Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert "Revert "Refactor/dedupe cookie/session logic"" #4426

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 17 additions & 14 deletions packages/@uppy/companion/src/server/helpers/jwt.js
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,11 @@ module.exports.verifyEncryptedToken = (token, secret) => {
}
}

const addToCookies = (res, token, companionOptions, authProvider, prefix) => {
const getCookieName = (authProvider) => `uppyAuthToken--${authProvider}`

function getCookieOptions (companionOptions) {
const cookieOptions = {
maxAge: 1000 * EXPIRY, // would expire after one day (24 hrs)
maxAge: 1000 * EXPIRY,
httpOnly: true,
}

Expand All @@ -64,10 +66,12 @@ const addToCookies = (res, token, companionOptions, authProvider, prefix) => {
if (companionOptions.cookieDomain) {
cookieOptions.domain = companionOptions.cookieDomain
}
// send signed token to client.
res.cookie(`${prefix}--${authProvider}`, token, cookieOptions)

return cookieOptions
}

module.exports.getCookieOptions = getCookieOptions

/**
*
* @param {object} res
Expand All @@ -76,7 +80,10 @@ const addToCookies = (res, token, companionOptions, authProvider, prefix) => {
* @param {string} authProvider
*/
module.exports.addToCookies = (res, token, companionOptions, authProvider) => {
addToCookies(res, token, companionOptions, authProvider, 'uppyAuthToken')
const cookieOptions = getCookieOptions(companionOptions)

// send signed token to client.
res.cookie(getCookieName(authProvider), token, cookieOptions)
}

/**
Expand All @@ -86,14 +93,10 @@ module.exports.addToCookies = (res, token, companionOptions, authProvider) => {
* @param {string} authProvider
*/
module.exports.removeFromCookies = (res, companionOptions, authProvider) => {
const cookieOptions = {
maxAge: 1000 * EXPIRY, // would expire after one day (24 hrs)
httpOnly: true,
}

if (companionOptions.cookieDomain) {
cookieOptions.domain = companionOptions.cookieDomain
}
// https://expressjs.com/en/api.html
// Web browsers and other compliant clients will only clear the cookie if the given options is
// identical to those given to res.cookie(), excluding expires and maxAge.
const cookieOptions = getCookieOptions(companionOptions)

res.clearCookie(`uppyAuthToken--${authProvider}`, cookieOptions)
res.clearCookie(getCookieName(authProvider), cookieOptions)
}
8 changes: 2 additions & 6 deletions packages/@uppy/companion/src/standalone/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ const logger = require('../server/logger')
const redis = require('../server/redis')
const companion = require('../companion')
const { getCompanionOptions, generateSecret, buildHelpfulStartupMessage } = require('./helper')
const { getCookieOptions } = require('../server/helpers/jwt')

/**
* Configures an Express app for running Companion standalone
Expand Down Expand Up @@ -116,12 +117,7 @@ module.exports = function server (inputCompanionOptions) {
sessionOptions.store = new RedisStore({ client: redisClient, prefix: process.env.COMPANION_REDIS_EXPRESS_SESSION_PREFIX || 'sess:' })
}

if (process.env.COMPANION_COOKIE_DOMAIN) {
sessionOptions.cookie = {
domain: process.env.COMPANION_COOKIE_DOMAIN,
maxAge: 24 * 60 * 60 * 1000, // 1 day
}
}
sessionOptions.cookie = getCookieOptions(companionOptions)

// Session is used for grant redirects, so that we don't need to expose secret tokens in URLs
// See https://github.com/transloadit/uppy/pull/1668
Expand Down
1 change: 1 addition & 0 deletions packages/@uppy/companion/test/__tests__/preauth.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ jest.mock('../../src/server/helpers/jwt', () => {
},
addToCookies: () => {},
removeFromCookies: () => {},
getCookieOptions: () => {},
}
})

Expand Down