Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-19 13:19:44 +02:00
Code Issues Releases Activity

feat: Store accessToken in cookies instead of localStorage

Browse source
This commit is contained in:
Maksim Eltyshev 2022-04-26 18:01:55 +05:00
parent 536064fdfe
commit 486e663a3d
27 changed files with 137 additions and 114 deletions
Download patch file Download diff file Expand all files Collapse all files

14
client/package-lock.json generated
View file

@ -14,6 +14,7 @@
"i18next": "^21.6.16",
"i18next-browser-languagedetector": "^6.1.4",
"initials": "^3.1.2",
"js-cookie": "^3.0.1",
"lodash": "^4.17.20",
"node-sass": "^7.0.1",
"prop-types": "^15.8.1",
@ -13534,6 +13535,14 @@
"resolved": "https://registry.npmjs.org/js-base64/-/js-base64-2.6.4.tgz",
"integrity": "sha512-pZe//GGmwJndub7ZghVHz7vjb2LgC1m8B07Au3eYqeqv9emhESByMXxaEgkUkEqJe87oBbSniGYoQNIBklc7IQ=="
},
"node_modules/js-cookie": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.1.tgz",
"integrity": "sha512-+0rgsUXZu4ncpPxRL+lNEptWMOWl9etvPHc/koSRp6MPwpRYAhmk0dUG00J4bxVV3r9uUzfo24wW0knS07SKSw==",
"engines": {
"node": ">=12"
}
},
"node_modules/js-tokens": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
@ -33059,6 +33068,11 @@
"resolved": "https://registry.npmjs.org/js-base64/-/js-base64-2.6.4.tgz",
"integrity": "sha512-pZe//GGmwJndub7ZghVHz7vjb2LgC1m8B07Au3eYqeqv9emhESByMXxaEgkUkEqJe87oBbSniGYoQNIBklc7IQ=="
},
"js-cookie": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.1.tgz",
"integrity": "sha512-+0rgsUXZu4ncpPxRL+lNEptWMOWl9etvPHc/koSRp6MPwpRYAhmk0dUG00J4bxVV3r9uUzfo24wW0knS07SKSw=="
},
"js-tokens": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",

1
client/package.json
View file

@ -71,6 +71,7 @@
"i18next": "^21.6.16",
"i18next-browser-languagedetector": "^6.1.4",
"initials": "^3.1.2",
"js-cookie": "^3.0.1",
"lodash": "^4.17.20",
"node-sass": "^7.0.1",
"prop-types": "^15.8.1",

2
client/src/api/access-tokens.js
View file

@ -2,7 +2,7 @@ import http from './http';
/* Actions */
const createAccessToken = (data, headers) => http.post('/access-tokens', data, headers);
const createAccessToken = (data) => http.post('/access-tokens', data);
export default {
createAccessToken,

4
client/src/api/actions.js
View file

@ -9,8 +9,8 @@ export const transformAction = (action) => ({
/* Actions */
const getActions = (cardId, data, headers) =>
socket.get(`/cards/${cardId}/actions`, data, headers).then((body) => ({
const getActions = (cardId, data) =>
socket.get(`/cards/${cardId}/actions`, data).then((body) => ({
...body,
items: body.items.map(transformAction),
}));

12
client/src/api/attachments.js
View file

@ -10,20 +10,20 @@ export const transformAttachment = (attachment) => ({
/* Actions */
const createAttachment = (cardId, data, requestId, headers) =>
http.post(`/cards/${cardId}/attachments?requestId=${requestId}`, data, headers).then((body) => ({
const createAttachment = (cardId, data, requestId) =>
http.post(`/cards/${cardId}/attachments?requestId=${requestId}`, data).then((body) => ({
...body,
item: transformAttachment(body.item),
}));
const updateAttachment = (id, data, headers) =>
socket.patch(`/attachments/${id}`, data, headers).then((body) => ({
const updateAttachment = (id, data) =>
socket.patch(`/attachments/${id}`, data).then((body) => ({
...body,
item: transformAttachment(body.item),
}));
const deleteAttachment = (id, headers) =>
socket.delete(`/attachments/${id}`, undefined, headers).then((body) => ({
const deleteAttachment = (id) =>
socket.delete(`/attachments/${id}`).then((body) => ({
...body,
item: transformAttachment(body.item),
}));

