From 0eedcf567ef87c7afab9d6ff117cbd17df4a8df4 Mon Sep 17 00:00:00 2001 From: KernelDeimos Date: Thu, 11 Apr 2024 23:48:17 -0400 Subject: [PATCH] Apply some fixes --- packages/backend/src/middleware/auth2.js | 2 ++ packages/backend/src/routers/signup.js | 5 +++++ packages/backend/src/services/auth/AuthService.js | 2 +- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/packages/backend/src/middleware/auth2.js b/packages/backend/src/middleware/auth2.js index bfc69a98..7a5e8024 100644 --- a/packages/backend/src/middleware/auth2.js +++ b/packages/backend/src/middleware/auth2.js @@ -63,8 +63,10 @@ const auth2 = async (req, res, next) => { if(!token) { APIError.create('token_missing').write(res); + return; } else if (typeof token !== 'string') { APIError.create('token_auth_failed').write(res); + return; } else { token = token.replace('Bearer ', '') } diff --git a/packages/backend/src/routers/signup.js b/packages/backend/src/routers/signup.js index 4f2db4ea..4d25e379 100644 --- a/packages/backend/src/routers/signup.js +++ b/packages/backend/src/routers/signup.js @@ -71,6 +71,11 @@ module.exports = eggspress(['/signup'], { const { user, token } = await svc_auth.check_session( req.cookies[config.cookie_name] ); + res.cookie(config.cookie_name, token, { + sameSite: 'none', + secure: true, + httpOnly: true, + }); // const decoded = await jwt.verify(token, config.jwt_secret); // const user = await get_user({ uuid: decoded.uuid }); if ( user ) { diff --git a/packages/backend/src/services/auth/AuthService.js b/packages/backend/src/services/auth/AuthService.js index c1cdc9e5..08de9153 100644 --- a/packages/backend/src/services/auth/AuthService.js +++ b/packages/backend/src/services/auth/AuthService.js @@ -378,7 +378,7 @@ class AuthService extends BaseService { if ( session.uuid === actor.type.session ) { session.current = true; } - session.meta = JSON.parse(session.meta ?? {}); + session.meta = JSON.parse(session.meta ?? "{}"); }); return sessions;