From 24552b85fa7836fb7ab211b39b819428c65f86e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E6=9D=B0?= <jie985563349@outlook.com>
Date: Tue, 5 Nov 2024 10:15:17 +0800
Subject: [PATCH] fix(auth-js): fix cloned request causing request body to be
 unavailable in middleware

---
 .changeset/rare-toys-decide.md      |  5 +++++
 packages/auth-js/src/index.ts       |  6 +++---
 packages/auth-js/test/index.test.ts | 27 ++++++++++++++++++++++++++-
 3 files changed, 34 insertions(+), 4 deletions(-)
 create mode 100644 .changeset/rare-toys-decide.md

diff --git a/.changeset/rare-toys-decide.md b/.changeset/rare-toys-decide.md
new file mode 100644
index 000000000..48742d177
--- /dev/null
+++ b/.changeset/rare-toys-decide.md
@@ -0,0 +1,5 @@
+---
+'@hono/auth-js': major
+---
+
+fix cloned request causing request body to be unavailable in middleware
diff --git a/packages/auth-js/src/index.ts b/packages/auth-js/src/index.ts
index 9151b6dc0..cfda40c05 100644
--- a/packages/auth-js/src/index.ts
+++ b/packages/auth-js/src/index.ts
@@ -47,8 +47,8 @@ export function reqWithEnvUrl(req: Request, authUrl?: string) {
     }
     return new Request(reqUrlObj.href, req)
   }
-  const newReq = new Request(req)
-  const url = new URL(newReq.url)
+  const url = new URL(req.url)
+  const newReq = new Request(url.href, req)
   const proto = newReq.headers.get('x-forwarded-proto')
   const host = newReq.headers.get('x-forwarded-host') ?? newReq.headers.get('host')
   if (proto != null) url.protocol = proto.endsWith(':') ? proto : `${proto}:`
@@ -128,7 +128,7 @@ export function authHandler(): MiddlewareHandler {
     if (!config.secret || config.secret.length === 0) {
       throw new HTTPException(500, { message: 'Missing AUTH_SECRET' })
     }
-    
+
     const res = await Auth(reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL), config)
     return new Response(res.body, res)
   }
diff --git a/packages/auth-js/test/index.test.ts b/packages/auth-js/test/index.test.ts
index 5942c74d7..15b89576f 100644
--- a/packages/auth-js/test/index.test.ts
+++ b/packages/auth-js/test/index.test.ts
@@ -122,6 +122,11 @@ describe('Credentials Provider', () => {
     return c.json(auth)
   })
 
+  app.post('/api/create', async (c) => {
+    const data = await c.req.json()
+    return c.json({ data })
+  })
+
   const credentials = Credentials({
     credentials: {
       password: {},
@@ -186,7 +191,7 @@ describe('Credentials Provider', () => {
       headers,
     })
     expect(res.status).toBe(200)
-    const obj = await res.json() as {
+    const obj = (await res.json()) as {
       token: {
         name: string
         email: string
@@ -196,6 +201,26 @@ describe('Credentials Provider', () => {
     expect(obj.token.email).toBe(user.email)
   })
 
+  it('Should authorize and return 200 - /api/create', async () => {
+    const data = { name: 'Hono' }
+
+    const headers = new Headers()
+    headers.append('cookie', cookie[1])
+    headers.append('Content-Type', 'application/json')
+    const res = await app.request('http://localhost/api/create', {
+      method: 'POST',
+      headers,
+      body: JSON.stringify(data),
+    })
+    expect(res.status).toBe(200)
+    const obj = (await res.json()) as {
+      data: {
+        name: string
+      }
+    }
+    expect(obj.data.name).toBe(data.name)
+  })
+
   it('Should respect x-forwarded-proto and x-forwarded-host', async () => {
     const headers = new Headers()
     headers.append('x-forwarded-proto', 'https')