Alex/GoMembership
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

frontend fix: Cookie passthrough

Browse Source
This commit is contained in:
$(pass /github/name)
2024-09-20 08:39:47 +02:00
parent 43a039ae91
commit e0cc893493
2 changed files with 25 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
frontend/src/routes/auth/login/+page.server.js
View File

@@ -61,27 +61,21 @@ export const actions = {
const responseBody = await res.json(); const responseBody = await res.json();
console.log("Login response body:", responseBody); console.log("Login response body:", responseBody);
// Check for the cookie in the response headers // Extract the JWT from the response headers
const setCookieHeader = res.headers.get("set-cookie"); const setCookieHeader = res.headers.get("set-cookie");
console.log("Set-Cookie header:", setCookieHeader);
if (setCookieHeader) { if (setCookieHeader) {
// Parse the Set-Cookie header to get the JWT const jwtMatch = setCookieHeader.match(/jwt=([^;]+)/);
const jwtCookie = setCookieHeader.split(";")[0]; if (jwtMatch) {
const [cookieName, cookieValue] = jwtCookie.split("="); const jwtValue = jwtMatch[1];
if (cookieName.trim() === "jwt") { // Set the cookie for the client
console.log("JWT cookie found in response"); cookies.set("jwt", jwtValue, {
cookies.set("jwt", cookieValue.trim(), {
path: "/", path: "/",
httpOnly: true, httpOnly: true,
sameSite: "strict", secure: process.env.NODE_ENV === "production", // Secure in production
secure: process.env.NODE_ENV === "production", sameSite: "lax",
maxAge: 5 * 24 * 60 * 60, // 5 days in seconds
}); });
} else {
console.log("JWT cookie not found in response");
} }
} else {
console.log("No Set-Cookie header in response");
} }
console.log("Redirecting to:", next || "/"); console.log("Redirecting to:", next || "/");

17
frontend/src/routes/auth/logout/+page.server.js
View File

@@ -5,7 +5,7 @@ import { fail, redirect } from "@sveltejs/kit";
export async function load({ locals }) { export async function load({ locals }) {
// redirect user if not logged in // redirect user if not logged in
if (!locals.user) { if (!locals.user) {
throw redirect(302, `/auth/login?next=/auth/logout`); throw redirect(302, `/auth/login?next=/`);
} }
} }
@@ -34,9 +34,24 @@ export const actions = {
return fail(400, { errors: errors }); return fail(400, { errors: errors });
} }
// The server should clear the cookie, so we don't need to handle it here
// eat the cookie // eat the cookie
cookies.delete("jwt", { path: "/" }); cookies.delete("jwt", { path: "/" });
// The server should clear the cookie, so we don't need to handle it here
// Just check if the cookie is cleared in the response
const setCookieHeader = res.headers.get("set-cookie");
if (!setCookieHeader || !setCookieHeader.includes("jwt=;")) {
console.error("JWT cookie not cleared in response");
return fail(500, {
errors: [
{
error: "Server error: Failed to clear authentication token",
id: Date.now(),
},
],
});
}
// redirect the user // redirect the user
throw redirect(302, "/auth/login"); throw redirect(302, "/auth/login");
}, },