From eb203c7e629db7afeee7efcd9c837ae62ed44077 Mon Sep 17 00:00:00 2001 From: Cory McWilliams Date: Sun, 16 Jul 2023 22:03:47 +0000 Subject: [PATCH] Don't put a JWT in core.user. git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@4348 ed5197a5-7fde-0310-b194-c3ffbd925b24 --- core/app.js | 7 +++---- core/auth.js | 15 ++++++++++----- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/core/app.js b/core/app.js index 7ab625a4..9d9a4e0e 100644 --- a/core/app.js +++ b/core/app.js @@ -61,8 +61,7 @@ function socket(request, response, client) { let process; let options = {}; let credentials = auth.query(request.headers); - let refresh_token = credentials?.refresh?.token; - let refresh_interval = credentials?.refresh?.interval; + let refresh = auth.make_refresh(credentials); response.onClose = async function() { if (process && process.task) { @@ -198,9 +197,9 @@ function socket(request, response, client) { } } - if (refresh_token) { + if (refresh) { return { - 'Set-Cookie': `session=${refresh_token}; path=/; Max-Age=${refresh_interval}; Secure; SameSite=Strict`, + 'Set-Cookie': `session=${refresh.token}; path=/; Max-Age=${refresh.interval}; Secure; SameSite=Strict`, }; } } diff --git a/core/auth.js b/core/auth.js index 6ff9b61a..81fa51ba 100644 --- a/core/auth.js +++ b/core/auth.js @@ -260,12 +260,17 @@ function query(headers) { return { session: entry, permissions: autologin ? getPermissionsForUser(autologin) : getPermissions(session), - refresh: { - token: makeJwt({name: entry.name}), - interval: kRefreshInterval, - }, }; } } -export { handler, query }; +function make_refresh(credentials) { + if (credentials?.session?.name) { + return { + token: makeJwt({name: credentials.session.name}), + interval: kRefreshInterval, + }; + } +} + +export { handler, query, make_refresh };