Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-08-05 13:35:27 +02:00
Code Issues Releases Activity

feat: Improve security of access tokens (#279)

Browse source 
Closes #275
This commit is contained in:
SimonTagne 2022-08-09 18:03:21 +02:00 committed by GitHub
parent dab38cbc18
commit 7786533a90
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
40 changed files with 273 additions and 133 deletions
Download patch file Download diff file Expand all files Collapse all files

27
client/src/utils/access-token-storage.js
View file

@ -1,15 +1,36 @@
import Cookies from 'js-cookie';
import jwtDecode from 'jwt-decode';
import Config from '../constants/Config';
export const setAccessToken = (accessToken) => {
const { exp } = jwtDecode(accessToken);
const expires = new Date(exp * 1000);
Cookies.set(Config.ACCESS_TOKEN_KEY, accessToken, {
expires: Config.ACCESS_TOKEN_EXPIRES,
expires,
secure: window.location.protocol === 'https:',
sameSite: 'strict',
});
Cookies.set(Config.ACCESS_TOKEN_VERSION_KEY, Config.ACCESS_TOKEN_VERSION, {
expires,
});
};
export const getAccessToken = () => Cookies.get(Config.ACCESS_TOKEN_KEY);
export const removeAccessToken = () => {
Cookies.remove(Config.ACCESS_TOKEN_KEY);
Cookies.remove(Config.ACCESS_TOKEN_VERSION_KEY);
};
export const getAccessToken = () => {
let accessToken = Cookies.get(Config.ACCESS_TOKEN_KEY);
const accessTokenVersion = Cookies.get(Config.ACCESS_TOKEN_VERSION_KEY);
if (accessToken && accessTokenVersion !== Config.ACCESS_TOKEN_VERSION) {
removeAccessToken();
accessToken = undefined;
}
return accessToken;
};