Adding some controls around cookies, expiring them when a 403 is hit.
This commit is contained in:
parent
a76964d12e
commit
6c58c90a7a
|
@ -1,3 +1,3 @@
|
|||
Cypress.Cookies.defaults({
|
||||
preserve: "budibase:builder:local",
|
||||
preserve: "budibase:auth",
|
||||
})
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
import { store } from "./index"
|
||||
import { get as svelteGet } from "svelte/store"
|
||||
import { removeCookie, Cookies } from "./cookies"
|
||||
|
||||
const apiCall = method => async (
|
||||
url,
|
||||
|
@ -8,11 +9,15 @@ const apiCall = method => async (
|
|||
) => {
|
||||
headers["x-budibase-app-id"] = svelteGet(store).appId
|
||||
const json = headers["Content-Type"] === "application/json"
|
||||
return await fetch(url, {
|
||||
const resp = await fetch(url, {
|
||||
method: method,
|
||||
body: json ? JSON.stringify(body) : body,
|
||||
headers,
|
||||
})
|
||||
if (resp.status === 403) {
|
||||
removeCookie(Cookies.Auth)
|
||||
}
|
||||
return resp
|
||||
}
|
||||
|
||||
export const post = apiCall("POST")
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
export const Cookies = {
|
||||
Auth: "budibase:auth",
|
||||
CurrentApp: "budibase:currentapp",
|
||||
}
|
||||
|
||||
export function getCookie(cookieName) {
|
||||
return document.cookie.split(";").some(cookie => {
|
||||
return cookie.trim().startsWith(`${cookieName}=`)
|
||||
})
|
||||
}
|
||||
|
||||
export function removeCookie(cookieName) {
|
||||
if (getCookie(cookieName)) {
|
||||
document.cookie = `${cookieName}=; Max-Age=-99999999;`
|
||||
}
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
import { writable, get } from "svelte/store"
|
||||
import { writable } from "svelte/store"
|
||||
import api from "../../builderStore/api"
|
||||
|
||||
async function checkAuth() {
|
||||
|
@ -14,7 +14,7 @@ export function createAuthStore() {
|
|||
|
||||
checkAuth()
|
||||
.then(user => set({ user }))
|
||||
.catch(err => set({ user: null }))
|
||||
.catch(() => set({ user: null }))
|
||||
|
||||
return {
|
||||
subscribe,
|
||||
|
@ -26,12 +26,12 @@ export function createAuthStore() {
|
|||
},
|
||||
logout: async () => {
|
||||
const response = await api.post(`/api/admin/auth/logout`)
|
||||
const json = await response.json()
|
||||
await response.json()
|
||||
set({ user: null })
|
||||
},
|
||||
createUser: async user => {
|
||||
const response = await api.post(`/api/admin/users`, user)
|
||||
const json = await response.json()
|
||||
await response.json()
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
|
@ -71,6 +71,7 @@ exports.authenticate = async ctx => {
|
|||
}
|
||||
|
||||
exports.fetchSelf = async ctx => {
|
||||
ctx.throw(403, "derp")
|
||||
const appId = ctx.appId
|
||||
const { userId } = ctx.user
|
||||
/* istanbul ignore next */
|
||||
|
|
|
@ -3,7 +3,6 @@ const controller = require("../controllers/auth")
|
|||
|
||||
const router = Router()
|
||||
|
||||
// TODO: needs removed
|
||||
router.get("/api/self", controller.fetchSelf)
|
||||
|
||||
module.exports = router
|
||||
|
|
Loading…
Reference in New Issue