feat: Additional httpOnly token for enhanced security in browsers

2025-07-20 05:39:43 +02:00 · 2024-09-01 09:31:04 +02:00 · 2024-09-01 09:31:04 +02:00 · 9699fbe76a
commit 9699fbe76a
parent 4176a62f1a
18 changed files with 171 additions and 48 deletions
--- a/server/api/helpers/utils/set-http-only-token-cookie.js
+++ b/server/api/helpers/utils/set-http-only-token-cookie.js
@ -0,0 +1,28 @@
+module.exports = {
+  sync: true,
+
+  inputs: {
+    value: {
+      type: 'string',
+      required: true,
+    },
+    accessTokenPayload: {
+      type: 'json',
+      required: true,
+    },
+    response: {
+      type: 'ref',
+      required: true,
+    },
+  },
+
+  fn(inputs) {
+    inputs.response.cookie('httpOnlyToken', inputs.value, {
+      expires: new Date(inputs.accessTokenPayload.exp * 1000),
+      path: sails.config.custom.baseUrlPath,
+      secure: sails.config.custom.baseUrlSecure,
+      httpOnly: true,
+      sameSite: 'strict',
+    });
+  },
+};