jeena/lemmy-ui
1
0
Fork 0
Code Issues Pull requests Projects Packages Wiki Activity Actions

Adding JWT secure flag. (#426)

Browse source 
- Couldn't add samesite due to isomorphic library.
- Couldn't add httponly, because the js needs it for calls.
- Fixes #389
This commit is contained in:
Dessalines 2021-09-18 17:59:28 -04:00 committed by GitHub
parent 967b0dd964
commit bf93e29f4c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/shared/services/UserService.ts
View file

@ -3,6 +3,7 @@ import IsomorphicCookie from "isomorphic-cookie";
import jwt_decode from "jwt-decode";
import { LoginResponse, MyUserInfo } from "lemmy-js-client";
import { BehaviorSubject, Subject } from "rxjs";
import { isHttps } from "../env";
interface Claims {
sub: number;
@ -31,17 +32,18 @@ export class UserService {
public login(res: LoginResponse) {
let expires = new Date();
expires.setDate(expires.getDate() + 365);
IsomorphicCookie.save("jwt", res.jwt, { expires, secure: false });
IsomorphicCookie.save("jwt", res.jwt, { expires, secure: isHttps });
console.log("jwt cookie set");
this.setClaims(res.jwt);
}
public logout() {
IsomorphicCookie.remove("jwt");
this.claims = undefined;
this.myUserInfo = undefined;
// setTheme();
this.jwtSub.next("");
IsomorphicCookie.remove("jwt"); // TODO is sometimes unreliable for some reason
document.cookie = "jwt=; Max-Age=0; path=/; domain=" + location.host;
console.log("Logged out.");
}