Adding JWT secure flag.

- Couldn't add samesite due to isomorphic library.
- Couldn't add httponly, because the js needs it for calls.
- Fixes #389
This commit is contained in:
Dessalines 2021-09-18 17:52:02 -04:00
parent 9a26d4bbdf
commit 3bc43ae9b1
2 changed files with 6 additions and 2 deletions

View file

@ -37,9 +37,11 @@ export const httpBaseInternal = `http://${host}`; // Don't use secure here
export const httpBase = `http${secure}://${host}`;
export const wsUri = `ws${secure}://${wsHost}/api/v3/ws`;
export const pictrsUri = `${httpBase}/pictrs/image`;
export const isHttps = secure.endsWith("s");
console.log(`httpbase: ${httpBase}`);
console.log(`wsUri: ${wsUri}`);
console.log(`isHttps: ${isHttps}`);
// This is for html tags, don't include port
const httpExternalUri = `http${secure}://${externalHost.split(":")[0]}`;

View file

@ -3,6 +3,7 @@ import IsomorphicCookie from "isomorphic-cookie";
import jwt_decode from "jwt-decode";
import { LoginResponse, MyUserInfo } from "lemmy-js-client";
import { BehaviorSubject, Subject } from "rxjs";
import { isHttps } from "../env";
interface Claims {
sub: number;
@ -31,17 +32,18 @@ export class UserService {
public login(res: LoginResponse) {
let expires = new Date();
expires.setDate(expires.getDate() + 365);
IsomorphicCookie.save("jwt", res.jwt, { expires, secure: false });
IsomorphicCookie.save("jwt", res.jwt, { expires, secure: isHttps });
console.log("jwt cookie set");
this.setClaims(res.jwt);
}
public logout() {
IsomorphicCookie.remove("jwt");
this.claims = undefined;
this.myUserInfo = undefined;
// setTheme();
this.jwtSub.next("");
IsomorphicCookie.remove("jwt"); // TODO is sometimes unreliable for some reason
document.cookie = "jwt=; Max-Age=0; path=/; domain=" + location.host;
console.log("Logged out.");
}