diff --git a/client/package-lock.json b/client/package-lock.json index ad85a356..228f268a 100644 --- a/client/package-lock.json +++ b/client/package-lock.json @@ -14,6 +14,7 @@ "i18next": "^21.6.16", "i18next-browser-languagedetector": "^6.1.4", "initials": "^3.1.2", + "js-cookie": "^3.0.1", "lodash": "^4.17.20", "node-sass": "^7.0.1", "prop-types": "^15.8.1", @@ -13534,6 +13535,14 @@ "resolved": "https://registry.npmjs.org/js-base64/-/js-base64-2.6.4.tgz", "integrity": "sha512-pZe//GGmwJndub7ZghVHz7vjb2LgC1m8B07Au3eYqeqv9emhESByMXxaEgkUkEqJe87oBbSniGYoQNIBklc7IQ==" }, + "node_modules/js-cookie": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.1.tgz", + "integrity": "sha512-+0rgsUXZu4ncpPxRL+lNEptWMOWl9etvPHc/koSRp6MPwpRYAhmk0dUG00J4bxVV3r9uUzfo24wW0knS07SKSw==", + "engines": { + "node": ">=12" + } + }, "node_modules/js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", @@ -33059,6 +33068,11 @@ "resolved": "https://registry.npmjs.org/js-base64/-/js-base64-2.6.4.tgz", "integrity": "sha512-pZe//GGmwJndub7ZghVHz7vjb2LgC1m8B07Au3eYqeqv9emhESByMXxaEgkUkEqJe87oBbSniGYoQNIBklc7IQ==" }, + "js-cookie": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.1.tgz", + "integrity": "sha512-+0rgsUXZu4ncpPxRL+lNEptWMOWl9etvPHc/koSRp6MPwpRYAhmk0dUG00J4bxVV3r9uUzfo24wW0knS07SKSw==" + }, "js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", diff --git a/client/package.json b/client/package.json index 6f458109..cb2c3e87 100755 --- a/client/package.json +++ b/client/package.json @@ -71,6 +71,7 @@ "i18next": "^21.6.16", "i18next-browser-languagedetector": "^6.1.4", "initials": "^3.1.2", + "js-cookie": "^3.0.1", "lodash": "^4.17.20", "node-sass": "^7.0.1", "prop-types": "^15.8.1", diff --git a/client/src/api/access-tokens.js b/client/src/api/access-tokens.js index 6cd10639..0e5c9883 100755 --- a/client/src/api/access-tokens.js +++ b/client/src/api/access-tokens.js @@ -2,7 +2,7 @@ import http from './http'; /* Actions */ -const createAccessToken = (data, headers) => http.post('/access-tokens', data, headers); +const createAccessToken = (data) => http.post('/access-tokens', data); export default { createAccessToken, diff --git a/client/src/api/actions.js b/client/src/api/actions.js index 63fa5497..cc1d6c09 100755 --- a/client/src/api/actions.js +++ b/client/src/api/actions.js @@ -9,8 +9,8 @@ export const transformAction = (action) => ({ /* Actions */ -const getActions = (cardId, data, headers) => - socket.get(`/cards/${cardId}/actions`, data, headers).then((body) => ({ +const getActions = (cardId, data) => + socket.get(`/cards/${cardId}/actions`, data).then((body) => ({ ...body, items: body.items.map(transformAction), })); diff --git a/client/src/api/attachments.js b/client/src/api/attachments.js index f3edba43..8ed64726 100755 --- a/client/src/api/attachments.js +++ b/client/src/api/attachments.js @@ -10,20 +10,20 @@ export const transformAttachment = (attachment) => ({ /* Actions */ -const createAttachment = (cardId, data, requestId, headers) => - http.post(`/cards/${cardId}/attachments?requestId=${requestId}`, data, headers).then((body) => ({ +const createAttachment = (cardId, data, requestId) => + http.post(`/cards/${cardId}/attachments?requestId=${requestId}`, data).then((body) => ({ ...body, item: transformAttachment(body.item), })); -const updateAttachment = (id, data, headers) => - socket.patch(`/attachments/${id}`, data, headers).then((body) => ({ +const updateAttachment = (id, data) => + socket.patch(`/attachments/${id}`, data).then((body) => ({ ...body, item: transformAttachment(body.item), })); -const deleteAttachment = (id, headers) => - socket.delete(`/attachments/${id}`, undefined, headers).then((body) => ({ +const deleteAttachment = (id) => + socket.delete(`/attachments/${id}`).then((body) => ({ ...body, item: transformAttachment(body.item), })); diff --git a/client/src/api/board-memberships.js b/client/src/api/board-memberships.js index 3ef1ce87..0fa087ba 