Aaltronav/dougal-software
1
0
Fork 0
mirror of https://gitlab.com/wgp/dougal/software.git synced 2025-12-06 13:37:07 +00:00
Code Issues Packages Projects Releases Activity

Fix user authentication.

Browse Source 
* Use X-JWT header for sending authentication info
  both from server to client and from client to server.
* Send token in body of login response.
* Also use Set-Cookie: JWT=… so that calls that are
  not issued directly by Dougal (e.g. Deck.gl layers
  with a URL `data` property) work without having to
  jump through hoops.

Closes #321
This commit is contained in:
D. Berge
2025-08-06 10:21:37 +02:00
parent 17b9d60715
commit be5c6f1fa3
9 changed files with 107 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/www/server/api/middleware/user/login.js
View File

@@ -6,8 +6,10 @@ async function login (req, res, next) {
const {user, password} = req.body;
const payload = await jwt.checkValidCredentials({user, password});
if (payload) {
jwt.issue(payload, req, res);
res.status(204).send();
const token = jwt.issue(payload, req, res);
res.set("X-JWT", token);
res.set("Set-Cookie", `JWT=${token}`); // For good measure
res.status(200).send({token});
next();
return;
} else {