mirror of
https://github.com/stonith404/pingvin-share.git
synced 2024-11-15 03:50:11 +01:00
fix: enable secure cookies if app url starts with https
This commit is contained in:
parent
ee73293c0f
commit
69752b8b41
@ -173,11 +173,17 @@ export class AuthController {
|
|||||||
@Res({ passthrough: true }) response: Response,
|
@Res({ passthrough: true }) response: Response,
|
||||||
) {
|
) {
|
||||||
await this.authService.signOut(request.cookies.access_token);
|
await this.authService.signOut(request.cookies.access_token);
|
||||||
response.cookie("access_token", "accessToken", { maxAge: -1 });
|
|
||||||
|
const isSecure = this.config.get("general.appUrl").startsWith("https");
|
||||||
|
response.cookie("access_token", "accessToken", {
|
||||||
|
maxAge: -1,
|
||||||
|
secure: isSecure,
|
||||||
|
});
|
||||||
response.cookie("refresh_token", "", {
|
response.cookie("refresh_token", "", {
|
||||||
path: "/api/auth/token",
|
path: "/api/auth/token",
|
||||||
httpOnly: true,
|
httpOnly: true,
|
||||||
maxAge: -1,
|
maxAge: -1,
|
||||||
|
secure: isSecure,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -272,9 +272,11 @@ export class AuthService {
|
|||||||
refreshToken?: string,
|
refreshToken?: string,
|
||||||
accessToken?: string,
|
accessToken?: string,
|
||||||
) {
|
) {
|
||||||
|
const isSecure = this.config.get("general.appUrl").startsWith("https");
|
||||||
if (accessToken)
|
if (accessToken)
|
||||||
response.cookie("access_token", accessToken, {
|
response.cookie("access_token", accessToken, {
|
||||||
sameSite: "lax",
|
sameSite: "lax",
|
||||||
|
secure: isSecure,
|
||||||
maxAge: 1000 * 60 * 60 * 24 * 30 * 3, // 3 months
|
maxAge: 1000 * 60 * 60 * 24 * 30 * 3, // 3 months
|
||||||
});
|
});
|
||||||
if (refreshToken)
|
if (refreshToken)
|
||||||
@ -282,6 +284,7 @@ export class AuthService {
|
|||||||
path: "/api/auth/token",
|
path: "/api/auth/token",
|
||||||
httpOnly: true,
|
httpOnly: true,
|
||||||
sameSite: "strict",
|
sameSite: "strict",
|
||||||
|
secure: isSecure,
|
||||||
maxAge: 1000 * 60 * 60 * this.config.get("general.sessionDuration"),
|
maxAge: 1000 * 60 * 60 * this.config.get("general.sessionDuration"),
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -19,10 +19,14 @@ import { UpdateOwnUserDTO } from "./dto/updateOwnUser.dto";
|
|||||||
import { UpdateUserDto } from "./dto/updateUser.dto";
|
import { UpdateUserDto } from "./dto/updateUser.dto";
|
||||||
import { UserDTO } from "./dto/user.dto";
|
import { UserDTO } from "./dto/user.dto";
|
||||||
import { UserSevice } from "./user.service";
|
import { UserSevice } from "./user.service";
|
||||||
|
import { ConfigService } from "../config/config.service";
|
||||||
|
|
||||||
@Controller("users")
|
@Controller("users")
|
||||||
export class UserController {
|
export class UserController {
|
||||||
constructor(private userService: UserSevice) {}
|
constructor(
|
||||||
|
private userService: UserSevice,
|
||||||
|
private config: ConfigService,
|
||||||
|
) {}
|
||||||
|
|
||||||
// Own user operations
|
// Own user operations
|
||||||
@Get("me")
|
@Get("me")
|
||||||
@ -49,11 +53,17 @@ export class UserController {
|
|||||||
@GetUser() user: User,
|
@GetUser() user: User,
|
||||||
@Res({ passthrough: true }) response: Response,
|
@Res({ passthrough: true }) response: Response,
|
||||||
) {
|
) {
|
||||||
response.cookie("access_token", "accessToken", { maxAge: -1 });
|
const isSecure = this.config.get("general.appUrl").startsWith("https");
|
||||||
|
|
||||||
|
response.cookie("access_token", "accessToken", {
|
||||||
|
maxAge: -1,
|
||||||
|
secure: isSecure,
|
||||||
|
});
|
||||||
response.cookie("refresh_token", "", {
|
response.cookie("refresh_token", "", {
|
||||||
path: "/api/auth/token",
|
path: "/api/auth/token",
|
||||||
httpOnly: true,
|
httpOnly: true,
|
||||||
maxAge: -1,
|
maxAge: -1,
|
||||||
|
secure: isSecure,
|
||||||
});
|
});
|
||||||
return new UserDTO().from(await this.userService.delete(user.id));
|
return new UserDTO().from(await this.userService.delete(user.id));
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user