1
0
mirror of https://github.com/stonith404/pingvin-share.git synced 2024-11-15 03:50:11 +01:00

fix: enable secure cookies if app url starts with https

This commit is contained in:
Elias Schneider 2024-09-24 12:21:41 +02:00
parent ee73293c0f
commit 69752b8b41
No known key found for this signature in database
GPG Key ID: 07E623B294202B6C
3 changed files with 22 additions and 3 deletions

View File

@ -173,11 +173,17 @@ export class AuthController {
@Res({ passthrough: true }) response: Response, @Res({ passthrough: true }) response: Response,
) { ) {
await this.authService.signOut(request.cookies.access_token); await this.authService.signOut(request.cookies.access_token);
response.cookie("access_token", "accessToken", { maxAge: -1 });
const isSecure = this.config.get("general.appUrl").startsWith("https");
response.cookie("access_token", "accessToken", {
maxAge: -1,
secure: isSecure,
});
response.cookie("refresh_token", "", { response.cookie("refresh_token", "", {
path: "/api/auth/token", path: "/api/auth/token",
httpOnly: true, httpOnly: true,
maxAge: -1, maxAge: -1,
secure: isSecure,
}); });
} }

View File

@ -272,9 +272,11 @@ export class AuthService {
refreshToken?: string, refreshToken?: string,
accessToken?: string, accessToken?: string,
) { ) {
const isSecure = this.config.get("general.appUrl").startsWith("https");
if (accessToken) if (accessToken)
response.cookie("access_token", accessToken, { response.cookie("access_token", accessToken, {
sameSite: "lax", sameSite: "lax",
secure: isSecure,
maxAge: 1000 * 60 * 60 * 24 * 30 * 3, // 3 months maxAge: 1000 * 60 * 60 * 24 * 30 * 3, // 3 months
}); });
if (refreshToken) if (refreshToken)
@ -282,6 +284,7 @@ export class AuthService {
path: "/api/auth/token", path: "/api/auth/token",
httpOnly: true, httpOnly: true,
sameSite: "strict", sameSite: "strict",
secure: isSecure,
maxAge: 1000 * 60 * 60 * this.config.get("general.sessionDuration"), maxAge: 1000 * 60 * 60 * this.config.get("general.sessionDuration"),
}); });
} }

View File

@ -19,10 +19,14 @@ import { UpdateOwnUserDTO } from "./dto/updateOwnUser.dto";
import { UpdateUserDto } from "./dto/updateUser.dto"; import { UpdateUserDto } from "./dto/updateUser.dto";
import { UserDTO } from "./dto/user.dto"; import { UserDTO } from "./dto/user.dto";
import { UserSevice } from "./user.service"; import { UserSevice } from "./user.service";
import { ConfigService } from "../config/config.service";
@Controller("users") @Controller("users")
export class UserController { export class UserController {
constructor(private userService: UserSevice) {} constructor(
private userService: UserSevice,
private config: ConfigService,
) {}
// Own user operations // Own user operations
@Get("me") @Get("me")
@ -49,11 +53,17 @@ export class UserController {
@GetUser() user: User, @GetUser() user: User,
@Res({ passthrough: true }) response: Response, @Res({ passthrough: true }) response: Response,
) { ) {
response.cookie("access_token", "accessToken", { maxAge: -1 }); const isSecure = this.config.get("general.appUrl").startsWith("https");
response.cookie("access_token", "accessToken", {
maxAge: -1,
secure: isSecure,
});
response.cookie("refresh_token", "", { response.cookie("refresh_token", "", {
path: "/api/auth/token", path: "/api/auth/token",
httpOnly: true, httpOnly: true,
maxAge: -1, maxAge: -1,
secure: isSecure,
}); });
return new UserDTO().from(await this.userService.delete(user.id)); return new UserDTO().from(await this.userService.delete(user.id));
} }