }, { status: 400 });
}
const formattedPhone = phone ? formatPhoneNumber(phone, countryCode) : null;
// Get admin client
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
const serviceRoleKey = process.env.SUPABASE_SERVICE_ROLE_KEY;
if (!supabaseUrl || !serviceRoleKey) {
return NextResponse.json({ error: 'Server configuration error' }, { status: 500 });
}
const adminClient = createAdminClient(supabaseUrl, serviceRoleKey, {
auth: {
autoRefreshToken: false,
persistSession: false,
},
});
// Find user
let user;
if (userId) {
const { data, error } = await adminClient.auth.admin.getUserById(userId);
if (error || !data.user) {
return NextResponse.json({ error: 'User not found' }, { status: 404 });
}
user = data.user;
} else if (formattedPhone) {
// Search for user by phone with pagination
let page = 1;
const perPage = 50;
let found = false;
while (!found && page <= 100) {
console.log(`Searching users page ${page} for phone...`);
const response = await adminClient.auth.admin.listUsers({
page,
perPage,
});
if (response.error) {
console.error('Error listing users:', response.error);
return NextResponse.json({ error: 'Failed to find user' }, { status: 500 });
}
const users = response.data?.users || [];
for (const u of users) {
if (u.phone === formattedPhone) {
user = u;
found = true;
break;
}
}
if (!found) {
if (users.length < perPage) {
break;
}
page++;
}
}
}
if (!user) {
return NextResponse.json({ error: 'User not found' }, { status: 404 });
}
// Verify that the user's phone is confirmed (security check)
if (formattedPhone && user.phone !== formattedPhone) {
return NextResponse.json({ error: 'Phone number mismatch' }, { status: 403 });
}
if (!user.phone_confirmed_at) {
return NextResponse.json({ error: 'Phone not verified' }, { status: 403 });
}
// Create session using admin API
// We use a workaround: generate a one-time link and extract session info
// Note: This requires the user to have an email, or we create a placeholder
const userEmail = user.email || `phone_${user.id}@proofid.internal`;
// Update user to have a placeholder email if needed
if (!user.email) {
await adminClient.auth.admin.updateUserById(user.id, {
email: userEmail,
});
}
// Generate a magic link (this creates a session token internally)
const { data: linkData, error: linkError } = await adminClient.auth.admin.generateLink({
type: 'magiclink',
email: userEmail,
});
if (linkError) {
console.error('Error generating session link:', linkError);
return NextResponse.json({ error: 'Failed to create session' }, { status: 500 });
}
// Extract the token from the link
const linkUrl = new URL(linkData.properties.action_link);
const token = linkUrl.searchParams.get('token');
const tokenType = linkUrl.searchParams.get('type');
if (!token) {
return NextResponse.json({ error: 'Failed to generate session token' }, { status: 500 });
}
// Set the session cookie directly
// The token can be used with verifyOtp to establish a session
const cookieStore = await cookies();
// Store the verification info temporarily for the callback
cookieStore.set(
'phone_auth_pending',
JSON.stringify({
user_id: user.id,
phone: user.phone,
token: linkData.properties.hashed_token,
type: tokenType,
}),
{
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',
maxAge: 300, // 5 minutes
path: '/',
}
);
return NextResponse.json({
success: true,
user: {
id: user.id,
phone: user.phone,
email: user.email,
},
// Return the verification URL for the client to use
verificationUrl: `/auth/callback?token=${encodeURIComponent(token)}&type=magiclink`,
});
} catch (error) {
console.error('Establish session error:', error);
return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
}
}
|