100644 --- a/client/src/api/board-memberships.js +++ b/client/src/api/board-memberships.js @@ -2,11 +2,10 @@ import socket from './socket'; /* Actions */ -const createBoardMembership = (boardId, data, headers) => - socket.post(`/boards/${boardId}/memberships`, data, headers); +const createBoardMembership = (boardId, data) => + socket.post(`/boards/${boardId}/memberships`, data); -const deleteBoardMembership = (id, headers) => - socket.delete(`/board-memberships/${id}`, undefined, headers); +const deleteBoardMembership = (id) => socket.delete(`/board-memberships/${id}`); export default { createBoardMembership, diff --git a/client/src/api/boards.js b/client/src/api/boards.js index b605ed2e..4e618cea 100755 --- a/client/src/api/boards.js +++ b/client/src/api/boards.js @@ -4,11 +4,10 @@ import { transformAttachment } from './attachments'; /* Actions */ -const createBoard = (projectId, data, headers) => - socket.post(`/projects/${projectId}/boards`, data, headers); +const createBoard = (projectId, data) => socket.post(`/projects/${projectId}/boards`, data); -const getBoard = (id, headers) => - socket.get(`/boards/${id}`, undefined, headers).then((body) => ({ +const getBoard = (id) => + socket.get(`/boards/${id}`).then((body) => ({ ...body, included: { ...body.included, @@ -17,9 +16,9 @@ const getBoard = (id, headers) => }, })); -const updateBoard = (id, data, headers) => socket.patch(`/boards/${id}`, data, headers); +const updateBoard = (id, data) => socket.patch(`/boards/${id}`, data); -const deleteBoard = (id, headers) => socket.delete(`/boards/${id}`, undefined, headers); +const deleteBoard = (id) => socket.delete(`/boards/${id}`); export default { createBoard, diff --git a/client/src/api/card-labels.js b/client/src/api/card-labels.js index 92715d64..d4fc0fa9 100644 --- a/client/src/api/card-labels.js +++ b/client/src/api/card-labels.js @@ -2,11 +2,9 @@ import socket from './socket'; /* Actions */ -const createCardLabel = (cardId, data, headers) => - socket.post(`/cards/${cardId}/labels`, data, headers); +const createCardLabel = (cardId, data) => socket.post(`/cards/${cardId}/labels`, data); -const deleteCardLabel = (cardId, labelId, headers) => - socket.delete(`/cards/${cardId}/labels/${labelId}`, undefined, headers); +const deleteCardLabel = (cardId, labelId) => socket.delete(`/cards/${cardId}/labels/${labelId}`); export default { createCardLabel, diff --git a/client/src/api/card-memberships.js b/client/src/api/card-memberships.js index 2deb9d92..23330301 100644 --- a/client/src/api/card-memberships.js +++ b/client/src/api/card-memberships.js @@ -2,11 +2,10 @@ import socket from './socket'; /* Actions */ -const createCardMembership = (cardId, data, headers) => - socket.post(`/cards/${cardId}/memberships`, data, headers); +const createCardMembership = (cardId, data) => socket.post(`/cards/${cardId}/memberships`, data); -const deleteCardMembership = (cardId, userId, headers) => - socket.delete(`/cards/${cardId}/memberships?userId=${userId}`, undefined, headers); +const deleteCardMembership = (cardId, userId) => + socket.delete(`/cards/${cardId}/memberships?userId=${userId}`); export default { createCardMembership, diff --git a/client/src/api/cards.js b/client/src/api/cards.js index b2f3f2ca..353f8f7b 100755 --- a/client/src/api/cards.js +++ b/client/src/api/cards.js @@ -35,8 +35,8 @@ export const transformCardData = (data) => ({ /* Actions */ -const getCards = (boardId, data, headers) => - socket.get(`/board/${boardId}/cards`, data, headers).then((body) => ({ +const getCards = (boardId, data) => + socket.get(`/board/${boardId}/cards`, data).then((body) => ({ ...body, items: body.items.map(transformCard), included: { @@ -45,26 +45,26 @@ const getCards = (boardId, data, headers) => }, })); -const createCard = (boardId, data, headers) => - socket.post(`/boards/${boardId}/cards`, transformCardData(data), headers).then((body) => ({ +const createCard = (boardId, data) => + socket.post(`/boards/${boardId}/cards`, transformCardData(data)).then((body) => ({ ...body, item: transformCard(body.item), })); -const getCard = (id, headers) => - socket.get(`/cards/${id}`, undefined, headers).then((body) => ({ +const getCard = (id) => + socket.get(`/cards/${id}`).then((body) => ({ ...body, item: transformCard(body.item), })); -const updateCard = (id, data, headers) => - socket.patch(`/cards/${id}`, transformCardData(data), headers).then((body) => ({ +const updateCard = (id, data) => + socket.patch(`/cards/${id}`, transformCardData(data)).then((body) => ({ ...body, item: transformCard(body.item), })); -const deleteCard = (id, headers) => - socket.delete(`/cards/${id}`, undefined, headers).then((body) => ({ +const deleteCard = (id) => + socket.delete(`/cards/${id}`).then((body) => ({ ...body, item: transformCard(body.item), })); diff --git a/client/src/api/comment-actions.js b/client/src/api/comment-actions.js index bce8eb71..40f67db6 100755 --- a/client/src/api/comment-actions.js +++ b/client/src/api/comment-actions.js @@ -3,20 +3,20 @@ import { transformAction } from './actions'; /* Actions */ -const createCommentAction = (cardId, data, headers) => - socket.post(`/cards/${cardId}/comment-actions`, data, headers).then((body) => ({ +const createCommentAction = (cardId, data) => + socket.post(`/cards/${cardId}/comment-actions`, data).then((body) => ({ ...body, item: transformAction(body.item), })); -const updateCommentAction = (id, data, headers) => - socket.patch(`/comment-actions/${id}`, data, headers).then((body) => ({ +const updateCommentAction = (id, data) => + socket.patch(`/comment-actions/${id}`, data).then((body) => ({ ...body, item: transformAction(body.item), })); -const deleteCommentAction = (id, headers) => - socket.delete(`/comment-actions/${id}`, undefined, headers).then((body) => ({ +const deleteCommentAction = (id) => + socket.delete(`/comment-actions/${id}`).then((body) => ({ ...body, item: transformAction(body.item), })); diff --git a/client/src/api/http.js b/client/src/api/http.js index 646528da..9776807b 100755 --- a/client/src/api/http.js +++ b/client/src/api/http.js @@ -6,7 +6,7 @@ const http = {}; // TODO: add all methods ['POST'].forEach((method) => { - http[method.toLowerCase()] = (url, data, headers) => { + http[method.toLowerCase()] = (url, data) => { const formData = Object.keys(data).reduce((result, key) => { result.append(key, data[key]); @@ -15,8 +15,8 @@ const http = {}; return fetch(`${Config.SERVER_BASE_URL}/api${url}`, { method, - headers, body: formData, + ...Config.FETCH_OPTIONS, }) .then((response) => response.json().then((body) => ({ diff --git a/client/src/api/labels.js b/client/src/api/labels.js index e1101ef3..80d92014 100755 --- a/client/src/api/labels.js +++ b/client/src/api/labels.js @@ -2,12 +2,11 @@ import socket from './socket'; /* Actions */ -const createLabel = (boardId, data, headers) => - socket.post(`/boards/${boardId}/labels`, data, headers); +const createLabel = (boardId, data) => socket.post(`/boards/${boardId}/labels`, data); -const updateLabel = (id, data, headers) => socket.patch(`/labels/${id}`, data, headers); +const updateLabel = (id, data) => socket.patch(`/labels/${id}`, data); -const deleteLabel = (id, headers) => socket.delete(`/labels/${id}`, undefined, headers); +const deleteLabel = (id) => socket.delete(`/labels/${id}`); export default { createLabel, diff --git a/client/src/api/lists.js b/client/src/api/lists.js index 6c1ee6a2..59722edf 100755 --- a/client/src/api/lists.js +++ b/client/src/api/lists.js @@ -2,12 +2,11 @@ import socket from './socket'; /* Actions */ -const createList = (boardId, data, headers) => - socket.post(`/boards/${boardId}/lists`, data, headers); +const createList = (boardId, data) => socket.post(`/boards/${boardId}/lists`, data); -const updateList = (id, data, headers) => socket.patch(`/lists/${id}`, data, headers); +const