From 04f7ee2a1e9bd1b3d8dd7df50d02f278266b9138 Mon Sep 17 00:00:00 2001 From: Daniel Rivers Date: Wed, 21 Feb 2024 10:26:42 +0000 Subject: [PATCH] fix: Cookie settings and code clean --- src/session/sessionManager.js | 75 +++++++++++------------ src/utils/appRouter/setVerifierCookie.js | 6 +- src/utils/pageRouter/setVerifierCookie.js | 6 +- 3 files changed, 44 insertions(+), 43 deletions(-) diff --git a/src/session/sessionManager.js b/src/session/sessionManager.js index 0579fbc..f9fed4b 100644 --- a/src/session/sessionManager.js +++ b/src/session/sessionManager.js @@ -4,6 +4,23 @@ import {config} from '../config/index'; var cookie = require('cookie'); +export const GLOBAL_COOKIE_OPTIONS = { + sameSite: 'lax', + httpOnly: true, + secure: process.env.NODE_ENV === 'production', + path: '/', +} + +const COOKIE_LIST = [ + 'id_token_payload', + 'id_token', + 'access_token_payload', + 'access_token', + 'user', + 'refresh_token', + 'post_login_redirect_url' +] + /** * * @param {import('next').NextApiRequest} [req] @@ -54,7 +71,10 @@ export const appRouterSessionManager = (cookieStore) => ({ cookieStore.set( itemKey, typeof itemValue === 'object' ? JSON.stringify(itemValue) : itemValue, - {domain: config.cookieDomain ? config.cookieDomain : undefined} + { + domain: config.cookieDomain ? config.cookieDomain : undefined, + ...GLOBAL_COOKIE_OPTIONS + } ); } }, @@ -66,25 +86,19 @@ export const appRouterSessionManager = (cookieStore) => ({ removeSessionItem: (itemKey) => { cookieStore.set(itemKey, '', { domain: config.cookieDomain ? config.cookieDomain : undefined, - maxAge: 0 + maxAge: 0, + ...GLOBAL_COOKIE_OPTIONS }); }, /** * @returns {Promise} */ destroySession: () => { - [ - 'id_token_payload', - 'id_token', - 'access_token_payload', - 'access_token', - 'user', - 'refresh_token', - 'post_login_redirect_url' - ].forEach((name) => + COOKIE_LIST.forEach((name) => cookieStore.set(name, '', { domain: config.cookieDomain ? config.cookieDomain : undefined, - maxAge: 0 + maxAge: 0, + ...GLOBAL_COOKIE_OPTIONS }) ); } @@ -137,7 +151,7 @@ export const pageRouterSessionManager = (req, res) => { typeof itemValue === 'object' ? JSON.stringify(itemValue) : itemValue, { domain: config.cookieDomain ? config.cookieDomain : undefined, - path: '/' + ...GLOBAL_COOKIE_OPTIONS } ) ]); @@ -151,8 +165,8 @@ export const pageRouterSessionManager = (req, res) => { res?.setHeader('Set-Cookie', [ cookie.serialize(itemKey, '', { domain: config.cookieDomain ? config.cookieDomain : undefined, - path: '/', - maxAge: -1 + maxAge: -1, + ...GLOBAL_COOKIE_OPTIONS }) ]); @@ -160,43 +174,28 @@ export const pageRouterSessionManager = (req, res) => { res?.setHeader('Set-Cookie', [ cookie.serialize(itemKey, '', { path: '/', - maxAge: -1 + maxAge: -1, + ...GLOBAL_COOKIE_OPTIONS }) ]); }, destroySession: () => { res?.setHeader('Set-Cookie', [ - ...[ - 'id_token_payload', - 'id_token', - 'access_token_payload', - 'access_token', - 'user', - 'refresh_token', - 'post_login_redirect_url' - ].map((name) => + ...COOKIE_LIST.map((name) => cookie.serialize(name, '', { domain: config.cookieDomain ? config.cookieDomain : undefined, - path: '/', - maxAge: -1 + maxAge: -1, + ...GLOBAL_COOKIE_OPTIONS }) ) ]); // remove cookies from the root domain res?.setHeader('Set-Cookie', [ - ...[ - 'id_token_payload', - 'id_token', - 'access_token_payload', - 'access_token', - 'user', - 'refresh_token', - 'post_login_redirect_url' - ].map((name) => + ...COOKIE_LIST.map((name) => cookie.serialize(name, '', { - path: '/', - maxAge: -1 + maxAge: -1, + ...GLOBAL_COOKIE_OPTIONS }) ) ]); diff --git a/src/utils/appRouter/setVerifierCookie.js b/src/utils/appRouter/setVerifierCookie.js index cd07040..b2469d5 100644 --- a/src/utils/appRouter/setVerifierCookie.js +++ b/src/utils/appRouter/setVerifierCookie.js @@ -1,12 +1,12 @@ import {config} from '../../config/index'; import {cookies} from 'next/headers'; +import { GLOBAL_COOKIE_OPTIONS } from '../../session/sessionManager'; export const setVerifierCookie = (state, code_verifier, options) => { cookies().set({ name: `${config.SESSION_PREFIX}-${state}`, value: JSON.stringify({code_verifier, options}), - httpOnly: true, - path: '/', - maxAge: 60 * 15 + maxAge: 60 * 15, + ...GLOBAL_COOKIE_OPTIONS }); }; diff --git a/src/utils/pageRouter/setVerifierCookie.js b/src/utils/pageRouter/setVerifierCookie.js index 5431005..e67451d 100644 --- a/src/utils/pageRouter/setVerifierCookie.js +++ b/src/utils/pageRouter/setVerifierCookie.js @@ -1,4 +1,6 @@ import {config} from '../../config/index'; +import { GLOBAL_COOKIE_OPTIONS } from '../../session/sessionManager'; + const cookie = require('cookie'); export const setVerifierCookie = (state, code_verifier, res, options) => { @@ -10,8 +12,8 @@ export const setVerifierCookie = (state, code_verifier, res, options) => { res.setHeader( 'Set-Cookie', cookie.serialize(`${config.SESSION_PREFIX}-${state}`, jsonCookieValue, { - httpOnly: true, - maxAge: 60 * 15 + maxAge: 60 * 15, + ...GLOBAL_COOKIE_OPTIONS }) ); return state;