-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: safe sessions handling in server with communication to central …
…command
- Loading branch information
Showing
12 changed files
with
285 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
"use client" | ||
|
||
import {useContext, useEffect} from "react"; | ||
import {logout} from "../../../lib/auth/authorization"; | ||
import {redirect} from "next/navigation"; | ||
import {AuthorizerContext} from "../../../context/authorizerContext"; | ||
|
||
const LogoutPage = () => { | ||
|
||
const {revalidateAuth} = useContext(AuthorizerContext); | ||
|
||
useEffect(() => { | ||
logout().then(_ => { | ||
revalidateAuth(); | ||
redirect("/"); | ||
} | ||
); | ||
}, []); | ||
} | ||
|
||
export default LogoutPage; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
'use server' | ||
|
||
import {LoginResponse} from "../../types/authTypes"; | ||
import {SignJWT, jwtVerify} from "jose"; | ||
import {cookies} from "next/headers"; | ||
import {isAuthContext, parseError} from "../errors"; | ||
import {setSessionCookie} from "./session"; | ||
|
||
const secretKeyText = `${process.env.SECRET}`; | ||
const secretKey = new TextEncoder().encode(secretKeyText); | ||
|
||
|
||
export const encryptAuthContext = async (payload: LoginResponse) => { | ||
return await new SignJWT(payload as any) | ||
.setProtectedHeader({alg: "HS256"}) | ||
.setIssuedAt() | ||
.setExpirationTime("one day from now") | ||
.sign(secretKey); | ||
} | ||
|
||
export const decryptAuthContext = async (token: string) => { | ||
const {payload} = await jwtVerify(token, secretKey, {algorithms: ["HS256"]}); | ||
|
||
if (isAuthContext(payload)) { | ||
return payload; | ||
} else { | ||
throw new Error("Invalid token payload structure."); | ||
} | ||
} | ||
|
||
export const loginWithCredentials = async (email: string, password: string) => { | ||
const response = await fetch(`${process.env.CC_API_URL}/accounts/login-credentials`, { | ||
method: "POST", | ||
headers: { | ||
"Content-Type": "application/json" | ||
}, | ||
body: JSON.stringify({email, password}) | ||
}); | ||
|
||
const parsed = evaluateResponse(response); | ||
|
||
if (isAuthContext(parsed)) { | ||
await setSessionCookie(parsed) | ||
} | ||
|
||
return parsed; | ||
} | ||
|
||
export const loginWithToken = async (token: string) => { | ||
const response = await fetch(`${process.env.CC_API_URL}/accounts/login-token`, { | ||
method: "POST", | ||
headers: { | ||
"Content-Type": "application/json" | ||
}, | ||
credentials: "include", | ||
body: JSON.stringify({token}) | ||
}); | ||
|
||
const parsed = evaluateResponse(response); | ||
|
||
if (isAuthContext(parsed)) { | ||
await setSessionCookie(parsed); | ||
} | ||
|
||
return parsed; | ||
} | ||
|
||
export const logout = async () => { | ||
cookies().set("session", "", {expires: new Date(0)}); | ||
} | ||
|
||
const evaluateResponse = async (response: Response) => { | ||
if (response.ok) { | ||
return await response.json() as LoginResponse; | ||
} else { | ||
const errorData = await response.json(); | ||
return parseError(errorData); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
"use server" | ||
|
||
import {cookies} from "next/headers"; | ||
import {LoginResponse} from "../../types/authTypes"; | ||
import {encryptAuthContext} from "./authorization"; | ||
|
||
export const tryGetSessionCookie = (): { success: boolean, value?: string } => { | ||
const sessionCooke = cookies().get("session")?.value; | ||
if (sessionCooke) { | ||
return { success: true, value: sessionCooke }; | ||
} | ||
|
||
return { success: false }; | ||
} | ||
|
||
export const setSessionCookie = async (payload: LoginResponse) => { | ||
cookies().set("session", await encryptAuthContext(payload), { | ||
