🚑 (auth) Fix bad requests with getSession on server side

2023-04-03 16:42:10 +02:00
parent b96a3a6a8e
commit 49071b73b6
39 changed files with 112 additions and 91 deletions
--- a/apps/builder/src/features/auth/helpers/getAuthenticatedUser.ts
+++ b/apps/builder/src/features/auth/helpers/getAuthenticatedUser.ts
@@ -1,19 +1,27 @@
 import prisma from '@/lib/prisma'
 import { authOptions } from '@/pages/api/auth/[...nextauth]'
 import { setUser } from '@sentry/nextjs'
 import { User } from '@typebot.io/prisma'
-import { NextApiRequest } from 'next'
+import { NextApiRequest, NextApiResponse } from 'next'
-import { getSession } from 'next-auth/react'
+import { getServerSession } from 'next-auth'
 import { mockedUser } from '../mockedUser'
 import { env } from '@typebot.io/lib'
 export const getAuthenticatedUser = async (
-  req: NextApiRequest
+  req: NextApiRequest,
  res: NextApiResponse
 ): Promise<User | undefined> => {
  const bearerToken = extractBearerToken(req)
  if (bearerToken) return authenticateByToken(bearerToken)
-  const session = await getSession({ req })
+  const user =
-  if (!session?.user || !('id' in session.user)) return
+    env('E2E_TEST') === 'true'
-  const user = session.user as User
+      ? mockedUser
      : ((await getServerSession(req, res, authOptions))?.user as
          | User
          | undefined)
  if (!user || !('id' in user)) return
  setUser({ id: user.id, email: user.email ?? undefined })
-  return session?.user as User
+  return user
 }
 const authenticateByToken = async (
--- a/apps/builder/src/helpers/server/context.ts
+++ b/apps/builder/src/helpers/server/context.ts
@@ -3,7 +3,7 @@ import { inferAsyncReturnType } from '@trpc/server'
 import * as trpcNext from '@trpc/server/adapters/next'
 export async function createContext(opts: trpcNext.CreateNextContextOptions) {
-  const user = await getAuthenticatedUser(opts.req)
+  const user = await getAuthenticatedUser(opts.req, opts.res)
  return {
    user,
--- a/apps/builder/src/pages/api/auth/[...nextauth].ts
+++ b/apps/builder/src/pages/api/auth/[...nextauth].ts
@@ -1,4 +1,4 @@
-import NextAuth, { Account } from 'next-auth'
+import NextAuth, { Account, AuthOptions } from 'next-auth'
 import EmailProvider from 'next-auth/providers/email'
 import GitHubProvider from 'next-auth/providers/github'
 import GitlabProvider from 'next-auth/providers/gitlab'
@@ -128,47 +128,53 @@ if (isNotEmpty(process.env.CUSTOM_OAUTH_WELL_KNOWN_URL)) {
  })
 }
-const handler = (req: NextApiRequest, res: NextApiResponse) => {
+export const authOptions: AuthOptions = {
-  if (req.url === '/api/auth/session' && env('E2E_TEST') === 'true')
+  adapter: CustomAdapter(prisma),
-    return res.send({ user: mockedUser })
+  secret: process.env.ENCRYPTION_SECRET,
-  if (req.method === 'HEAD') return res.status(200)
+  providers,
-  return NextAuth(req, res, {
+  session: {
-    adapter: CustomAdapter(prisma),
+    strategy: 'database',
-    secret: process.env.ENCRYPTION_SECRET,
+  },
-    providers,
+  pages: {
-    session: {
+    signIn: '/signin',
-      strategy: 'database',
+  },
  callbacks: {
    session: async ({ session, user }) => {
      const userFromDb = user as User
      await updateLastActivityDate(userFromDb)
      return {
        ...session,
        user: userFromDb,
      }
    },
-    pages: {
+    signIn: async ({ account, user }) => {
-      signIn: '/signin',
+      if (!account) return false
      const isNewUser = !('createdAt' in user && isDefined(user.createdAt))
      if (process.env.DISABLE_SIGNUP === 'true' && isNewUser && user.email) {
        const { invitations, workspaceInvitations } =
          await getNewUserInvitations(prisma, user.email)
        if (invitations.length === 0 && workspaceInvitations.length === 0)
          return false
      }
      const requiredGroups = getRequiredGroups(account.provider)
      if (requiredGroups.length > 0) {
        const userGroups = await getUserGroups(account)
        return checkHasGroups(userGroups, requiredGroups)
      }
      return true
    },
-    callbacks: {
+  },
-      session: async ({ session, user }) => {
+}
-        const userFromDb = user as User
+
-        await updateLastActivityDate(userFromDb)