updateList = (id, data) => socket.patch(`/lists/${id}`, data); -const deleteList = (id, headers) => socket.delete(`/lists/${id}`, undefined, headers); +const deleteList = (id) => socket.delete(`/lists/${id}`); export default { createList, diff --git a/client/src/api/notifications.js b/client/src/api/notifications.js index 9068a19f..246165fc 100755 --- a/client/src/api/notifications.js +++ b/client/src/api/notifications.js @@ -4,8 +4,8 @@ import { transformAction } from './actions'; /* Actions */ -const getNotifications = (headers) => - socket.get('/notifications', undefined, headers).then((body) => ({ +const getNotifications = () => + socket.get('/notifications').then((body) => ({ ...body, included: { ...body.included, @@ -14,8 +14,8 @@ const getNotifications = (headers) => }, })); -const getNotification = (id, headers) => - socket.get(`/notifications/${id}`, undefined, headers).then((body) => ({ +const getNotification = (id) => + socket.get(`/notifications/${id}`).then((body) => ({ ...body, included: { ...body.included, @@ -24,8 +24,7 @@ const getNotification = (id, headers) => }, })); -const updateNotifications = (ids, data, headers) => - socket.patch(`/notifications/${ids.join(',')}`, data, headers); +const updateNotifications = (ids, data) => socket.patch(`/notifications/${ids.join(',')}`, data); export default { getNotifications, diff --git a/client/src/api/project-managers.js b/client/src/api/project-managers.js index a835bf2d..6701a764 100755 --- a/client/src/api/project-managers.js +++ b/client/src/api/project-managers.js @@ -2,11 +2,10 @@ import socket from './socket'; /* Actions */ -const createProjectManager = (projectId, data, headers) => - socket.post(`/projects/${projectId}/managers`, data, headers); +const createProjectManager = (projectId, data) => + socket.post(`/projects/${projectId}/managers`, data); -const deleteProjectManager = (id, headers) => - socket.delete(`/project-managers/${id}`, undefined, headers); +const deleteProjectManager = (id) => socket.delete(`/project-managers/${id}`); export default { createProjectManager, diff --git a/client/src/api/projects.js b/client/src/api/projects.js index 5a22beec..863d3f5e 100755 --- a/client/src/api/projects.js +++ b/client/src/api/projects.js @@ -3,18 +3,18 @@ import socket from './socket'; /* Actions */ -const getProjects = (headers) => socket.get('/projects', undefined, headers); +const getProjects = () => socket.get('/projects'); -const createProject = (data, headers) => socket.post('/projects', data, headers); +const createProject = (data) => socket.post('/projects', data); -const getProject = (id, headers) => socket.get(`/projects/${id}`, undefined, headers); +const getProject = (id) => socket.get(`/projects/${id}`); -const updateProject = (id, data, headers) => socket.patch(`/projects/${id}`, data, headers); +const updateProject = (id, data) => socket.patch(`/projects/${id}`, data); -const updateProjectBackgroundImage = (id, data, headers) => - http.post(`/projects/${id}/background-image`, data, headers); +const updateProjectBackgroundImage = (id, data) => + http.post(`/projects/${id}/background-image`, data); -const deleteProject = (id, headers) => socket.delete(`/projects/${id}`, undefined, headers); +const deleteProject = (id) => socket.delete(`/projects/${id}`); export default { getProjects, diff --git a/client/src/api/socket.js b/client/src/api/socket.js index 2902661b..8e4aa7af 100755 --- a/client/src/api/socket.js +++ b/client/src/api/socket.js @@ -16,13 +16,12 @@ const { socket } = io; socket.connect = socket._connect; // eslint-disable-line no-underscore-dangle ['GET', 'POST', 'PUT', 'PATCH', 'DELETE'].forEach((method) => { - socket[method.toLowerCase()] = (url, data, headers) => + socket[method.toLowerCase()] = (url, data) => new Promise((resolve, reject) => { socket.request( { method, data, - headers, url: `/api${url}`, }, (_, { body, error }) => { diff --git a/client/src/api/tasks.js