Merge pull request #267 from HeyPuter/eric/session-fixes

session management fixes
2024-11-15 06:15:47 +00:00 · 2024-04-12 00:29:26 -04:00 · 2024-04-12 00:29:26 -04:00 · eb96dd952b
commit eb96dd952b
parent f4f58dbfb9 1da3a769c4
4 changed files with 19 additions and 2 deletions
--- a/packages/backend/src/middleware/auth2.js
+++ b/packages/backend/src/middleware/auth2.js
@ -63,8 +63,10 @@ const auth2 = async (req, res, next) => {

    if(!token) {
        APIError.create('token_missing').write(res);
+        return;
    } else if (typeof token !== 'string') {
        APIError.create('token_auth_failed').write(res);
+        return;
    } else {
        token = token.replace('Bearer ', '')
    }
--- a/packages/backend/src/routers/signup.js
+++ b/packages/backend/src/routers/signup.js
@ -71,6 +71,11 @@ module.exports = eggspress(['/signup'], {
        const { user, token } = await svc_auth.check_session(
            req.cookies[config.cookie_name]
        );
+        res.cookie(config.cookie_name, token, {
+            sameSite: 'none',
+            secure: true,
+            httpOnly: true,
+        });
        // const decoded = await jwt.verify(token, config.jwt_secret);
        // const user = await get_user({ uuid: decoded.uuid });
        if ( user ) {
--- a/packages/backend/src/services/auth/AuthService.js
+++ b/packages/backend/src/services/auth/AuthService.js
@ -240,7 +240,10 @@ class AuthService extends BaseService {
            [uuid],
        );

-        session.meta = JSON.parse(session.meta ?? {});
+        session.meta = this.db.case({
+            mysql: () => session.meta,
+            otherwise: () => JSON.parse(session.meta ?? "{}")
+        })();

        return session;
    }
@ -375,10 +378,13 @@ class AuthService extends BaseService {
        );

        sessions.forEach(session => {
+            session.meta = this.db.case({
+                mysql: () => session.meta,
+                otherwise: () => JSON.parse(session.meta ?? "{}")
+            })();
            if ( session.uuid === actor.type.session ) {
                session.current = true;
            }
-            session.meta = JSON.parse(session.meta ?? {});
        });

        return sessions;
--- a/src/UI/UIWindowManageSessions.js
+++ b/src/UI/UIWindowManageSessions.js
@ -87,6 +87,7 @@ const UIWindowManageSessions = async function UIWindowManageSessions () {
            const resp = await fetch(`${api_origin}/auth/revoke-session`, {
                method: 'POST',
                headers: {
+                    Authorization: `Bearer ${puter.authToken}`,
                    'Content-Type': 'application/json',
                },
                body: JSON.stringify({
@ -115,6 +116,9 @@ const UIWindowManageSessions = async function UIWindowManageSessions () {

    const reload_sessions = async () => {
        const resp = await fetch(`${api_origin}/auth/list-sessions`, {
+            headers: {
+                Authorization: `Bearer ${puter.authToken}`,
+            },
            method: 'GET',
        });