+const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-        return {
+  const isMockingSession =
-          ...session,
+    req.method === 'GET' &&
-          user: userFromDb,
+    req.url === '/api/auth/session' &&
-        }
+    env('E2E_TEST') === 'true'
-      },
+  if (isMockingSession) return res.send({ user: mockedUser })
-      signIn: async ({ account, user }) => {
+  const requestIsFromCompanyFirewall = req.method === 'HEAD'
-        if (!account) return false
+  if (requestIsFromCompanyFirewall) return res.status(200).end()
-        const isNewUser = !('createdAt' in user && isDefined(user.createdAt))
+  return await NextAuth(req, res, authOptions)
        if (process.env.DISABLE_SIGNUP === 'true' && isNewUser && user.email) {
          const { invitations, workspaceInvitations } =
            await getNewUserInvitations(prisma, user.email)
          if (invitations.length === 0 && workspaceInvitations.length === 0)
            return false
        }
        const requiredGroups = getRequiredGroups(account.provider)
        if (requiredGroups.length > 0) {
          const userGroups = await getUserGroups(account)
          return checkHasGroups(userGroups, requiredGroups)
        }
        return true
      },
    },
  })
 }
 const updateLastActivityDate = async (user: User) => {
--- a/apps/builder/src/pages/api/credentials.ts
+++ b/apps/builder/src/pages/api/credentials.ts
@@ -11,7 +11,7 @@ import {
 } from '@typebot.io/lib/api'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const workspaceId = req.query.workspaceId as string | undefined
  if (!workspaceId) return badRequest(res)
--- a/apps/builder/src/pages/api/credentials/[credentialsId].ts
+++ b/apps/builder/src/pages/api/credentials/[credentialsId].ts
@@ -8,7 +8,7 @@ import {
 import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUser'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const workspaceId = req.query.workspaceId as string | undefined
  if (!workspaceId) return badRequest(res)
--- a/apps/builder/src/pages/api/credentials/google-sheets/callback.ts
+++ b/apps/builder/src/pages/api/credentials/google-sheets/callback.ts
@@ -8,7 +8,7 @@ import { oauth2Client } from '@/lib/googleSheets'
 import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUser'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const state = req.query.state as string | undefined
  if (!state) return badRequest(res)
--- a/apps/builder/src/pages/api/customDomains.ts
+++ b/apps/builder/src/pages/api/customDomains.ts
@@ -11,7 +11,7 @@ import {
 } from '@typebot.io/lib/api'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const workspaceId = req.query.workspaceId as string | undefined
  if (!workspaceId) return badRequest(res)
--- a/apps/builder/src/pages/api/customDomains/[domain].ts
+++ b/apps/builder/src/pages/api/customDomains/[domain].ts
@@ -9,7 +9,7 @@ import { got } from 'got'
 import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUser'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const workspaceId = req.query.workspaceId as string | undefined
  if (!workspaceId) return badRequest(res)
--- a/apps/builder/src/pages/api/folders.ts
+++ b/apps/builder/src/pages/api/folders.ts
@@ -9,7 +9,7 @@ import {
 import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUser'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const parentFolderId = req.query.parentId
--- a/apps/builder/src/pages/api/folders/[id].ts
+++ b/apps/builder/src/pages/api/folders/[id].ts
@@ -5,7 +5,7 @@ import { methodNotAllowed, notAuthenticated } from '@typebot.io/lib/api'
 import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUser'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const id = req.query.id as string
--- a/apps/builder/src/pages/api/integrations/email/test-config.ts
+++ b/apps/builder/src/pages/api/integrations/email/test-config.ts
@@ -5,7 +5,7 @@ import { notAuthenticated } from '@typebot.io/lib/api'
 import { SmtpCredentials } from '@typebot.io/schemas'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  if (req.method === 'POST') {
    const { from, port, isTlsEnabled, username, password, host, to } = (