7
client/src/api/board-memberships.js
View file

@ -2,11 +2,10 @@ import socket from './socket';
/* Actions */
const createBoardMembership = (boardId, data, headers) =>
socket.post(`/boards/${boardId}/memberships`, data, headers);
const createBoardMembership = (boardId, data) =>
socket.post(`/boards/${boardId}/memberships`, data);
const deleteBoardMembership = (id, headers) =>
socket.delete(`/board-memberships/${id}`, undefined, headers);
const deleteBoardMembership = (id) => socket.delete(`/board-memberships/${id}`);
export default {
createBoardMembership,

11
client/src/api/boards.js
View file

@ -4,11 +4,10 @@ import { transformAttachment } from './attachments';
/* Actions */
const createBoard = (projectId, data, headers) =>
socket.post(`/projects/${projectId}/boards`, data, headers);
const createBoard = (projectId, data) => socket.post(`/projects/${projectId}/boards`, data);
const getBoard = (id, headers) =>
socket.get(`/boards/${id}`, undefined, headers).then((body) => ({
const getBoard = (id) =>
socket.get(`/boards/${id}`).then((body) => ({
...body,
included: {
...body.included,
@ -17,9 +16,9 @@ const getBoard = (id, headers) =>
},
}));
const updateBoard = (id, data, headers) => socket.patch(`/boards/${id}`, data, headers);
const updateBoard = (id, data) => socket.patch(`/boards/${id}`, data);
const deleteBoard = (id, headers) => socket.delete(`/boards/${id}`, undefined, headers);
const deleteBoard = (id) => socket.delete(`/boards/${id}`);
export default {
createBoard,

6
client/src/api/card-labels.js
View file

@ -2,11 +2,9 @@ import socket from './socket';
/* Actions */
const createCardLabel = (cardId, data, headers) =>
socket.post(`/cards/${cardId}/labels`, data, headers);
const createCardLabel = (cardId, data) => socket.post(`/cards/${cardId}/labels`, data);
const deleteCardLabel = (cardId, labelId, headers) =>
socket.delete(`/cards/${cardId}/labels/${labelId}`, undefined, headers);
const deleteCardLabel = (cardId, labelId) => socket.delete(`/cards/${cardId}/labels/${labelId}`);
export default {
createCardLabel,

7
client/src/api/card-memberships.js
View file

@ -2,11 +2,10 @@ import socket from './socket';
/* Actions */
const createCardMembership = (cardId, data, headers) =>
socket.post(`/cards/${cardId}/memberships`, data, headers);
const createCardMembership = (cardId, data) => socket.post(`/cards/${cardId}/memberships`, data);
const deleteCardMembership = (cardId, userId, headers) =>
socket.delete(`/cards/${cardId}/memberships?userId=${userId}`, undefined, headers);
const deleteCardMembership = (cardId, userId) =>
socket.delete(`/cards/${cardId}/memberships?userId=${userId}`);
export default {
createCardMembership,

20
client/src/api/cards.js
View file

@ -35,8 +35,8 @@ export const transformCardData = (data) => ({
/* Actions */
const getCards = (boardId, data, headers) =>
socket.get(`/board/${boardId}/cards`, data, headers).then((body) => ({
const getCards = (boardId, data) =>
socket.get(`/board/${boardId}/cards`, data).then((body) => ({
...body,
items: body.items.map(transformCard),
included: {
@ -45,26 +45,26 @@ const getCards = (boardId, data, headers) =>
},
}));
const createCard = (boardId, data, headers) =>
socket.post(`/boards/${boardId}/cards`, transformCardData(data), headers).then((body) => ({
const createCard = (boardId, data) =>
socket.post(`/boards/${boardId}/cards`, transformCardData(data)).then((body) => ({
...body,
item: transformCard(body.item),
}));
const getCard = (id, headers) =>
socket.get(`/cards/${id}`, undefined, headers).then((body) => ({
const getCard = (id) =>
socket.get(`/cards/${id}`).then((body) => ({
...body,
item: transformCard(body.item),
}));
const updateCard = (id, data, headers) =>
socket.patch(`/cards/${id}`, transformCardData(data), headers).then((body) => ({
const updateCard = (id, data) =>
socket.patch(`/cards/${id}`, transformCardData(data)).then((body) => ({
...body,
item: transformCard(body.item),
}));
const deleteCard = (id, headers) =>
socket.delete(`/cards/${id}`, undefined, headers).then((body) => ({
const deleteCard = (id) =>
socket.delete(`/cards/${id}`).then((body) => ({
...body,
item: transformCard(body.item),
}));

