open.source/manifold
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make server auth code maximally robust

Browse Source
This commit is contained in:
Marshall Polaris 2022-08-05 19:54:05 -07:00
parent 43335d2980
commit b204569484
2 changed files with 44 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
web/lib/firebase/auth.ts
View File

@ -16,9 +16,34 @@ const CUSTOM_COOKIE_NAME = getAuthCookieName('custom')
const ONE_HOUR_SECS = 60 * 60 const ONE_HOUR_SECS = 60 * 60
const TEN_YEARS_SECS = 60 * 60 * 24 * 365 * 10 const TEN_YEARS_SECS = 60 * 60 * 24 * 365 * 10
export const getAuthCookies = (request?: IncomingMessage) => { const getCookieDataIsomorphic = (req?: IncomingMessage) => {
const data = request != null ? request.headers.cookie ?? '' : document.cookie if (req != null) {
const cookies = getCookies(data) return req.headers.cookie ?? ''
} else if (document != null) {
return document.cookie
} else {
throw new Error(
'Neither request nor document is available; no way to get cookies.'
)
}
}
const setCookieDataIsomorphic = (cookies: string[], res?: ServerResponse) => {
if (res != null) {
res.setHeader('Set-Cookie', cookies)
} else if (document != null) {
for (const ck of cookies) {
document.cookie = ck
}
} else {
throw new Error(
'Neither response nor document is available; no way to set cookies.'
)
}
}
export const getAuthCookies = (req?: IncomingMessage) => {
const cookies = getCookies(getCookieDataIsomorphic(req))
return { return {
idToken: cookies[ID_COOKIE_NAME] as string | undefined, idToken: cookies[ID_COOKIE_NAME] as string | undefined,
refreshToken: cookies[REFRESH_COOKIE_NAME] as string | undefined, refreshToken: cookies[REFRESH_COOKIE_NAME] as string | undefined,
@ -30,7 +55,7 @@ export const setAuthCookies = (
idToken?: string, idToken?: string,
refreshToken?: string, refreshToken?: string,
customToken?: string, customToken?: string,
response?: ServerResponse res?: ServerResponse
) => { ) => {
const idMaxAge = idToken != null ? ONE_HOUR_SECS : 0 const idMaxAge = idToken != null ? ONE_HOUR_SECS : 0
const idCookie = setCookie(ID_COOKIE_NAME, idToken ?? '', [ const idCookie = setCookie(ID_COOKIE_NAME, idToken ?? '', [
@ -53,13 +78,8 @@ export const setAuthCookies = (
['samesite', 'lax'], ['samesite', 'lax'],
['secure'], ['secure'],
]) ])
if (response != null) { setCookieDataIsomorphic([idCookie, refreshCookie, customCookie], res)
response.setHeader('Set-Cookie', [idCookie, refreshCookie, customCookie])
} else {
document.cookie = idCookie
document.cookie = refreshCookie
document.cookie = customCookie
}
} }
export const deleteAuthCookies = () => setAuthCookies() export const deleteAuthCookies = (res?: ServerResponse) =>
setAuthCookies(undefined, undefined, undefined, res)

19
web/lib/firebase/server-auth.ts
View File

@ -135,14 +135,19 @@ const authAndRefreshTokens = async (ctx: RequestContext) => {
export const authenticateOnServer = async (ctx: RequestContext) => { export const authenticateOnServer = async (ctx: RequestContext) => {
const tokens = await authAndRefreshTokens(ctx) const tokens = await authAndRefreshTokens(ctx)
if (tokens == null) { const creds = tokens?.creds
deleteAuthCookies() try {
return undefined if (tokens == null) {
} else { deleteAuthCookies(ctx.res)
const { creds, idToken, refreshToken, customToken } = tokens } else {
setAuthCookies(idToken, refreshToken, customToken, ctx.res) const { idToken, refreshToken, customToken } = tokens
return creds setAuthCookies(idToken, refreshToken, customToken, ctx.res)
}
} catch (e) {
// definitely not supposed to happen, but let's be maximally robust
console.error(e)
} }
return creds
} }
// note that we might want to define these types more generically if we want better // note that we might want to define these types more generically if we want better