HonoH
Hono16mo ago
JustUseFirefox

How to pass and validate cookies (server<>server) ? (RPC)

I use Sveltekit and hono as an external API.
Most requests coming from the UI are done through XHR, but some requests (like token validation) is done from sveltekit server-side to hono api.

  • When the user logs in, a cookie is set on the client (secure, lax).
  • When the user close and re-open the site, the token is validated with a server hook. Sveltekit sees the cookies and make a request to hono, but hono doesn't see the cookies (obviously).
I don't want to store too much information in localStorage, so a page refresh require token decryption.

I'm looking for a way to pass down those cookies from svelte server to hono api, but that endpoint might also be called from a browser or something, so for security reason I don't want to use json to pass the data preferably. Cookies is the way to go here.

Validator:
    validator('cookie', async (value, c) => {
      const body = value;
      console.log('BODY', value);

      const parsed = authnLoginWithTokenCookieSchema.safeParse(body);
      if (!parsed.success) {
        return c.json(
          {
`            error: parsed.error`
          },
          401
        );
      }
      // TODO * Check IP ban, Validate token, validate data, validate blocklist
      return {
        body: parsed.data
      };
    }),


Client call:
    const validateToken = await hono.auth.withToken
        .$post({
            cookie: {
                body: {
                    /**
                     * Type '{}' is not assignable to type 'string'.ts(2322)
                     * The expected type comes from property 'body' which is declared here on type '{ body: string; }'
                     */
                }
            }
        })
        .then((r) => r.json());
Was this page helpful?