chore: Use httpOnly authentication cookie (#5552)

2023-07-15 16:56:32 -04:00
parent b1230d0c81
commit 39e12cef65
16 changed files with 114 additions and 120 deletions
--- a/server/utils/jwt.ts
+++ b/server/utils/jwt.ts
@@ -20,10 +20,13 @@ function getJWTPayload(token: string) {
  }
 }

-export async function getUserForJWT(token: string): Promise<User> {
+export async function getUserForJWT(
+  token: string,
+  allowedTypes = ["session", "transfer"]
+): Promise<User> {
  const payload = getJWTPayload(token);

-  if (payload.type === "email-signin") {
+  if (!allowedTypes.includes(payload.type)) {
    throw AuthenticationError("Invalid token");
  }