vbatts/homebox
1
0
Fork 0
forked from mirrors/homebox
Code Pull requests Activity

refactor: rewrite to cookie based auth (#578)

Browse source 
* rewrite to cookie based auth

* remove interceptor

Former-commit-id: 1365bdfd46
This commit is contained in:
Hayden 2023-10-06 22:44:43 -05:00 committed by GitHub
parent 36e13ab03b
commit c71f077466
8 changed files with 155 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

5
frontend/composables/use-api.ts
View file

@ -30,12 +30,15 @@ export function usePublicApi(): PublicApi {
export function useUserApi(): UserClient {
const authCtx = useAuthContext();
const requests = new Requests("", () => authCtx.token || "", {});
const requests = new Requests("", "", {});
requests.addResponseInterceptor(logger);
requests.addResponseInterceptor(r => {
if (r.status === 401) {
console.error("unauthorized request, invalidating session");
authCtx.invalidateSession();
if (window.location.pathname !== "/") {
window.location.href = "/";
}
}
});

50
frontend/composables/use-auth-context.ts
View file

@ -4,8 +4,7 @@ import { UserOut } from "~~/lib/api/types/data-contracts";
import { UserClient } from "~~/lib/api/user";
export interface IAuthContext {
get token(): string | null;
get expiresAt(): string | null;
get token(): boolean | null;
get attachmentToken(): string | null;
/**
@ -13,11 +12,6 @@ export interface IAuthContext {
*/
user?: UserOut;
/**
* Returns true if the session is expired.
*/
isExpired(): boolean;
/**
* Returns true if the session is authorized.
*/
@ -43,59 +37,40 @@ class AuthContext implements IAuthContext {
// eslint-disable-next-line no-use-before-define
private static _instance?: AuthContext;
private static readonly cookieTokenKey = "hb.auth.token";
private static readonly cookieExpiresAtKey = "hb.auth.expires_at";
private static readonly cookieTokenKey = "hb.auth.session";
private static readonly cookieAttachmentTokenKey = "hb.auth.attachment_token";
user?: UserOut;
private _token: CookieRef<string | null>;
private _expiresAt: CookieRef<string | null>;
private _attachmentToken: CookieRef<string | null>;
get token() {
return this._token.value;
}
get expiresAt() {
return this._expiresAt.value;
return this._token.value === "true";
}
get attachmentToken() {
return this._attachmentToken.value;
}
private constructor(token: string, expiresAt: string, attachmentToken: string) {
private constructor(token: string, attachmentToken: string) {
this._token = useCookie(token);
this._expiresAt = useCookie(expiresAt);
this._attachmentToken = useCookie(attachmentToken);
}
static get instance() {
if (!this._instance) {
this._instance = new AuthContext(
AuthContext.cookieTokenKey,
AuthContext.cookieExpiresAtKey,
AuthContext.cookieAttachmentTokenKey
);
this._instance = new AuthContext(AuthContext.cookieTokenKey, AuthContext.cookieAttachmentTokenKey);
}
return this._instance;
}
isExpired() {
const expiresAt = this.expiresAt;
if (expiresAt === null) {
return true;
}
const expiresAtDate = new Date(expiresAt);
const now = new Date();
return now.getTime() > expiresAtDate.getTime();
return this.token;
}
isAuthorized() {
return !!this._token.value && !this.isExpired();
return !this.isExpired();
}
invalidateSession() {
@ -103,11 +78,9 @@ class AuthContext implements IAuthContext {
// Delete the cookies
this._token.value = null;
this._expiresAt.value = null;
this._attachmentToken.value = null;
console.log("Session invalidated");
window.location.href = "/";
}
async login(api: PublicApi, email: string, password: string, stayLoggedIn: boolean) {
@ -115,17 +88,10 @@ class AuthContext implements IAuthContext {
if (!r.error) {
const expiresAt = new Date(r.data.expiresAt);
this._token = useCookie(AuthContext.cookieTokenKey, {
expires: expiresAt,
});
this._expiresAt = useCookie(AuthContext.cookieExpiresAtKey, {
expires: expiresAt,
});
this._token = useCookie(AuthContext.cookieTokenKey);
this._attachmentToken = useCookie(AuthContext.cookieAttachmentTokenKey, {
expires: expiresAt,
});
this._token.value = r.data.token;
this._expiresAt.value = r.data.expiresAt as string;
this._attachmentToken.value = r.data.attachmentToken;
}