--- a/apps/builder/src/pages/api/integrations/google-sheets/spreadsheets.ts
+++ b/apps/builder/src/pages/api/integrations/google-sheets/spreadsheets.ts
@@ -10,7 +10,7 @@ import { setUser } from '@sentry/nextjs'
 import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUser'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  setUser({ email: user.email ?? undefined, id: user.id })
--- a/apps/builder/src/pages/api/integrations/google-sheets/spreadsheets/[id]/sheets.ts
+++ b/apps/builder/src/pages/api/integrations/google-sheets/spreadsheets/[id]/sheets.ts
@@ -11,7 +11,7 @@ import { setUser } from '@sentry/nextjs'
 import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUser'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  setUser({ email: user.email ?? undefined, id: user.id })
--- a/apps/builder/src/pages/api/publicIdAvailable.ts
+++ b/apps/builder/src/pages/api/publicIdAvailable.ts
@@ -4,7 +4,7 @@ import { methodNotAllowed, notAuthenticated } from '@typebot.io/lib/api'
 import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUser'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  if (req.method === 'GET') {
    const publicId = req.query.publicId as string | undefined
--- a/apps/builder/src/pages/api/publicTypebots.ts
+++ b/apps/builder/src/pages/api/publicTypebots.ts
@@ -11,7 +11,7 @@ import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUs
 import { sendTelemetryEvents } from '@typebot.io/lib/telemetry/sendTelemetryEvent'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  try {
    if (req.method === 'POST') {
--- a/apps/builder/src/pages/api/publicTypebots/[id].ts
+++ b/apps/builder/src/pages/api/publicTypebots/[id].ts
@@ -11,7 +11,7 @@ import {
 import { sendTelemetryEvents } from '@typebot.io/lib/telemetry/sendTelemetryEvent'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const id = req.query.id as string
--- a/apps/builder/src/pages/api/storage/upload-url.ts
+++ b/apps/builder/src/pages/api/storage/upload-url.ts
@@ -13,7 +13,7 @@ const handler = async (
 ): Promise<void> => {
  res.setHeader('Access-Control-Allow-Origin', '*')
  if (req.method === 'GET') {
-    const user = await getAuthenticatedUser(req)
+    const user = await getAuthenticatedUser(req, res)
    if (!user) return notAuthenticated(res)
    if (
--- a/apps/builder/src/pages/api/stripe/custom-plan-checkout.ts
+++ b/apps/builder/src/pages/api/stripe/custom-plan-checkout.ts
@@ -6,7 +6,7 @@ import Stripe from 'stripe'
 import { methodNotAllowed, notAuthenticated } from '@typebot.io/lib/api'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  if (req.method === 'GET') {
    const session = await createCheckoutSession(user.id)
--- a/apps/builder/src/pages/api/typebots.ts
+++ b/apps/builder/src/pages/api/typebots.ts
@@ -15,7 +15,7 @@ import { omit } from '@typebot.io/lib'
 import { sendTelemetryEvents } from '@typebot.io/lib/telemetry/sendTelemetryEvent'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  try {
    if (req.method === 'POST') {
--- a/apps/builder/src/pages/api/typebots/[typebotId].ts
+++ b/apps/builder/src/pages/api/typebots/[typebotId].ts
@@ -11,7 +11,7 @@ import { isReadTypebotForbidden } from '@/features/typebot/helpers/isReadTypebot
 import { removeTypebotOldProperties } from '@/features/typebot/helpers/removeTypebotOldProperties'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const typebotId = req.query.typebotId as string
--- a/apps/builder/src/pages/api/typebots/[typebotId]/analytics/answersCount.ts
+++ b/apps/builder/src/pages/api/typebots/[typebotId]/analytics/answersCount.ts
@@ -6,7 +6,7 @@ import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUs
 import { canReadTypebots } from '@/helpers/databaseRules'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  if (req.method === 'GET') {
    const typebotId = req.query.typebotId as string
--- a/apps/builder/src/pages/api/typebots/[typebotId]/analytics/stats.ts
+++ b/apps/builder/src/pages/api/typebots/[typebotId]/analytics/stats.ts
@@ -6,7 +6,7 @@ import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUs
 import { methodNotAllowed, notAuthenticated } from '@typebot.io/lib/api'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  if (req.method === 'GET') {