12
client/src/api/comment-actions.js
View file

@ -3,20 +3,20 @@ import { transformAction } from './actions';
/* Actions */
const createCommentAction = (cardId, data, headers) =>
socket.post(`/cards/${cardId}/comment-actions`, data, headers).then((body) => ({
const createCommentAction = (cardId, data) =>
socket.post(`/cards/${cardId}/comment-actions`, data).then((body) => ({
...body,
item: transformAction(body.item),
}));
const updateCommentAction = (id, data, headers) =>
socket.patch(`/comment-actions/${id}`, data, headers).then((body) => ({
const updateCommentAction = (id, data) =>
socket.patch(`/comment-actions/${id}`, data).then((body) => ({
...body,
item: transformAction(body.item),
}));
const deleteCommentAction = (id, headers) =>
socket.delete(`/comment-actions/${id}`, undefined, headers).then((body) => ({
const deleteCommentAction = (id) =>
socket.delete(`/comment-actions/${id}`).then((body) => ({
...body,
item: transformAction(body.item),
}));

4
client/src/api/http.js
View file

@ -6,7 +6,7 @@ const http = {};
// TODO: add all methods
['POST'].forEach((method) => {
http[method.toLowerCase()] = (url, data, headers) => {
http[method.toLowerCase()] = (url, data) => {
const formData = Object.keys(data).reduce((result, key) => {
result.append(key, data[key]);
@ -15,8 +15,8 @@ const http = {};
return fetch(`${Config.SERVER_BASE_URL}/api${url}`, {
method,
headers,
body: formData,
...Config.FETCH_OPTIONS,
})
.then((response) =>
response.json().then((body) => ({

7
client/src/api/labels.js
View file

@ -2,12 +2,11 @@ import socket from './socket';
/* Actions */
const createLabel = (boardId, data, headers) =>
socket.post(`/boards/${boardId}/labels`, data, headers);
const createLabel = (boardId, data) => socket.post(`/boards/${boardId}/labels`, data);
const updateLabel = (id, data, headers) => socket.patch(`/labels/${id}`, data, headers);
const updateLabel = (id, data) => socket.patch(`/labels/${id}`, data);
const deleteLabel = (id, headers) => socket.delete(`/labels/${id}`, undefined, headers);
const deleteLabel = (id) => socket.delete(`/labels/${id}`);
export default {
createLabel,

7
client/src/api/lists.js
View file

@ -2,12 +2,11 @@ import socket from './socket';
/* Actions */
const createList = (boardId, data, headers) =>
socket.post(`/boards/${boardId}/lists`, data, headers);
const createList = (boardId, data) => socket.post(`/boards/${boardId}/lists`, data);
const updateList = (id, data, headers) => socket.patch(`/lists/${id}`, data, headers);
const updateList = (id, data) => socket.patch(`/lists/${id}`, data);
const deleteList = (id, headers) => socket.delete(`/lists/${id}`, undefined, headers);
const deleteList = (id) => socket.delete(`/lists/${id}`);
export default {
createList,

11
client/src/api/notifications.js
View file

@ -4,8 +4,8 @@ import { transformAction } from './actions';
/* Actions */
const getNotifications = (headers) =>
socket.get('/notifications', undefined, headers).then((body) => ({
const getNotifications = () =>
socket.get('/notifications').then((body) => ({
...body,
included: {
...body.included,
@ -14,8 +14,8 @@ const getNotifications = (headers) =>
},
}));
const getNotification = (id, headers) =>
socket.get(`/notifications/${id}`, undefined, headers).then((body) => ({
const getNotification = (id) =>
socket.get(`/notifications/${id}`).then((body) => ({
...body,
included: {
...body.included,
@ -24,8 +24,7 @@ const getNotification = (id, headers) =>
},
}));
const updateNotifications = (ids, data, headers) =>
socket.patch(`/notifications/${ids.join(',')}`, data, headers);
const updateNotifications = (ids, data) => socket.patch(`/notifications/${ids.join(',')}`, data);
export default {
getNotifications,

7
client/src/api/project-managers.js
View file

@ -2,11 +2,10 @@ import socket from './socket';
/* Actions */
const createProjectManager = (projectId, data, headers) =>
socket.post(`/projects/${projectId}/managers`, data, headers);
const createProjectManager = (projectId, data) =>
socket.post(`/projects/${projectId}/managers`, data);
const deleteProjectManager = (id, headers) =>
socket.delete(`/project-managers/${id}`, undefined, headers);
const deleteProjectManager = (id) => socket.delete(`/project-managers/${id}`);
export default {
createProjectManager,