b/client/src/api/tasks.js index 584ec3e1..2b078967 100755 --- a/client/src/api/tasks.js +++ b/client/src/api/tasks.js @@ -2,11 +2,11 @@ import socket from './socket'; /* Actions */ -const createTask = (cardId, data, headers) => socket.post(`/cards/${cardId}/tasks`, data, headers); +const createTask = (cardId, data) => socket.post(`/cards/${cardId}/tasks`, data); -const updateTask = (id, data, headers) => socket.patch(`/tasks/${id}`, data, headers); +const updateTask = (id, data) => socket.patch(`/tasks/${id}`, data); -const deleteTask = (id, headers) => socket.delete(`/tasks/${id}`, undefined, headers); +const deleteTask = (id) => socket.delete(`/tasks/${id}`); export default { createTask, diff --git a/client/src/api/users.js b/client/src/api/users.js index ca77bd9d..cb286e8f 100755 --- a/client/src/api/users.js +++ b/client/src/api/users.js @@ -3,27 +3,25 @@ import socket from './socket'; /* Actions */ -const getUsers = (headers) => socket.get('/users', undefined, headers); +const getUsers = () => socket.get('/users'); -const createUser = (data, headers) => socket.post('/users', data, headers); +const createUser = (data) => socket.post('/users', data); -const getUser = (id, headers) => socket.get(`/users/${id}`, undefined, headers); +const getUser = (id) => socket.get(`/users/${id}`); -const getCurrentUser = (headers) => socket.get('/users/me', undefined, headers); +const getCurrentUser = () => socket.get('/users/me'); -const updateUser = (id, data, headers) => socket.patch(`/users/${id}`, data, headers); +const updateUser = (id, data) => socket.patch(`/users/${id}`, data); -const updateUserEmail = (id, data, headers) => socket.patch(`/users/${id}/email`, data, headers); +const updateUserEmail = (id, data) => socket.patch(`/users/${id}/email`, data); -const updateUserPassword = (id, data, headers) => - socket.patch(`/users/${id}/password`, data, headers); +const updateUserPassword = (id, data) => socket.patch(`/users/${id}/password`, data); -const updateUserUsername = (id, data, headers) => - socket.patch(`/users/${id}/username`, data, headers); +const updateUserUsername = (id, data) => socket.patch(`/users/${id}/username`, data); -const updateUserAvatar = (id, data, headers) => http.post(`/users/${id}/avatar`, data, headers); +const updateUserAvatar = (id, data) => http.post(`/users/${id}/avatar`, data); -const deleteUser = (id, headers) => socket.delete(`/users/${id}`, undefined, headers); +const deleteUser = (id) => socket.delete(`/users/${id}`); export default { getUsers, diff --git a/client/src/constants/Config.js b/client/src/constants/Config.js index 5bf8722c..ff7111a0 100755 --- a/client/src/constants/Config.js +++ b/client/src/constants/Config.js @@ -2,12 +2,24 @@ const SERVER_BASE_URL = process.env.REACT_APP_SERVER_BASE_URL || (process.env.NODE_ENV === 'production' ? '' : 'http://localhost:1337'); -const POSITION_GAP = 65535; +const FETCH_OPTIONS = + process.env.NODE_ENV === 'production' + ? undefined + : { + credentials: 'include', + }; +const ACCESS_TOKEN_KEY = 'accessToken'; +const ACCESS_TOKEN_EXPIRES = 365; + +const POSITION_GAP = 65535; const ACTIONS_LIMIT = 10; export default { SERVER_BASE_URL, + FETCH_OPTIONS, + ACCESS_TOKEN_KEY, + ACCESS_TOKEN_EXPIRES, POSITION_GAP, ACTIONS_LIMIT, }; diff --git a/client/src/reducers/auth.js b/client/src/reducers/auth.js index af88015f..d5b3c3c4 100755 --- a/client/src/reducers/auth.js +++ b/client/src/reducers/auth.js @@ -1,19 +1,12 @@ -import { getAccessToken } from '../utils/access-token-storage'; import ActionTypes from '../constants/ActionTypes'; const initialState = { - accessToken: getAccessToken(), userId: null, }; // eslint-disable-next-line default-param-last export default (state = initialState, { type, payload }) => { switch (type) { - case ActionTypes.AUTHENTICATE__SUCCESS: - return { - ...state, - accessToken: payload.accessToken, - }; case ActionTypes.SOCKET_RECONNECT_HANDLE: case