Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-19 13:19:44 +02:00
Code Issues Releases Activity

feat: Additional httpOnly token for enhanced security in browsers

Browse source
This commit is contained in:
Maksim Eltyshev 2024-09-01 09:31:04 +02:00
parent 4176a62f1a
commit 9699fbe76a
18 changed files with 171 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

17
server/api/controllers/access-tokens/exchange-using-oidc.js
View file

@ -1,3 +1,5 @@
const { v4: uuid } = require('uuid');
const { getRemoteAddress } = require('../../../utils/remoteAddress');
const Errors = {
@ -28,6 +30,10 @@ module.exports = {
type: 'string',
required: true,
},
withHttpOnlyToken: {
type: 'boolean',
defaultsTo: false,
},
},
exits: {
@ -62,15 +68,24 @@ module.exports = {
.intercept('usernameAlreadyInUse', () => Errors.USERNAME_ALREADY_IN_USE)
.intercept('missingValues', () => Errors.MISSING_VALUES);
const accessToken = sails.helpers.utils.createToken(user.id);
const { token: accessToken, payload: accessTokenPayload } = sails.helpers.utils.createJwtToken(
user.id,
);
const httpOnlyToken = inputs.withHttpOnlyToken ? uuid() : null;
await Session.create({
accessToken,
httpOnlyToken,
remoteAddress,
userId: user.id,
userAgent: this.req.headers['user-agent'],
});
if (httpOnlyToken && !this.req.isSocket) {
sails.helpers.utils.setHttpOnlyTokenCookie(httpOnlyToken, accessTokenPayload, this.res);
}
return {
item: accessToken,
};