Adding some controls around cookies, expiring them when a 403 is hit.

This commit is contained in:
mike12345567 2021-04-14 15:43:34 +01:00
parent a76964d12e
commit 6c58c90a7a
6 changed files with 28 additions and 7 deletions

View File

@ -1,3 +1,3 @@
Cypress.Cookies.defaults({
preserve: "budibase:builder:local",
preserve: "budibase:auth",
})

View File

@ -1,5 +1,6 @@
import { store } from "./index"
import { get as svelteGet } from "svelte/store"
import { removeCookie, Cookies } from "./cookies"
const apiCall = method => async (
url,
@ -8,11 +9,15 @@ const apiCall = method => async (
) => {
headers["x-budibase-app-id"] = svelteGet(store).appId
const json = headers["Content-Type"] === "application/json"
return await fetch(url, {
const resp = await fetch(url, {
method: method,
body: json ? JSON.stringify(body) : body,
headers,
})
if (resp.status === 403) {
removeCookie(Cookies.Auth)
}
return resp
}
export const post = apiCall("POST")

View File

@ -0,0 +1,16 @@
export const Cookies = {
Auth: "budibase:auth",
CurrentApp: "budibase:currentapp",
}
export function getCookie(cookieName) {
return document.cookie.split(";").some(cookie => {
return cookie.trim().startsWith(`${cookieName}=`)
})
}
export function removeCookie(cookieName) {
if (getCookie(cookieName)) {
document.cookie = `${cookieName}=; Max-Age=-99999999;`
}
}

View File

@ -1,4 +1,4 @@
import { writable, get } from "svelte/store"
import { writable } from "svelte/store"
import api from "../../builderStore/api"
async function checkAuth() {
@ -14,7 +14,7 @@ export function createAuthStore() {
checkAuth()
.then(user => set({ user }))
.catch(err => set({ user: null }))
.catch(() => set({ user: null }))
return {
subscribe,
@ -26,12 +26,12 @@ export function createAuthStore() {
},
logout: async () => {
const response = await api.post(`/api/admin/auth/logout`)
const json = await response.json()
await response.json()
set({ user: null })
},
createUser: async user => {
const response = await api.post(`/api/admin/users`, user)
const json = await response.json()
await response.json()
},
}
}

View File

@ -71,6 +71,7 @@ exports.authenticate = async ctx => {
}
exports.fetchSelf = async ctx => {
ctx.throw(403, "derp")
const appId = ctx.appId
const { userId } = ctx.user
/* istanbul ignore next */

View File

@ -3,7 +3,6 @@ const controller = require("../controllers/auth")
const router = Router()
// TODO: needs removed
router.get("/api/self", controller.fetchSelf)
module.exports = router