    const typebotId = req.query.typebotId as string
--- a/apps/builder/src/pages/api/typebots/[typebotId]/blocks.ts
+++ b/apps/builder/src/pages/api/typebots/[typebotId]/blocks.ts
@@ -9,7 +9,7 @@ import {
 } from '@typebot.io/lib/api'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  if (req.method === 'GET') {
    const typebotId = req.query.typebotId as string
--- a/apps/builder/src/pages/api/typebots/[typebotId]/collaborators.ts
+++ b/apps/builder/src/pages/api/typebots/[typebotId]/collaborators.ts
@@ -5,7 +5,7 @@ import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUs
 import { methodNotAllowed, notAuthenticated } from '@typebot.io/lib/api'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const typebotId = req.query.typebotId as string
  if (req.method === 'GET') {
--- a/apps/builder/src/pages/api/typebots/[typebotId]/collaborators/[userId].ts
+++ b/apps/builder/src/pages/api/typebots/[typebotId]/collaborators/[userId].ts
@@ -5,7 +5,7 @@ import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUs
 import { methodNotAllowed, notAuthenticated } from '@typebot.io/lib/api'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const typebotId = req.query.typebotId as string
  const userId = req.query.userId as string
--- a/apps/builder/src/pages/api/typebots/[typebotId]/invitations.ts
+++ b/apps/builder/src/pages/api/typebots/[typebotId]/invitations.ts
@@ -17,7 +17,7 @@ import { env } from '@typebot.io/lib'
 import { sendGuestInvitationEmail } from '@typebot.io/emails'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const typebotId = req.query.typebotId as string | undefined
  if (!typebotId) return badRequest(res)
--- a/apps/builder/src/pages/api/typebots/[typebotId]/invitations/[email].ts
+++ b/apps/builder/src/pages/api/typebots/[typebotId]/invitations/[email].ts
@@ -6,7 +6,7 @@ import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUs
 import { methodNotAllowed, notAuthenticated } from '@typebot.io/lib/api'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const typebotId = req.query.typebotId as string
  const email = req.query.email as string
--- a/apps/builder/src/pages/api/typebots/[typebotId]/webhooks.ts
+++ b/apps/builder/src/pages/api/typebots/[typebotId]/webhooks.ts
@@ -10,7 +10,7 @@ import {
 import { getTypebot } from '@/features/typebot/helpers/getTypebot'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  if (req.method === 'POST') {
    const typebotId = req.query.typebotId as string
--- a/apps/builder/src/pages/api/typebots/[typebotId]/webhooks/[webhookId].ts
+++ b/apps/builder/src/pages/api/typebots/[typebotId]/webhooks/[webhookId].ts
@@ -13,7 +13,7 @@ import { getTypebot } from '@/features/typebot/helpers/getTypebot'
 import { omit } from '@typebot.io/lib'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  const typebotId = req.query.typebotId as string
  const webhookId = req.query.webhookId as string
  if (!user) return notAuthenticated(res)
--- a/apps/builder/src/pages/api/users/[userId].ts
+++ b/apps/builder/src/pages/api/users/[userId].ts
@@ -5,7 +5,7 @@ import { methodNotAllowed, notAuthenticated } from '@typebot.io/lib/api'
 import { User } from '@typebot.io/prisma'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  const id = req.query.userId as string
--- a/apps/builder/src/pages/api/users/[userId]/api-tokens.ts
+++ b/apps/builder/src/pages/api/users/[userId]/api-tokens.ts
@@ -5,7 +5,7 @@ import { generateId } from '@typebot.io/lib'
 import { methodNotAllowed, notAuthenticated } from '@typebot.io/lib/api'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  if (req.method === 'GET') {
    const apiTokens = await prisma.apiToken.findMany({
--- a/apps/builder/src/pages/api/users/[userId]/api-tokens/[tokenId].ts
+++ b/apps/builder/src/pages/api/users/[userId]/api-tokens/[tokenId].ts
@@ -4,7 +4,7 @@ import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUs
 import { methodNotAllowed, notAuthenticated } from '@typebot.io/lib/api'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  if (req.method === 'DELETE') {
--- a/apps/builder/src/pages/api/workspaces/[workspaceId]/invitations.ts
+++ b/apps/builder/src/pages/api/workspaces/[workspaceId]/invitations.ts