14
client/src/api/projects.js
View file

@ -3,18 +3,18 @@ import socket from './socket';
/* Actions */
const getProjects = (headers) => socket.get('/projects', undefined, headers);
const getProjects = () => socket.get('/projects');
const createProject = (data, headers) => socket.post('/projects', data, headers);
const createProject = (data) => socket.post('/projects', data);
const getProject = (id, headers) => socket.get(`/projects/${id}`, undefined, headers);
const getProject = (id) => socket.get(`/projects/${id}`);
const updateProject = (id, data, headers) => socket.patch(`/projects/${id}`, data, headers);
const updateProject = (id, data) => socket.patch(`/projects/${id}`, data);
const updateProjectBackgroundImage = (id, data, headers) =>
http.post(`/projects/${id}/background-image`, data, headers);
const updateProjectBackgroundImage = (id, data) =>
http.post(`/projects/${id}/background-image`, data);
const deleteProject = (id, headers) => socket.delete(`/projects/${id}`, undefined, headers);
const deleteProject = (id) => socket.delete(`/projects/${id}`);
export default {
getProjects,

3
client/src/api/socket.js
View file

@ -16,13 +16,12 @@ const { socket } = io;
socket.connect = socket._connect; // eslint-disable-line no-underscore-dangle
['GET', 'POST', 'PUT', 'PATCH', 'DELETE'].forEach((method) => {
socket[method.toLowerCase()] = (url, data, headers) =>
socket[method.toLowerCase()] = (url, data) =>
new Promise((resolve, reject) => {
socket.request(
{
method,
data,
headers,
url: `/api${url}`,
},
(_, { body, error }) => {

6
client/src/api/tasks.js
View file

@ -2,11 +2,11 @@ import socket from './socket';
/* Actions */
const createTask = (cardId, data, headers) => socket.post(`/cards/${cardId}/tasks`, data, headers);
const createTask = (cardId, data) => socket.post(`/cards/${cardId}/tasks`, data);
const updateTask = (id, data, headers) => socket.patch(`/tasks/${id}`, data, headers);
const updateTask = (id, data) => socket.patch(`/tasks/${id}`, data);
const deleteTask = (id, headers) => socket.delete(`/tasks/${id}`, undefined, headers);
const deleteTask = (id) => socket.delete(`/tasks/${id}`);
export default {
createTask,

22
client/src/api/users.js
View file

@ -3,27 +3,25 @@ import socket from './socket';
/* Actions */
const getUsers = (headers) => socket.get('/users', undefined, headers);
const getUsers = () => socket.get('/users');
const createUser = (data, headers) => socket.post('/users', data, headers);
const createUser = (data) => socket.post('/users', data);
const getUser = (id, headers) => socket.get(`/users/${id}`, undefined, headers);
const getUser = (id) => socket.get(`/users/${id}`);
const getCurrentUser = (headers) => socket.get('/users/me', undefined, headers);
const getCurrentUser = () => socket.get('/users/me');
const updateUser = (id, data, headers) => socket.patch(`/users/${id}`, data, headers);
const updateUser = (id, data) => socket.patch(`/users/${id}`, data);
const updateUserEmail = (id, data, headers) => socket.patch(`/users/${id}/email`, data, headers);
const updateUserEmail = (id, data) => socket.patch(`/users/${id}/email`, data);
const updateUserPassword = (id, data, headers) =>
socket.patch(`/users/${id}/password`, data, headers);
const updateUserPassword = (id, data) => socket.patch(`/users/${id}/password`, data);
const updateUserUsername = (id, data, headers) =>
socket.patch(`/users/${id}/username`, data, headers);
const updateUserUsername = (id, data) => socket.patch(`/users/${id}/username`, data);
const updateUserAvatar = (id, data, headers) => http.post(`/users/${id}/avatar`, data, headers);
const updateUserAvatar = (id, data) => http.post(`/users/${id}/avatar`, data);
const deleteUser = (id, headers) => socket.delete(`/users/${id}`, undefined, headers);
const deleteUser = (id) => socket.delete(`/users/${id}`);
export default {
getUsers,

14
client/src/constants/Config.js
View file

@ -2,12 +2,24 @@ const SERVER_BASE_URL =
process.env.REACT_APP_SERVER_BASE_URL ||
(process.env.NODE_ENV === 'production' ? '' : 'http://localhost:1337');
const POSITION_GAP = 65535;
const FETCH_OPTIONS =
process.env.NODE_ENV === 'production'
? undefined
: {
credentials: 'include',
};
const ACCESS_TOKEN_KEY = 'accessToken';
const ACCESS_TOKEN_EXPIRES = 365;
const POSITION_GAP = 65535;
const ACTIONS_LIMIT = 10;
export default {
SERVER_BASE_URL,
FETCH_OPTIONS,
ACCESS_TOKEN_KEY,
ACCESS_TOKEN_EXPIRES,
POSITION_GAP,
ACTIONS_LIMIT,
};

