removed unnecessary 'token' cookie

2025-08-14 13:47:16 +02:00 · 2022-02-08 19:51:05 +01:00 · 2022-02-08 19:51:05 +01:00 · 6533c8274b
commit 6533c8274b
parent c4dd6ed19a
2 changed files with 8 additions and 23 deletions
--- a/server/Auth.js
+++ b/server/Auth.js
@ -41,10 +41,13 @@ class Auth {
  async authMiddleware(req, res, next) {
    let token = null;
    if (req.isAuthenticated && req.isAuthenticated()) {
-      token = req.cookies["token"]
-      const user = await this.verifyToken(token)
+      if (!req.user) {
+        Logger.error('Failed to find user object on request')
+        return res.sendStatus(403)
+      }
+      const user = this.db.users.find(u => u.id === req.user.userId)
      if (!user) {
-        Logger.error('Verify Token User Not Found', token)
+        Logger.error(`User Not Found, id=${req.user.userId}`)
        return res.sendStatus(404)
      }

--- a/server/Server.js
+++ b/server/Server.js
@ -75,10 +75,11 @@ class Server {

    this.clients = {}
    passport.serializeUser((user, next) => {
-      next(null, user);
+      next(null, {userId: user.id});
    });
    
    passport.deserializeUser((obj, next) => {
+      const user = this.db.users.find(u => u.id === obj.userId)
      next(null, obj);
    });
    passport.use(new OidcStrategy({
@ -299,30 +300,12 @@ class Server {
      passport.authenticate('openidconnect', { failureRedirect: '/oidc/login', failureMessage: true }),
      async (req, res) => {
        const token = this.auth.generateAccessToken({userId: req.user.id})
-        res.cookie('token', token, { httpOnly: true /* TODO: Set secure: true */ });
        res.cookie('sso', true, { httpOnly: false /* TODO: Set secure: true */ });

        res.redirect('/');
      }
-      // (req, res, next) => {
-      // passport.authenticate('openidconnect', async (err, user, info) => {
-      //     
-      //     Logger.debug(JSON.stringify({user, info}))
-      //     
-      //     const token = await this.auth.generateAccessToken({ userId: user.id })
-      //     res.cookie('token', token, { httpOnly: true /* TODO: Set secure: true */ });
-      //     res.cookie('sso', true, { httpOnly: false /* TODO: Set secure: true */ });
-      //     
-      //     res.redirect('/'); 
-      //   })(req, res, next)
-      // 
-      // }
    )

-    // app.get("/oidc/token", (req, res) => {
-    //   req.cookies.get("token")
-    // })
-
    app.get('/ping', (req, res) => {
      Logger.info('Recieved ping')
      res.json({ success: true })
@ -577,7 +560,6 @@ class Server {
    Logger.info(`[Server] User ${req.user ? req.user.username : 'Unknown'} is logging out with socket ${socketId}`)

    res.clearCookie('sso');
-    res.clearCookie('token');
    if (req.logout) req.logout();
    // Strip user and client from client and client socket
    if (socketId && this.clients[socketId]) {