Aaltronav/dougal-software
1
0
Fork 0
mirror of https://gitlab.com/wgp/dougal/software.git synced 2025-12-06 07:47:07 +00:00
Code Issues Packages Projects Releases Activity

Do not use cookies for backend authentication

Browse Source
This commit is contained in:
D. Berge
2025-08-09 12:43:17 +02:00
parent 2c1a24e4a5
commit ae8e5d4ef6
3 changed files with 0 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/www/server/api/middleware/auth/jwt.js
View File

@@ -5,8 +5,6 @@ const cfg = require("../../../lib/config").jwt;
const getToken = function (req) { const getToken = function (req) {
if (req.headers.authorization && req.headers.authorization.split(' ')[0] == 'Bearer') { if (req.headers.authorization && req.headers.authorization.split(' ')[0] == 'Bearer') {
return req.headers.authorization.split(' ')[1]; return req.headers.authorization.split(' ')[1];
} else if (req.cookies.JWT) {
return req.cookies.JWT;
} }
return null; return null;
} }

1
lib/www/server/api/middleware/user/login.js
View File

@@ -8,7 +8,6 @@ async function login (req, res, next) {
if (payload) { if (payload) {
const token = jwt.issue(payload, req, res); const token = jwt.issue(payload, req, res);
res.set("X-JWT", token); res.set("X-JWT", token);
res.set("Set-Cookie", `JWT=${token}`); // For good measure
res.status(200).send({token}); res.status(200).send({token});
next(); next();
return; return;

1
lib/www/server/api/middleware/user/logout.js
View File

@@ -1,6 +1,5 @@
async function logout (req, res, next) { async function logout (req, res, next) {
res.clearCookie("JWT");
res.status(204).send(); res.status(204).send();
next(); next();
} }