refactor: extract next-auth into middleware

[balazsorban44]

Hi @nextauthjs maintainer here.

This is just a suggestion, but I extracted the NextAuth code into its own file, so the usage API matches the one we recommend when using with Next.js as well.

What do you think?

That new file could actually now be distributed something like @next-auth/express-middleware.

I narrowed down the paths that next-auth should handle by sending anything else than POST or GET further with next(), and only match very specific URLs as documented at https://next-auth.js.org/getting-started/rest-api

I did not see a reason to import isomorphic-fetch, but I might have overlooked something. All the URLs I tested worked (didn't do a thorough job 😅)

Happy to add it back if there is a good reason for it. 🙂

[s-kris]

Hi @balazsorban44 :)

I made the next-auth logic so apparent on express routes to show to others if they want to drop next-auth in their respective frameworks and replicate the same changes easily.

But it'd be awesome to have an @next-auth/middlewares/express package. 💯
I was planning to push an update to this starter once you launch v4 but damnn you are fast!

Thank you for matching the exact routes, haha!
I was getting the fetch is not defined error. I remembered that nextjs polyfills fetch on the backend. So, I had to do a polyfill using the global object. I just pulled your fork but there's no error. So I guess it must be error from my side :)

Thank you so much!! 👍🏼
Merging!

[balazsorban44]

The only reference I found to fetch (that isn't in next-auth/client was in this file, line 70:

https://www.github.com/nextauthjs/next-auth/tree/main/src%2Flib%2Flogger.js

The logger file is imported both client and server side.

I havent thoroughly checked your code, so I might have missed something.

[s-kris]

Then something must have triggered the logger function and caused the fetch error during my dev.
So, we should add isomorphic-fetch back because not all frameworks will have the polyfill on the server-side.

[s-kris]

@balazsorban44
I just identified the cause of fetch is not defined.
getSession method uses _fetchData which in turn uses fetch. And using this throws the error because polyfill isn't there on nodejs (vitejs dev) side.

https://github.com/nextauthjs/next-auth/blob/ac5b4db0f2a6f0f20f820d42ac308fe6177e43cd/src/client/index.js#L162

[balazsorban44]

Yes, I was suspecting it comes from the next-auth/client module. We should probably eventually turn away from using fetch, see the discussion at nextauthjs/next-auth#1535

[s-kris]

Yeah, that discussion makes sense. There's no need for a network call when operating server-side. Until next-auth makes modifications, I'll push a polyfill.