@@ -12,7 +12,7 @@ import { env } from '@typebot.io/lib'
 import { isSeatsLimitReached } from '@typebot.io/lib/pricing'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  if (req.method === 'POST') {
    const data = req.body as Omit<WorkspaceInvitation, 'id' | 'createdAt'>
--- a/apps/builder/src/pages/api/workspaces/[workspaceId]/invitations/[id].ts
+++ b/apps/builder/src/pages/api/workspaces/[workspaceId]/invitations/[id].ts
@@ -5,7 +5,7 @@ import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUs
 import { methodNotAllowed, notAuthenticated } from '@typebot.io/lib/api'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  if (req.method === 'PATCH') {
    const data = req.body as Omit<WorkspaceInvitation, 'createdAt'>
--- a/apps/builder/src/pages/api/workspaces/[workspaceId]/members.ts
+++ b/apps/builder/src/pages/api/workspaces/[workspaceId]/members.ts
@@ -8,7 +8,7 @@ import {
 } from '@typebot.io/lib/api'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  if (req.method === 'GET') {
    const id = req.query.workspaceId as string
--- a/apps/builder/src/pages/api/workspaces/[workspaceId]/members/[id].ts
+++ b/apps/builder/src/pages/api/workspaces/[workspaceId]/members/[id].ts
@@ -5,7 +5,7 @@ import { getAuthenticatedUser } from '@/features/auth/helpers/getAuthenticatedUs
 import { methodNotAllowed, notAuthenticated } from '@typebot.io/lib/api'
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
-  const user = await getAuthenticatedUser(req)
+  const user = await getAuthenticatedUser(req, res)
  if (!user) return notAuthenticated(res)
  if (req.method === 'PATCH') {
    const workspaceId = req.query.workspaceId as string
--- a/apps/builder/src/pages/feedback.tsx
+++ b/apps/builder/src/pages/feedback.tsx
@@ -1,15 +1,16 @@
-import { getSession } from 'next-auth/react'
+import { GetServerSidePropsContext } from 'next'
 import { NextPageContext } from 'next'
 import { User } from '@typebot.io/prisma'
 import { isNotDefined } from '@typebot.io/lib'
 import { sign } from 'jsonwebtoken'
 import { getServerSession } from 'next-auth'
 import { authOptions } from './api/auth/[...nextauth]'
 export default function Page() {
  return null
 }
-export async function getServerSideProps(context: NextPageContext) {
+export async function getServerSideProps(context: GetServerSidePropsContext) {
-  const session = await getSession(context)
+  const session = await getServerSession(context.req, context.res, authOptions)
  if (isNotDefined(session?.user))
    return {
      redirect: {
--- a/apps/builder/src/pages/feedback/[feedbackId].ts
+++ b/apps/builder/src/pages/feedback/[feedbackId].ts
@@ -1,15 +1,16 @@
-import { getSession } from 'next-auth/react'
+import { getServerSession } from 'next-auth'
 import { NextPageContext } from 'next'
 import { User } from '@typebot.io/prisma'
 import { isNotDefined } from '@typebot.io/lib'
 import { sign } from 'jsonwebtoken'
 import { authOptions } from '../api/auth/[...nextauth]'
 import { GetServerSidePropsContext } from 'next'
 export default function Page() {
  return null
 }
-export async function getServerSideProps(context: NextPageContext) {
+export async function getServerSideProps(context: GetServerSidePropsContext) {
-  const session = await getSession(context)
+  const session = await getServerSession(context.req, context.res, authOptions)
  const feedbackId = context.query.feedbackId?.toString() as string
  if (isNotDefined(session?.user))
    return {
--- a/apps/builder/src/pages/index.tsx
+++ b/apps/builder/src/pages/index.tsx
@@ -1,6 +1,7 @@
 import { getLocaleProps } from '@/locales'
 import { GetServerSidePropsContext } from 'next'
-import { getSession } from 'next-auth/react'
+import { getServerSession } from 'next-auth'
 import { authOptions } from './api/auth/[...nextauth]'
 export default function Page() {
  return null
@@ -8,7 +9,11 @@ export default function Page() {
 export const getServerSideProps = getLocaleProps(
  async (context: GetServerSidePropsContext) => {
-    const session = await getSession(context)
+    const session = await getServerSession(
      context.req,
      context.res,
      authOptions
    )
    if (!session?.user) {
      return {
        redirect: {