7
client/src/reducers/auth.js
View file

@ -1,19 +1,12 @@
import { getAccessToken } from '../utils/access-token-storage';
import ActionTypes from '../constants/ActionTypes';
const initialState = {
accessToken: getAccessToken(),
userId: null,
};
// eslint-disable-next-line default-param-last
export default (state = initialState, { type, payload }) => {
switch (type) {
case ActionTypes.AUTHENTICATE__SUCCESS:
return {
...state,
accessToken: payload.accessToken,
};
case ActionTypes.SOCKET_RECONNECT_HANDLE:
case ActionTypes.CORE_INITIALIZE:
return {

9
client/src/sagas/core/request.js
View file

@ -1,6 +1,5 @@
import { call, fork, join, put, select, take } from 'redux-saga/effects';
import { call, fork, join, put, take } from 'redux-saga/effects';
import { accessTokenSelector } from '../../selectors';
import { logout } from '../../actions';
import ErrorCodes from '../../constants/ErrorCodes';
@ -13,12 +12,8 @@ function* queueRequest(method, ...args) {
} catch {} // eslint-disable-line no-empty
}
const accessToken = yield select(accessTokenSelector);
try {
return yield call(method, ...args, {
Authorization: `Bearer ${accessToken}`,
});
return yield call(method, ...args);
} catch (error) {
if (error.code === ErrorCodes.UNAUTHORIZED) {
yield put(logout()); // TODO: next url

6
client/src/sagas/index.js
View file

@ -1,11 +1,11 @@
import { call, select } from 'redux-saga/effects';
import { call } from 'redux-saga/effects';
import loginSaga from './login';
import coreSaga from './core';
import { accessTokenSelector } from '../selectors';
import { getAccessToken } from '../utils/access-token-storage';
export default function* rootSaga() {
const accessToken = yield select(accessTokenSelector);
const accessToken = yield call(getAccessToken);
if (!accessToken) {
yield call(loginSaga);

23
client/src/utils/access-token-storage.js
View file

@ -1,11 +1,26 @@
const ACCESS_TOKEN_KEY = 'accessToken';
import Cookies from 'js-cookie';
export const getAccessToken = () => localStorage.getItem(ACCESS_TOKEN_KEY);
import Config from '../constants/Config';
export const setAccessToken = (accessToken) => {
localStorage.setItem(ACCESS_TOKEN_KEY, accessToken);
Cookies.set(Config.ACCESS_TOKEN_KEY, accessToken, {
expires: Config.ACCESS_TOKEN_EXPIRES,
});
};
export const getAccessToken = () => {
// TODO: remove migration
const accessToken = localStorage.getItem(Config.ACCESS_TOKEN_KEY);
if (accessToken) {
localStorage.removeItem(Config.ACCESS_TOKEN_KEY);
setAccessToken(accessToken);
return accessToken;
}
return Cookies.get(Config.ACCESS_TOKEN_KEY);
};
export const removeAccessToken = () => {
localStorage.removeItem(ACCESS_TOKEN_KEY);
Cookies.remove(Config.ACCESS_TOKEN_KEY);
};

13
server/api/hooks/current-user/index.js
View file

@ -34,11 +34,16 @@ module.exports = function defineCurrentUserHook(sails) {
before: {
'/*': {
async fn(req, res, next) {
const { authorization: authorizationHeader } = req.headers;
if (authorizationHeader && TOKEN_PATTERN.test(authorizationHeader)) {
const accessToken = authorizationHeader.replace(TOKEN_PATTERN, '');
let accessToken;
if (req.headers.authorization) {
if (TOKEN_PATTERN.test(req.headers.authorization)) {
accessToken = req.headers.authorization.replace(TOKEN_PATTERN, '');
}
} else if (req.cookies.accessToken) {
accessToken = req.cookies.accessToken;
}
if (accessToken) {
req.currentUser = await getUser(accessToken);
}

2
server/config/security.js
View file

@ -31,7 +31,7 @@ module.exports.security = {
allRoutes: true,
allowOrigins: ['http://localhost:3000'],
allowRequestHeaders: ['Authorization'],
allowCredentials: false,
allowCredentials: true,
},
/**