Mirrors/audiobookshelf
Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-08-14 13:47:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

removed unnecessary 'token' cookie

Browse Source
This commit is contained in:
David Leimroth 2022-02-08 19:51:05 +01:00
parent c4dd6ed19a
commit 6533c8274b
2 changed files with 8 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
server/Auth.js
View File

@ -41,10 +41,13 @@ class Auth {
async authMiddleware(req, res, next) { async authMiddleware(req, res, next) {
let token = null; let token = null;
if (req.isAuthenticated && req.isAuthenticated()) { if (req.isAuthenticated && req.isAuthenticated()) {
token = req.cookies["token"] if (!req.user) {
const user = await this.verifyToken(token) Logger.error('Failed to find user object on request')
return res.sendStatus(403)
}
const user = this.db.users.find(u => u.id === req.user.userId)
if (!user) { if (!user) {
Logger.error('Verify Token User Not Found', token) Logger.error(`User Not Found, id=${req.user.userId}`)
return res.sendStatus(404) return res.sendStatus(404)
} }

22
server/Server.js
View File

@ -75,10 +75,11 @@ class Server {
this.clients = {} this.clients = {}
passport.serializeUser((user, next) => { passport.serializeUser((user, next) => {
next(null, user); next(null, {userId: user.id});
}); });
passport.deserializeUser((obj, next) => { passport.deserializeUser((obj, next) => {
const user = this.db.users.find(u => u.id === obj.userId)
next(null, obj); next(null, obj);
}); });
passport.use(new OidcStrategy({ passport.use(new OidcStrategy({
@ -299,30 +300,12 @@ class Server {
passport.authenticate('openidconnect', { failureRedirect: '/oidc/login', failureMessage: true }), passport.authenticate('openidconnect', { failureRedirect: '/oidc/login', failureMessage: true }),
async (req, res) => { async (req, res) => {
const token = this.auth.generateAccessToken({userId: req.user.id}) const token = this.auth.generateAccessToken({userId: req.user.id})
res.cookie('token', token, { httpOnly: true /* TODO: Set secure: true */ });
res.cookie('sso', true, { httpOnly: false /* TODO: Set secure: true */ }); res.cookie('sso', true, { httpOnly: false /* TODO: Set secure: true */ });
res.redirect('/'); res.redirect('/');
} }
// (req, res, next) => {
// passport.authenticate('openidconnect', async (err, user, info) => {
//
// Logger.debug(JSON.stringify({user, info}))
//
// const token = await this.auth.generateAccessToken({ userId: user.id })
// res.cookie('token', token, { httpOnly: true /* TODO: Set secure: true */ });
// res.cookie('sso', true, { httpOnly: false /* TODO: Set secure: true */ });
//
// res.redirect('/');
// })(req, res, next)
//
// }
) )
// app.get("/oidc/token", (req, res) => {
// req.cookies.get("token")
// })
app.get('/ping', (req, res) => { app.get('/ping', (req, res) => {
Logger.info('Recieved ping') Logger.info('Recieved ping')
res.json({ success: true }) res.json({ success: true })
@ -577,7 +560,6 @@ class Server {
Logger.info(`[Server] User ${req.user ? req.user.username : 'Unknown'} is logging out with socket ${socketId}`) Logger.info(`[Server] User ${req.user ? req.user.username : 'Unknown'} is logging out with socket ${socketId}`)
res.clearCookie('sso'); res.clearCookie('sso');
res.clearCookie('token');
if (req.logout) req.logout(); if (req.logout) req.logout();
// Strip user and client from client and client socket // Strip user and client from client and client socket
if (socketId && this.clients[socketId]) { if (socketId && this.clients[socketId]) {