feat: Store accessToken in cookies instead of localStorage

2025-07-18 20:59:44 +02:00 · 2022-04-26 18:01:55 +05:00 · 2022-04-26 18:01:55 +05:00 · 7ef55ec578
commit 7ef55ec578
parent cad3233da7
27 changed files with 137 additions and 114 deletions
--- a/server/api/hooks/current-user/index.js
+++ b/server/api/hooks/current-user/index.js
@ -34,11 +34,16 @@ module.exports = function defineCurrentUserHook(sails) {
      before: {
        '/*': {
          async fn(req, res, next) {
-            const { authorization: authorizationHeader } = req.headers;
-
-            if (authorizationHeader && TOKEN_PATTERN.test(authorizationHeader)) {
-              const accessToken = authorizationHeader.replace(TOKEN_PATTERN, '');
+            let accessToken;
+            if (req.headers.authorization) {
+              if (TOKEN_PATTERN.test(req.headers.authorization)) {
+                accessToken = req.headers.authorization.replace(TOKEN_PATTERN, '');
+              }
+            } else if (req.cookies.accessToken) {
+              accessToken = req.cookies.accessToken;
+            }

+            if (accessToken) {
              req.currentUser = await getUser(accessToken);
            }

--- a/server/config/security.js
+++ b/server/config/security.js
@ -31,7 +31,7 @@ module.exports.security = {
    allRoutes: true,
    allowOrigins: ['http://localhost:3000'],
    allowRequestHeaders: ['Authorization'],
-    allowCredentials: false,
+    allowCredentials: true,
  },

  /**