ActionTypes.CORE_INITIALIZE: return { diff --git a/client/src/sagas/core/request.js b/client/src/sagas/core/request.js index 3021d32c..7cc2e405 100755 --- a/client/src/sagas/core/request.js +++ b/client/src/sagas/core/request.js @@ -1,6 +1,5 @@ -import { call, fork, join, put, select, take } from 'redux-saga/effects'; +import { call, fork, join, put, take } from 'redux-saga/effects'; -import { accessTokenSelector } from '../../selectors'; import { logout } from '../../actions'; import ErrorCodes from '../../constants/ErrorCodes'; @@ -13,12 +12,8 @@ function* queueRequest(method, ...args) { } catch {} // eslint-disable-line no-empty } - const accessToken = yield select(accessTokenSelector); - try { - return yield call(method, ...args, { - Authorization: `Bearer ${accessToken}`, - }); + return yield call(method, ...args); } catch (error) { if (error.code === ErrorCodes.UNAUTHORIZED) { yield put(logout()); // TODO: next url diff --git a/client/src/sagas/index.js b/client/src/sagas/index.js index 84e84aed..099e49ea 100755 --- a/client/src/sagas/index.js +++ b/client/src/sagas/index.js @@ -1,11 +1,11 @@ -import { call, select } from 'redux-saga/effects'; +import { call } from 'redux-saga/effects'; import loginSaga from './login'; import coreSaga from './core'; -import { accessTokenSelector } from '../selectors'; +import { getAccessToken } from '../utils/access-token-storage'; export default function* rootSaga() { - const accessToken = yield select(accessTokenSelector); + const accessToken = yield call(getAccessToken); if (!accessToken) { yield call(loginSaga); diff --git a/client/src/utils/access-token-storage.js b/client/src/utils/access-token-storage.js index f42fb4db..e3a8adfd 100755 --- a/client/src/utils/access-token-storage.js +++ b/client/src/utils/access-token-storage.js @@ -1,11 +1,26 @@ -const ACCESS_TOKEN_KEY = 'accessToken'; +import Cookies from 'js-cookie'; -export const getAccessToken = () => localStorage.getItem(ACCESS_TOKEN_KEY); +import Config from '../constants/Config'; export const setAccessToken = (accessToken) => { - localStorage.setItem(ACCESS_TOKEN_KEY, accessToken); + Cookies.set(Config.ACCESS_TOKEN_KEY, accessToken, { + expires: Config.ACCESS_TOKEN_EXPIRES, + }); +}; + +export const getAccessToken = () => { + // TODO: remove migration + const accessToken = localStorage.getItem(Config.ACCESS_TOKEN_KEY); + if (accessToken) { + localStorage.removeItem(Config.ACCESS_TOKEN_KEY); + + setAccessToken(accessToken); + return accessToken; + } + + return Cookies.get(Config.ACCESS_TOKEN_KEY); }; export const removeAccessToken = () => { - localStorage.removeItem(ACCESS_TOKEN_KEY); + Cookies.remove(Config.ACCESS_TOKEN_KEY); }; diff --git a/server/api/hooks/current-user/index.js b/server/api/hooks/current-user/index.js index a0913a66..3268ca42 100644 --- a/server/api/hooks/current-user/index.js +++ b/server/api/hooks/current-user/index.js @@ -34,11 +34,16 @@ module.exports = function defineCurrentUserHook(sails) { before: { '/*': { async fn(req, res, next) { - const { authorization: authorizationHeader } = req.headers; - - if (authorizationHeader && TOKEN_PATTERN.test(authorizationHeader)) { - const accessToken = authorizationHeader.replace(TOKEN_PATTERN, ''); + let accessToken; + if (req.headers.authorization) { + if (TOKEN_PATTERN.test(req.headers.authorization)) { + accessToken = req.headers.authorization.replace(TOKEN_PATTERN, ''); + } + } else if (req.cookies.accessToken) { + accessToken = req.cookies.accessToken; + } + if (accessToken) { req.currentUser = await getUser(accessToken); } diff --git a/server/config/security.js b/server/config/security.js index acdb1ef9..3bb733f3 100644 --- a/server/config/security.js +++ b/server/config/security.js @@ -31,7 +31,7 @@ module.exports.security = { allRoutes: true, allowOrigins: ['http://localhost:3000'], allowRequestHeaders: ['Authorization'], - allowCredentials: false, + allowCredentials: true, }, /**