Adding JWT secure flag.

- Couldn't add samesite due to isomorphic library.
- Couldn't add httponly, because the js needs it for calls.
- Fixes #389
This commit is contained in:
Dessalines 2021-09-18 17:52:02 -04:00
parent 9a26d4bbdf
commit 3bc43ae9b1
2 changed files with 6 additions and 2 deletions

View file

@ -37,9 +37,11 @@ export const httpBaseInternal = `http://${host}`; // Don't use secure here
export const httpBase = `http${secure}://${host}`; export const httpBase = `http${secure}://${host}`;
export const wsUri = `ws${secure}://${wsHost}/api/v3/ws`; export const wsUri = `ws${secure}://${wsHost}/api/v3/ws`;
export const pictrsUri = `${httpBase}/pictrs/image`; export const pictrsUri = `${httpBase}/pictrs/image`;
export const isHttps = secure.endsWith("s");
console.log(`httpbase: ${httpBase}`); console.log(`httpbase: ${httpBase}`);
console.log(`wsUri: ${wsUri}`); console.log(`wsUri: ${wsUri}`);
console.log(`isHttps: ${isHttps}`);
// This is for html tags, don't include port // This is for html tags, don't include port
const httpExternalUri = `http${secure}://${externalHost.split(":")[0]}`; const httpExternalUri = `http${secure}://${externalHost.split(":")[0]}`;

View file

@ -3,6 +3,7 @@ import IsomorphicCookie from "isomorphic-cookie";
import jwt_decode from "jwt-decode"; import jwt_decode from "jwt-decode";
import { LoginResponse, MyUserInfo } from "lemmy-js-client"; import { LoginResponse, MyUserInfo } from "lemmy-js-client";
import { BehaviorSubject, Subject } from "rxjs"; import { BehaviorSubject, Subject } from "rxjs";
import { isHttps } from "../env";
interface Claims { interface Claims {
sub: number; sub: number;
@ -31,17 +32,18 @@ export class UserService {
public login(res: LoginResponse) { public login(res: LoginResponse) {
let expires = new Date(); let expires = new Date();
expires.setDate(expires.getDate() + 365); expires.setDate(expires.getDate() + 365);
IsomorphicCookie.save("jwt", res.jwt, { expires, secure: false }); IsomorphicCookie.save("jwt", res.jwt, { expires, secure: isHttps });
console.log("jwt cookie set"); console.log("jwt cookie set");
this.setClaims(res.jwt); this.setClaims(res.jwt);
} }
public logout() { public logout() {
IsomorphicCookie.remove("jwt");
this.claims = undefined; this.claims = undefined;
this.myUserInfo = undefined; this.myUserInfo = undefined;
// setTheme(); // setTheme();
this.jwtSub.next(""); this.jwtSub.next("");
IsomorphicCookie.remove("jwt"); // TODO is sometimes unreliable for some reason
document.cookie = "jwt=; Max-Age=0; path=/; domain=" + location.host;
console.log("Logged out."); console.log("Logged out.");
} }