httpOnly: true, | ||
expires: new Date(Date.now() + 1000 * 60 * 60 * 24) | ||
}); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
"use client" | ||
|
||
import {useEffect, useState} from "react"; | ||
import {LoginResponse} from "../../types/authTypes"; | ||
import {FieldError, GeneralError, isAuthContext} from "../errors"; | ||
import {decryptAuthContext, loginWithToken, logout} from "./authorization"; | ||
import {tryGetSessionCookie, setSessionCookie} from "./session"; | ||
|
||
|
||
export const useAuth = () => { | ||
const [isLoggedIn, setIsLoggedIn] = useState(false); | ||
const [authContext, setAuthContext] = useState<LoginResponse | undefined>(); | ||
const [error, setError] = useState<GeneralError | FieldError | undefined>(); | ||
|
||
useEffect(() => { | ||
let isMounted = true; | ||
|
||
const refresh = async () => { | ||
const sessionCookie = tryGetSessionCookie(); | ||
if (!sessionCookie.success) { | ||
return; | ||
} | ||
|
||
const decrypted = await decryptAuthContext(sessionCookie.value!); | ||
if (!isAuthContext(decrypted)) { | ||
return | ||
} | ||
|
||
const response = await loginWithToken(decrypted.token); | ||
if (!isAuthContext(response)) { | ||
return; | ||
} | ||
|
||
await setSessionCookie(response); | ||
}; | ||
|
||
const getLoggedInState = async () => { | ||
const sessionCookie = tryGetSessionCookie() | ||
|
||
if (!sessionCookie.success) { | ||
if (isMounted) setIsLoggedIn(false); | ||
return; | ||
} | ||
|
||
try { | ||
const decrypted = await decryptAuthContext(sessionCookie.value!); | ||
console.log("session cookie",sessionCookie); | ||
console.log("decrypted", decrypted); | ||
const response = await loginWithToken(decrypted.token); | ||
if (isAuthContext(response)) { | ||
if (isMounted) { | ||
setIsLoggedIn(true); | ||
setAuthContext(response); | ||
|
||
await refresh(); | ||
} | ||
} else { | ||
if (isMounted) { | ||
setIsLoggedIn(false); | ||
setError(response); | ||
await logout(); | ||
} | ||
} | ||
} catch (e) { | ||
if (isMounted) { | ||
setIsLoggedIn(false); | ||
setError({error: 'Unexpected error occurred', status: 500}); | ||
await logout(); | ||
} | ||
} | ||
}; | ||
|
||
getLoggedInState(); | ||
|
||
return () => { | ||
isMounted = false; | ||
}; | ||
}, []); | ||
|
||
return { isLoggedIn, authContext, error }; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
import {LoginResponse} from "../types/authTypes"; | ||
|
||
interface ErrorBase { | ||
status: number; | ||
} | ||
|
||
export interface GeneralError extends ErrorBase{ | ||
error: string; | ||
} | ||
|
||
export interface FieldError extends ErrorBase { | ||
error: { | ||
[field: string]: string[]; // Adjusted to handle any field, not just a single one | ||
}; | ||
} | ||
|
||
export const isAuthContext = (response: any): response is LoginResponse => | ||
response && response.account && typeof response.token === 'string'; | ||
|
||
export const isGeneralError = (error: any): error is GeneralError => | ||
typeof error.error === 'string'; | ||
|
||
export const isFieldError = (error: any): error is FieldError => | ||
typeof error.error === 'object' && !Array.isArray(error.error) && error.error !== null | ||
|
||
export const parseError = (error: any) => { | ||
if (isGeneralError(error)) { | ||
console.log(`General Error: ${error.error}`); | ||
return error as GeneralError; | ||
} else if (isFieldError(error)) { | ||
for (const field in error.error) { | ||
console.log(`Field Error in ${field}: ${error.error[field].join(', ')}`); | ||
} | ||
return error as FieldError; | ||
} else { | ||
console.log('Unknown error structure:', error); | ||
return { | ||
status: 500, | ||
error: 'Unknown error structure' | ||
} as GeneralError; | ||
} | ||
}; |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters