Adding some controls around cookies, expiring them when a 403 is hit.
This commit is contained in:
parent
a76964d12e
commit
6c58c90a7a
|
@ -1,3 +1,3 @@
|
||||||
Cypress.Cookies.defaults({
|
Cypress.Cookies.defaults({
|
||||||
preserve: "budibase:builder:local",
|
preserve: "budibase:auth",
|
||||||
})
|
})
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import { store } from "./index"
|
import { store } from "./index"
|
||||||
import { get as svelteGet } from "svelte/store"
|
import { get as svelteGet } from "svelte/store"
|
||||||
|
import { removeCookie, Cookies } from "./cookies"
|
||||||
|
|
||||||
const apiCall = method => async (
|
const apiCall = method => async (
|
||||||
url,
|
url,
|
||||||
|
@ -8,11 +9,15 @@ const apiCall = method => async (
|
||||||
) => {
|
) => {
|
||||||
headers["x-budibase-app-id"] = svelteGet(store).appId
|
headers["x-budibase-app-id"] = svelteGet(store).appId
|
||||||
const json = headers["Content-Type"] === "application/json"
|
const json = headers["Content-Type"] === "application/json"
|
||||||
return await fetch(url, {
|
const resp = await fetch(url, {
|
||||||
method: method,
|
method: method,
|
||||||
body: json ? JSON.stringify(body) : body,
|
body: json ? JSON.stringify(body) : body,
|
||||||
headers,
|
headers,
|
||||||
})
|
})
|
||||||
|
if (resp.status === 403) {
|
||||||
|
removeCookie(Cookies.Auth)
|
||||||
|
}
|
||||||
|
return resp
|
||||||
}
|
}
|
||||||
|
|
||||||
export const post = apiCall("POST")
|
export const post = apiCall("POST")
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
export const Cookies = {
|
||||||
|
Auth: "budibase:auth",
|
||||||
|
CurrentApp: "budibase:currentapp",
|
||||||
|
}
|
||||||
|
|
||||||
|
export function getCookie(cookieName) {
|
||||||
|
return document.cookie.split(";").some(cookie => {
|
||||||
|
return cookie.trim().startsWith(`${cookieName}=`)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
export function removeCookie(cookieName) {
|
||||||
|
if (getCookie(cookieName)) {
|
||||||
|
document.cookie = `${cookieName}=; Max-Age=-99999999;`
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
import { writable, get } from "svelte/store"
|
import { writable } from "svelte/store"
|
||||||
import api from "../../builderStore/api"
|
import api from "../../builderStore/api"
|
||||||
|
|
||||||
async function checkAuth() {
|
async function checkAuth() {
|
||||||
|
@ -14,7 +14,7 @@ export function createAuthStore() {
|
||||||
|
|
||||||
checkAuth()
|
checkAuth()
|
||||||
.then(user => set({ user }))
|
.then(user => set({ user }))
|
||||||
.catch(err => set({ user: null }))
|
.catch(() => set({ user: null }))
|
||||||
|
|
||||||
return {
|
return {
|
||||||
subscribe,
|
subscribe,
|
||||||
|
@ -26,12 +26,12 @@ export function createAuthStore() {
|
||||||
},
|
},
|
||||||
logout: async () => {
|
logout: async () => {
|
||||||
const response = await api.post(`/api/admin/auth/logout`)
|
const response = await api.post(`/api/admin/auth/logout`)
|
||||||
const json = await response.json()
|
await response.json()
|
||||||
set({ user: null })
|
set({ user: null })
|
||||||
},
|
},
|
||||||
createUser: async user => {
|
createUser: async user => {
|
||||||
const response = await api.post(`/api/admin/users`, user)
|
const response = await api.post(`/api/admin/users`, user)
|
||||||
const json = await response.json()
|
await response.json()
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -71,6 +71,7 @@ exports.authenticate = async ctx => {
|
||||||
}
|
}
|
||||||
|
|
||||||
exports.fetchSelf = async ctx => {
|
exports.fetchSelf = async ctx => {
|
||||||
|
ctx.throw(403, "derp")
|
||||||
const appId = ctx.appId
|
const appId = ctx.appId
|
||||||
const { userId } = ctx.user
|
const { userId } = ctx.user
|
||||||
/* istanbul ignore next */
|
/* istanbul ignore next */
|
||||||
|
|
|
@ -3,7 +3,6 @@ const controller = require("../controllers/auth")
|
||||||
|
|
||||||
const router = Router()
|
const router = Router()
|
||||||
|
|
||||||
// TODO: needs removed
|
|
||||||
router.get("/api/self", controller.fetchSelf)
|
router.get("/api/self", controller.fetchSelf)
|
||||||
|
|
||||||
module.exports = router
|
module.exports = router
|
||||||
|
|
Loading…
Reference in New Issue