Setting auth cookie to not expire.

5 years ago · de72792576
3 changed files with 7 additions and 20 deletions
--- a/packages/auth/src/constants.js
+++ b/packages/auth/src/constants.js
@ -34,4 +34,5 @@ exports.Configs = {
  OIDC_LOGOS: "logos_oidc",
 }

+exports.MAX_VALID_DATE = new Date(2147483647000)
 exports.DEFAULT_TENANT_ID = "default"
--- a/packages/auth/src/utils.js
+++ b/packages/auth/src/utils.js
@ -7,7 +7,7 @@ const {
 const jwt = require("jsonwebtoken")
 const { options } = require("./middleware/passport/jwt")
 const { createUserEmailView } = require("./db/views")
-const { Headers, UserStatus, Cookies } = require("./constants")
+const { Headers, UserStatus, Cookies, MAX_VALID_DATE } = require("./constants")
 const {
  getGlobalDB,
  updateTenantId,
@ -83,14 +83,15 @@ exports.getCookie = (ctx, name) => {
 * @param {object} ctx The request which is to be manipulated.
 * @param {string} name The name of the cookie to set.
 * @param {string|object} value The value of cookie which will be set.
+ * @param {object} opts options like whether to sign.
 */
-exports.setCookie = (ctx, value, name = "builder") => {
-  if (value) {
+exports.setCookie = (ctx, value, name = "builder", opts = { sign: true }) => {
+  if (value && opts && opts.sign) {
    value = jwt.sign(value, options.secretOrKey)
  }

  const config = {
-    maxAge: Number.MAX_SAFE_INTEGER,
+    expires: MAX_VALID_DATE,
    path: "/",
    httpOnly: false,
    overwrite: true,
--- a/packages/worker/src/api/controllers/global/auth.js
+++ b/packages/worker/src/api/controllers/global/auth.js
@ -56,26 +56,11 @@ async function authInternal(ctx, user, err = null, info = null) {
    return ctx.throw(403, info ? info : "Unauthorized")
  }

-  const expires = new Date()
-  expires.setDate(expires.getDate() + 1)
-
  if (!user) {
    return ctx.throw(403, info ? info : "Unauthorized")
  }

-  const config = {
-    expires,
-    path: "/",
-    httpOnly: false,
-    overwrite: true,
-  }
-
-  if (env.COOKIE_DOMAIN) {
-    config.domain = env.COOKIE_DOMAIN
-  }
-
-  // just store the user ID
-  ctx.cookies.set(Cookies.Auth, user.token, config)
+  setCookie(ctx, user.token, Cookies.Auth, { sign: false })
  // get rid of any app cookies on login
  // have to check test because this breaks cypress
  if (!env.isTest()) {