fix(api): 🐛 3rd party cookies maybe blocked when opening magic link

routes/api/magiclink/index.ts

@@ -4,7 +4,7 @@ import 'npm:iterator-polyfill'
 import { FreshContext } from '$fresh/server.ts'
 import { Contact, type Mail, send } from '@cohabit/cohamail/mod.ts'
 import { magicLinkTemplate } from '@cohabit/cohamail/templates/mod.ts'
-import { SessionHandlers } from '../../../src/session/mod.ts'
+import { SessionHandlers, SessionStore } from '../../../src/session/mod.ts'
 import { respondApi } from '../../../src/utils.ts'
 import { sleep } from '@jotsr/delayed'
 import { User } from '@cohabit/ressources_manager/src/models/mod.ts'
@@ -39,7 +39,7 @@ export const handler: SessionHandlers = {
 		// generate magic link
 		const token = crypto.randomUUID()
 		const endpoint =
-			`${ctx.url.origin}/api/magiclink?token=${token}&redirect=/profil`
+			`${ctx.url.origin}/api/magiclink?token=${token}&session=${ctx.state.session.uuid}&redirect=/profil`
 
 		// save token to session
 		ctx.state.session.flash<MagicLinkInfos>(`MAGIC_LINK__${token}`, {
@@ -72,11 +72,21 @@ export const handler: SessionHandlers = {
 	async GET(request, ctx) {
 		const token = ctx.url.searchParams.get('token')
 		const redirect = ctx.url.searchParams.get('redirect')
+		const sessionId = ctx.url.searchParams.get('session')
 
-		// no token
+		// no token or sessionId
-		if (token === null) {
+		if (token === null || sessionId === null) {
-			return respondApi('error', 'no token provided', 400)
+			return respondApi('error', 'no token or session provided', 400)
 		}
+
+		// set session if 3rd party cookies was blocked
+		ctx.state.session = ctx.state.session ?? SessionStore.getSession(sessionId)
+
+		// no session available
+		if (ctx.state.session === null) {
+			return respondApi('error', 'no session datas', 401)
+		}
+
 		// wrong or timeout token
 		const entry = ctx.state.session.get<MagicLinkInfos>(`MAGIC_LINK__${token}`)