mirror of
https://github.com/seanmorley15/AdventureLog.git
synced 2025-07-28 09:19:37 +02:00
Refactor login cookie handling to improve parsing and error handling; ensure multiple Set-Cookie headers are processed correctly.
This commit is contained in:
Sean Morley
parent
fa52af8ad1
commit
0adfdfa62f
1 changed files with 62 additions and 54 deletions
|
|
@ -110,63 +110,71 @@ export const actions: Actions = {
|
||||||
};
|
};
|
||||||
|
|
||||||
function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, response: Response) {
|
function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, response: Response) {
|
||||||
const setCookieHeader = response.headers.get('Set-Cookie');
|
// Get all Set-Cookie headers
|
||||||
console.log('[LOGIN] Set-Cookie header from backend:', setCookieHeader);
|
let setCookieHeaders: string[] = [];
|
||||||
|
|
||||||
if (setCookieHeader) {
|
if ('getSetCookie' in response.headers && typeof response.headers.getSetCookie === 'function') {
|
||||||
const sessionIdRegex = /sessionid=([^;]+).*?expires=([^;]+)/;
|
setCookieHeaders = response.headers.getSetCookie();
|
||||||
const match = setCookieHeader.match(sessionIdRegex);
|
|
||||||
if (match) {
|
|
||||||
const [, sessionId, expiryString] = match;
|
|
||||||
|
|
||||||
console.log('[LOGIN] Parsed session ID:', sessionId);
|
|
||||||
console.log('[LOGIN] Parsed expiry string:', expiryString);
|
|
||||||
|
|
||||||
// Get the proper cookie domain using psl
|
|
||||||
const hostname = event.url.hostname;
|
|
||||||
let cookieDomain;
|
|
||||||
|
|
||||||
// Check if hostname is an IP address
|
|
||||||
const isIPAddress = /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname);
|
|
||||||
const isLocalhost = hostname === 'localhost';
|
|
||||||
const isSingleLabel = hostname.split('.').length === 1;
|
|
||||||
|
|
||||||
console.log('[LOGIN] Hostname info:', {
|
|
||||||
hostname,
|
|
||||||
isIPAddress,
|
|
||||||
isLocalhost,
|
|
||||||
isSingleLabel
|
|
||||||
});
|
|
||||||
|
|
||||||
if (!isIPAddress && !isSingleLabel && !isLocalhost) {
|
|
||||||
const parsed = psl.parse(hostname);
|
|
||||||
if (parsed && parsed.domain) {
|
|
||||||
cookieDomain = `.${parsed.domain}`;
|
|
||||||
console.log('[LOGIN] Using parsed cookie domain:', cookieDomain);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
console.log('[LOGIN] No domain will be set for cookie.');
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
event.cookies.set('sessionid', sessionId, {
|
|
||||||
path: '/',
|
|
||||||
httpOnly: true,
|
|
||||||
sameSite: 'lax',
|
|
||||||
secure: event.url.protocol === 'https:',
|
|
||||||
expires: new Date(expiryString),
|
|
||||||
...(cookieDomain && { domain: cookieDomain }) // only include if defined
|
|
||||||
});
|
|
||||||
console.log('[LOGIN] Cookie set successfully.');
|
|
||||||
} catch (e) {
|
|
||||||
console.error('[LOGIN] Failed to set cookie:', e);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
console.warn('[LOGIN] Failed to parse session ID and expiry from Set-Cookie header.');
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
console.warn('[LOGIN] No Set-Cookie header received from backend.');
|
const raw = response.headers.get('Set-Cookie');
|
||||||
|
if (raw) {
|
||||||
|
// Safely split on commas only if a new cookie starts (e.g., key=value)
|
||||||
|
setCookieHeaders = raw.split(/,\s*(?=\w+=)/);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
console.log('[LOGIN] All Set-Cookie headers:', setCookieHeaders);
|
||||||
|
|
||||||
|
const sessionCookie = setCookieHeaders.find((cookie) => cookie.startsWith('sessionid=')) || '';
|
||||||
|
console.log('[LOGIN] Session cookie:', sessionCookie);
|
||||||
|
|
||||||
|
if (!sessionCookie) {
|
||||||
|
console.warn('[LOGIN] No sessionid cookie found.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
const sessionIdMatch = sessionCookie.match(/sessionid=([^;]+)/);
|
||||||
|
const expiresMatch = sessionCookie.match(/expires=([^;]+)/i);
|
||||||
|
|
||||||
|
if (!sessionIdMatch) {
|
||||||
|
console.warn('[LOGIN] Could not extract session ID from cookie.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
const sessionId = sessionIdMatch[1];
|
||||||
|
const expires = expiresMatch ? new Date(expiresMatch[1]) : undefined;
|
||||||
|
|
||||||
|
console.log('[LOGIN] Extracted session ID:', sessionId);
|
||||||
|
if (expires) console.log('[LOGIN] Extracted expires:', expires);
|
||||||
|
|
||||||
|
// Determine cookie domain
|
||||||
|
const hostname = event.url.hostname;
|
||||||
|
const isIPAddress = /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname);
|
||||||
|
const isLocalhost = hostname === 'localhost';
|
||||||
|
const isSingleLabel = hostname.split('.').length === 1;
|
||||||
|
|
||||||
|
let cookieDomain: string | undefined;
|
||||||
|
if (!isIPAddress && !isLocalhost && !isSingleLabel) {
|
||||||
|
const parsed = psl.parse(hostname);
|
||||||
|
if (parsed && parsed.domain) {
|
||||||
|
cookieDomain = `.${parsed.domain}`;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
console.log('[LOGIN] Setting cookie domain:', cookieDomain);
|
||||||
|
|
||||||
|
const cookieOptions = {
|
||||||
|
path: '/',
|
||||||
|
httpOnly: true,
|
||||||
|
sameSite: 'lax' as const,
|
||||||
|
secure: event.url.protocol === 'https:',
|
||||||
|
...(expires && { expires }),
|
||||||
|
...(cookieDomain && { domain: cookieDomain })
|
||||||
|
};
|
||||||
|
|
||||||
|
console.log('[LOGIN] Cookie options:', cookieOptions);
|
||||||
|
|
||||||
|
event.cookies.set('sessionid', sessionId, cookieOptions);
|
||||||
|
console.log('[LOGIN] Cookie set successfully.');
|
||||||
}
|
}
|
||||||
|
|
||||||
function extractSessionId(setCookieHeader: string | null) {
|
function extractSessionId(setCookieHeader: string | null) {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue