fix: check token validate before request send

kubesphere · Jan 15, 2020 · f53eaf5 · f53eaf5
1 parent 51bfa60
commit f53eaf5
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/server/controllers/session.js b/server/controllers/session.js
@@ -118,7 +118,7 @@ const handleLogin = async ctx => {
 
   ctx.session = {}
   ctx.cookies.set('token', user.token)
-  ctx.cookies.set('currentUser', user.username)
+  ctx.cookies.set('currentUser', user.username, { httpOnly: false })
   ctx.cookies.set('referer', null)
 
   if (lastUser && lastUser !== user.username) {

diff --git a/src/utils/request.js b/src/utils/request.js
@@ -22,6 +22,7 @@ const get = require('lodash/get')
 const set = require('lodash/set')
 const merge = require('lodash/merge')
 const qs = require('qs')
+const cookie = require('./cookie').default
 
 const methods = ['GET', 'POST', 'PUT', 'PATCH', 'DELETE']
 
@@ -103,6 +104,15 @@ function buildRequest({
     responseHandler = handler
   }
 
+  if (
+    cookie('currentUser') &&
+    globals.user &&
+    globals.user.username !== cookie('currentUser')
+  ) {
+    location.href = '/'
+    return
+  }
+
   return fetch(requestURL, request).then(resp => responseHandler(resp, reject))
 }
 /**