Alex/GoMembership
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

frontend fix: Cookie passthrough

Browse Source
This commit is contained in:
$(pass /github/name)
2024-09-20 08:39:47 +02:00
parent 43a039ae91
commit e0cc893493
2 changed files with 25 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
frontend/src/routes/auth/login/+page.server.js
View File

@@ -61,27 +61,21 @@ export const actions = {
const responseBody = await res.json();
console.log("Login response body:", responseBody);
// Check for the cookie in the response headers
// Extract the JWT from the response headers
const setCookieHeader = res.headers.get("set-cookie");
console.log("Set-Cookie header:", setCookieHeader);
if (setCookieHeader) {
// Parse the Set-Cookie header to get the JWT
const jwtCookie = setCookieHeader.split(";")[0];
const [cookieName, cookieValue] = jwtCookie.split("=");
if (cookieName.trim() === "jwt") {
console.log("JWT cookie found in response");
cookies.set("jwt", cookieValue.trim(), {
const jwtMatch = setCookieHeader.match(/jwt=([^;]+)/);
if (jwtMatch) {
const jwtValue = jwtMatch[1];
// Set the cookie for the client
cookies.set("jwt", jwtValue, {
path: "/",
httpOnly: true,
sameSite: "strict",
secure: process.env.NODE_ENV === "production",
secure: process.env.NODE_ENV === "production", // Secure in production
sameSite: "lax",
maxAge: 5 * 24 * 60 * 60, // 5 days in seconds
});
} else {
console.log("JWT cookie not found in response");
}
} else {
console.log("No Set-Cookie header in response");
}
console.log("Redirecting to:", next || "/");

17
frontend/src/routes/auth/logout/+page.server.js
View File

@@ -5,7 +5,7 @@ import { fail, redirect } from "@sveltejs/kit";
export async function load({ locals }) {
// redirect user if not logged in
if (!locals.user) {
throw redirect(302, `/auth/login?next=/auth/logout`);
throw redirect(302, `/auth/login?next=/`);
}
}
@@ -34,9 +34,24 @@ export const actions = {
return fail(400, { errors: errors });
}
// The server should clear the cookie, so we don't need to handle it here
// eat the cookie
cookies.delete("jwt", { path: "/" });
// The server should clear the cookie, so we don't need to handle it here
// Just check if the cookie is cleared in the response
const setCookieHeader = res.headers.get("set-cookie");
if (!setCookieHeader || !setCookieHeader.includes("jwt=;")) {
console.error("JWT cookie not cleared in response");
return fail(500, {
errors: [
{
error: "Server error: Failed to clear authentication token",
id: Date.now(),
},
],
});
}
// redirect the user
throw redirect(302, "/auth/login");
},