Adding some controls around cookies, expiring them when a 403 is hit.

This commit is contained in:
mike12345567 2021-04-14 15:43:34 +01:00
parent a76964d12e
commit 6c58c90a7a
6 changed files with 28 additions and 7 deletions

View File

@ -1,3 +1,3 @@
Cypress.Cookies.defaults({ Cypress.Cookies.defaults({
preserve: "budibase:builder:local", preserve: "budibase:auth",
}) })

View File

@ -1,5 +1,6 @@
import { store } from "./index" import { store } from "./index"
import { get as svelteGet } from "svelte/store" import { get as svelteGet } from "svelte/store"
import { removeCookie, Cookies } from "./cookies"
const apiCall = method => async ( const apiCall = method => async (
url, url,
@ -8,11 +9,15 @@ const apiCall = method => async (
) => { ) => {
headers["x-budibase-app-id"] = svelteGet(store).appId headers["x-budibase-app-id"] = svelteGet(store).appId
const json = headers["Content-Type"] === "application/json" const json = headers["Content-Type"] === "application/json"
return await fetch(url, { const resp = await fetch(url, {
method: method, method: method,
body: json ? JSON.stringify(body) : body, body: json ? JSON.stringify(body) : body,
headers, headers,
}) })
if (resp.status === 403) {
removeCookie(Cookies.Auth)
}
return resp
} }
export const post = apiCall("POST") export const post = apiCall("POST")

View File

@ -0,0 +1,16 @@
export const Cookies = {
Auth: "budibase:auth",
CurrentApp: "budibase:currentapp",
}
export function getCookie(cookieName) {
return document.cookie.split(";").some(cookie => {
return cookie.trim().startsWith(`${cookieName}=`)
})
}
export function removeCookie(cookieName) {
if (getCookie(cookieName)) {
document.cookie = `${cookieName}=; Max-Age=-99999999;`
}
}

View File

@ -1,4 +1,4 @@
import { writable, get } from "svelte/store" import { writable } from "svelte/store"
import api from "../../builderStore/api" import api from "../../builderStore/api"
async function checkAuth() { async function checkAuth() {
@ -14,7 +14,7 @@ export function createAuthStore() {
checkAuth() checkAuth()
.then(user => set({ user })) .then(user => set({ user }))
.catch(err => set({ user: null })) .catch(() => set({ user: null }))
return { return {
subscribe, subscribe,
@ -26,12 +26,12 @@ export function createAuthStore() {
}, },
logout: async () => { logout: async () => {
const response = await api.post(`/api/admin/auth/logout`) const response = await api.post(`/api/admin/auth/logout`)
const json = await response.json() await response.json()
set({ user: null }) set({ user: null })
}, },
createUser: async user => { createUser: async user => {
const response = await api.post(`/api/admin/users`, user) const response = await api.post(`/api/admin/users`, user)
const json = await response.json() await response.json()
}, },
} }
} }

View File

@ -71,6 +71,7 @@ exports.authenticate = async ctx => {
} }
exports.fetchSelf = async ctx => { exports.fetchSelf = async ctx => {
ctx.throw(403, "derp")
const appId = ctx.appId const appId = ctx.appId
const { userId } = ctx.user const { userId } = ctx.user
/* istanbul ignore next */ /* istanbul ignore next */

View File

@ -3,7 +3,6 @@ const controller = require("../controllers/auth")
const router = Router() const router = Router()
// TODO: needs removed
router.get("/api/self", controller.fetchSelf) router.get("/api/self", controller.fetchSelf)
module.exports = router module.exports = router