fix(auth-js): Fix immutable headers error in x-forwarded request (#614)

* fix: immutable headers error in x-forwarded req

* added changeset

.changeset/chatty-dragons-juggle.md

@@ -0,0 +1,5 @@
+---
+'@hono/auth-js': patch
+---
+
+fix immutable headers error in x-forwarded req

packages/auth-js/src/index.ts

@@ -4,11 +4,10 @@ import type { AdapterUser } from '@auth/core/adapters'
 import type { JWT } from '@auth/core/jwt'
 import type { Session } from '@auth/core/types'
 import type { Context, MiddlewareHandler } from 'hono'
-import { env ,getRuntimeKey} from 'hono/adapter'
+import { env, getRuntimeKey } from 'hono/adapter'
 import { HTTPException } from 'hono/http-exception'
 import { setEnvDefaults as coreSetEnvDefaults } from '@auth/core'
 
-
 declare module 'hono' {
   interface ContextVariableMap {
     authUser: AuthUser
@@ -39,34 +38,31 @@ export function setEnvDefaults(env: AuthEnv, config: AuthConfig) {
   coreSetEnvDefaults(env, config)
 }
 
-async function cloneRequest(input: URL | string, request: Request){
+async function cloneRequest(input: URL | string, request: Request, headers?: Headers) {
-
+  if (getRuntimeKey() === 'bun') {
-  if ( getRuntimeKey() === "bun") {
+    return new Request(input, {
-  return new Request(input, {
+      method: request.method,
-    method: request.method,
+      headers: headers ?? new Headers(request.headers),
-    headers:new Headers(request.headers),
+      body:
-    body:
+        request.method === 'GET' || request.method === 'HEAD' ? undefined : await request.blob(),
-      request.method === "GET" || request.method === "HEAD"
+      // @ts-ignore: TS2353
-        ? undefined
+      referrer: 'referrer' in request ? (request.referrer as string) : undefined,
-        : await request.blob(),
+      // deno-lint-ignore no-explicit-any
-    // @ts-ignore: TS2353
+      referrerPolicy: request.referrerPolicy as any,
-    referrer: "referrer" in request ? (request.referrer as string) : undefined,
+      mode: request.mode,
-    // deno-lint-ignore no-explicit-any
+      credentials: request.credentials,
-    referrerPolicy: request.referrerPolicy as any,
+      // @ts-ignore: TS2353
-    mode: request.mode,
+      cache: request.cache,
-    credentials: request.credentials,
+      redirect: request.redirect,
-    // @ts-ignore: TS2353
+      integrity: request.integrity,
-    cache: request.cache,
+      keepalive: request.keepalive,
-    redirect: request.redirect,
+      signal: request.signal,
-    integrity: request.integrity,
+    })
-    keepalive: request.keepalive,
+  }
-    signal: request.signal
+  return new Request(input, request)
-  })
-}
-return new Request(input, request)
 }
 
-export async  function reqWithEnvUrl(req: Request, authUrl?: string){
+export async function reqWithEnvUrl(req: Request, authUrl?: string) {
   if (authUrl) {
     const reqUrlObj = new URL(req.url)
     const authUrlObj = new URL(authUrl)
@@ -75,19 +71,20 @@ export async  function reqWithEnvUrl(req: Request, authUrl?: string){
     return cloneRequest(reqUrlObj.href, req)
   } else {
     const url = new URL(req.url)
-    const proto = req.headers.get('x-forwarded-proto')
+    const headers = new Headers(req.headers)
-    const host = req.headers.get('x-forwarded-host') ?? req.headers.get('host')
+    const proto = headers.get('x-forwarded-proto')
+    const host = headers.get('x-forwarded-host') ?? headers.get('host')
     if (proto != null) url.protocol = proto.endsWith(':') ? proto : proto + ':'
-    if (host!=null) {
+    if (host != null) {
       url.host = host
       const portMatch = host.match(/:(\d+)$/)
       if (portMatch) url.port = portMatch[1]
       else url.port = ''
-      req.headers.delete("x-forwarded-host")
+      headers.delete('x-forwarded-host')
-      req.headers.delete("Host")
+      headers.delete('Host')
-      req.headers.set("Host", host)
+      headers.set('Host', host)
     }
-    return cloneRequest(url.href, req)
+    return cloneRequest(url.href, req, headers)
   }
 }