yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: Use httpOnly authentication cookie (#5552)

Browse Source
This commit is contained in:
Tom Moor
2023-07-15 16:56:32 -04:00
committed by GitHub
parent b1230d0c81
commit 39e12cef65
16 changed files with 114 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server/routes/api/auth/auth.ts
View File

@@ -1,8 +1,8 @@
import { subHours } from "date-fns";
import { subHours, subMinutes } from "date-fns";
import Router from "koa-router";
import { uniqBy } from "lodash";
import { TeamPreference } from "@shared/types";
import { parseDomain } from "@shared/utils/domains";
import { getCookieDomain, parseDomain } from "@shared/utils/domains";
import env from "@server/env";
import auth from "@server/middlewares/authentication";
import { transaction } from "@server/middlewares/transaction";
@@ -139,6 +139,7 @@ router.post("auth.info", auth(), async (ctx: APIContext<T.AuthInfoReq>) => {
includeDetails: true,
}),
team: presentTeam(team),
collaborationToken: user.getCollaborationToken(),
availableTeams: uniqBy([...signedInTeams, ...availableTeams], "id").map(
(team) =>
presentAvailableTeam(
@@ -176,6 +177,11 @@ router.post(
}
);
ctx.cookies.set("accessToken", "", {
expires: subMinutes(new Date(), 1),
domain: getCookieDomain(ctx.hostname),
});
ctx.body = {
success: true,
};