From 0eedcf567ef87c7afab9d6ff117cbd17df4a8df4 Mon Sep 17 00:00:00 2001 From: KernelDeimos Date: Thu, 11 Apr 2024 23:48:17 -0400 Subject: [PATCH 1/3] Apply some fixes --- packages/backend/src/middleware/auth2.js | 2 ++ packages/backend/src/routers/signup.js | 5 +++++ packages/backend/src/services/auth/AuthService.js | 2 +- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/packages/backend/src/middleware/auth2.js b/packages/backend/src/middleware/auth2.js index bfc69a98..7a5e8024 100644 --- a/packages/backend/src/middleware/auth2.js +++ b/packages/backend/src/middleware/auth2.js @@ -63,8 +63,10 @@ const auth2 = async (req, res, next) => { if(!token) { APIError.create('token_missing').write(res); + return; } else if (typeof token !== 'string') { APIError.create('token_auth_failed').write(res); + return; } else { token = token.replace('Bearer ', '') } diff --git a/packages/backend/src/routers/signup.js b/packages/backend/src/routers/signup.js index 4f2db4ea..4d25e379 100644 --- a/packages/backend/src/routers/signup.js +++ b/packages/backend/src/routers/signup.js @@ -71,6 +71,11 @@ module.exports = eggspress(['/signup'], { const { user, token } = await svc_auth.check_session( req.cookies[config.cookie_name] ); + res.cookie(config.cookie_name, token, { + sameSite: 'none', + secure: true, + httpOnly: true, + }); // const decoded = await jwt.verify(token, config.jwt_secret); // const user = await get_user({ uuid: decoded.uuid }); if ( user ) { diff --git a/packages/backend/src/services/auth/AuthService.js b/packages/backend/src/services/auth/AuthService.js index c1cdc9e5..08de9153 100644 --- a/packages/backend/src/services/auth/AuthService.js +++ b/packages/backend/src/services/auth/AuthService.js @@ -378,7 +378,7 @@ class AuthService extends BaseService { if ( session.uuid === actor.type.session ) { session.current = true; } - session.meta = JSON.parse(session.meta ?? {}); + session.meta = JSON.parse(session.meta ?? "{}"); }); return sessions; From 356a3284faa28c8cf448230e45b64b078d693b0f Mon Sep 17 00:00:00 2001 From: KernelDeimos Date: Fri, 12 Apr 2024 00:10:56 -0400 Subject: [PATCH 2/3] Fix mysql incompatibility --- packages/backend/src/services/auth/AuthService.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/packages/backend/src/services/auth/AuthService.js b/packages/backend/src/services/auth/AuthService.js index 08de9153..361a3289 100644 --- a/packages/backend/src/services/auth/AuthService.js +++ b/packages/backend/src/services/auth/AuthService.js @@ -240,7 +240,10 @@ class AuthService extends BaseService { [uuid], ); - session.meta = JSON.parse(session.meta ?? {}); + session.meta = this.db.case({ + mysql: () => session.meta, + otherwise: () => JSON.parse(session.meta ?? "{}") + })(); return session; } @@ -375,10 +378,13 @@ class AuthService extends BaseService { ); sessions.forEach(session => { + session.meta = this.db.case({ + mysql: () => session.meta, + otherwise: () => JSON.parse(session.meta ?? "{}") + })(); if ( session.uuid === actor.type.session ) { session.current = true; } - session.meta = JSON.parse(session.meta ?? "{}"); }); return sessions; From 1da3a769c439ce048afd4e8283bd0ae4ed156a1d Mon Sep 17 00:00:00 2001 From: KernelDeimos Date: Fri, 12 Apr 2024 00:19:07 -0400 Subject: [PATCH 3/3] Use localstorage instead of cookie for list-sessions --- src/UI/UIWindowManageSessions.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/UI/UIWindowManageSessions.js b/src/UI/UIWindowManageSessions.js index 561597fb..1debb5da 100644 --- a/src/UI/UIWindowManageSessions.js +++ b/src/UI/UIWindowManageSessions.js @@ -87,6 +87,7 @@ const UIWindowManageSessions = async function UIWindowManageSessions () { const resp = await fetch(`${api_origin}/auth/revoke-session`, { method: 'POST', headers: { + Authorization: `Bearer ${puter.authToken}`, 'Content-Type': 'application/json', }, body: JSON.stringify({ @@ -115,6 +116,9 @@ const UIWindowManageSessions = async function UIWindowManageSessions () { const reload_sessions = async () => { const resp = await fetch(`${api_origin}/auth/list-sessions`, { + headers: { + Authorization: `Bearer ${puter.authToken}`, + }, method: 'GET', });