From a8d50223aabe0e75e6c0f7ccd77305df0837ac09 Mon Sep 17 00:00:00 2001 From: Balu Babu Date: Mon, 30 Jan 2023 06:31:10 +0530 Subject: [PATCH] refactor: changed auth module to work with signed cookies --- packages/hoppscotch-backend/.env.example | 5 +++-- packages/hoppscotch-backend/prisma/schema.prisma | 3 +-- .../hoppscotch-backend/src/auth/strategies/jwt.strategy.ts | 2 +- .../src/auth/strategies/rt-jwt.strategy.ts | 2 +- .../hoppscotch-backend/src/decorators/rt-cookie.decorator.ts | 2 +- packages/hoppscotch-backend/src/main.ts | 2 +- packages/hoppscotch-backend/src/utils.ts | 2 ++ 7 files changed, 10 insertions(+), 8 deletions(-) diff --git a/packages/hoppscotch-backend/.env.example b/packages/hoppscotch-backend/.env.example index 78700ecaf..d9171f1cb 100644 --- a/packages/hoppscotch-backend/.env.example +++ b/packages/hoppscotch-backend/.env.example @@ -6,6 +6,7 @@ POSTMARK_SERVER_TOKEN=************************************************" POSTMARK_SENDER_EMAIL=************************************************" # Auth Tokens Config +SIGNED_COOKIE_SECRET='add some secret here' JWT_SECRET='add some secret here' REFRESH_TOKEN_VALIDITY="604800000" # Default validity is 7 days ACCESS_TOKEN_VALIDITY="120000" # Default validity is 1 day @@ -13,13 +14,13 @@ ACCESS_TOKEN_VALIDITY="120000" # Default validity is 1 day # Hoppscotch App Domain Config APP_DOMAIN="************************************************"" REDIRECT_URL="************************************************"" -WHITELISTED_ORIGINS ="************************************************" +WHITELISTED_ORIGINS="************************************************" # Google Auth Config GOOGLE_CLIENT_ID="************************************************" GOOGLE_CLIENT_SECRET="************************************************" GOOGLE_CALLBACK_URL="************************************************" -GOOGLE_SCOPE= ['email', 'profile'], +GOOGLE_SCOPE="['email', 'profile']," # Github Auth Config GITHUB_CLIENT_ID="************************************************" diff --git a/packages/hoppscotch-backend/prisma/schema.prisma b/packages/hoppscotch-backend/prisma/schema.prisma index b42205a69..d554f21cd 100644 --- a/packages/hoppscotch-backend/prisma/schema.prisma +++ b/packages/hoppscotch-backend/prisma/schema.prisma @@ -98,6 +98,7 @@ model User { model Account { id String @id @default(cuid()) userId String + user User @relation(fields: [userId], references: [uid], onDelete: Cascade) provider String providerAccountId String providerRefreshToken String? @@ -105,8 +106,6 @@ model Account { providerScope String? loggedIn DateTime @default(now()) @db.Timestamp(3) - user User @relation(fields: [userId], references: [uid], onDelete: Cascade) - @@unique(fields: [provider, providerAccountId], name: "verifyProviderAccount") } diff --git a/packages/hoppscotch-backend/src/auth/strategies/jwt.strategy.ts b/packages/hoppscotch-backend/src/auth/strategies/jwt.strategy.ts index d589e82c5..82c2ca735 100644 --- a/packages/hoppscotch-backend/src/auth/strategies/jwt.strategy.ts +++ b/packages/hoppscotch-backend/src/auth/strategies/jwt.strategy.ts @@ -22,7 +22,7 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') { super({ jwtFromRequest: ExtractJwt.fromExtractors([ (request: Request) => { - const ATCookie = request.cookies['access_token']; + const ATCookie = request.signedCookies['access_token']; if (!ATCookie) { throw new ForbiddenException(COOKIES_NOT_FOUND); } diff --git a/packages/hoppscotch-backend/src/auth/strategies/rt-jwt.strategy.ts b/packages/hoppscotch-backend/src/auth/strategies/rt-jwt.strategy.ts index 669fbb170..ae6e96c3c 100644 --- a/packages/hoppscotch-backend/src/auth/strategies/rt-jwt.strategy.ts +++ b/packages/hoppscotch-backend/src/auth/strategies/rt-jwt.strategy.ts @@ -21,7 +21,7 @@ export class RTJwtStrategy extends PassportStrategy(Strategy, 'jwt-refresh') { super({ jwtFromRequest: ExtractJwt.fromExtractors([ (request: Request) => { - const RTCookie = request.cookies['refresh_token']; + const RTCookie = request.signedCookies['refresh_token']; if (!RTCookie) { throw new ForbiddenException(COOKIES_NOT_FOUND); } diff --git a/packages/hoppscotch-backend/src/decorators/rt-cookie.decorator.ts b/packages/hoppscotch-backend/src/decorators/rt-cookie.decorator.ts index 88a9f7414..91dc30466 100644 --- a/packages/hoppscotch-backend/src/decorators/rt-cookie.decorator.ts +++ b/packages/hoppscotch-backend/src/decorators/rt-cookie.decorator.ts @@ -4,6 +4,6 @@ import { GqlExecutionContext } from '@nestjs/graphql'; export const RTCookie = createParamDecorator( (data: unknown, context: ExecutionContext) => { const ctx = GqlExecutionContext.create(context); - return ctx.getContext().req.cookies['refresh_token']; + return ctx.getContext().req.signedCookies['refresh_token']; }, ); diff --git a/packages/hoppscotch-backend/src/main.ts b/packages/hoppscotch-backend/src/main.ts index 9585f2c21..ed5f1bba3 100644 --- a/packages/hoppscotch-backend/src/main.ts +++ b/packages/hoppscotch-backend/src/main.ts @@ -31,7 +31,7 @@ async function bootstrap() { origin: true, }); } - app.use(cookieParser()); + app.use(cookieParser(process.env.SIGNED_COOKIE_SECRET)); await app.listen(process.env.PORT || 3170); } bootstrap(); diff --git a/packages/hoppscotch-backend/src/utils.ts b/packages/hoppscotch-backend/src/utils.ts index 99a1d047b..af611a6ef 100644 --- a/packages/hoppscotch-backend/src/utils.ts +++ b/packages/hoppscotch-backend/src/utils.ts @@ -164,12 +164,14 @@ export const authCookieHandler = ( secure: true, sameSite: 'lax', maxAge: accessTokenValidity, + signed: true, }); res.cookie('refresh_token', authTokens.refresh_token, { httpOnly: true, secure: true, sameSite: 'lax', maxAge: refreshTokenValidity, + signed: true, }); if (redirect) { res.status(HttpStatus.OK).redirect(process.env.REDIRECT_URL);