diff --git a/services/auth/login.js b/services/auth/login.js index d4ea516..f4966dd 100644 --- a/services/auth/login.js +++ b/services/auth/login.js @@ -1,5 +1,6 @@ -import { verifyValueWithHash, secureCookie } from "../../utils/credential.js"; +import { verifyValueWithHash } from "../../utils/credential.js"; import { makeAccesstoken, makeRefreshtoken } from "../../utils/jwt.js"; +import { refreshCookie, fgpCookie } from "../../utils/cookies.js"; import config from "../../config.js"; export const loginHandler = async function (request, reply) { @@ -47,18 +48,9 @@ export const loginHandler = async function (request, reply) { access_token: userAccessToken.token, access_token_expiry: userAccessToken.expiration, }; - const expireDate = new Date(); - expireDate.setTime(expireDate.getTime() + 7 * 24 * 60 * 60 * 1000); // TODO: Make configurable now, set to 7 days reply.headers({ - "set-cookie": [ - `userRefreshToken=${userRefreshToken.token}; Path=/; Expires=${expireDate}; SameSite=${ - config.SAMESITE - }; HttpOnly; ${secureCookie()}`, - `Fgp=${userAccessToken.userFingerprint}; Path=/; Max-Age=3600; SameSite=${ - config.SAMESITE - }; HttpOnly; ${secureCookie()}`, - ], + "set-cookie": [refreshCookie(userRefreshToken.token), fgpCookie(userAccessToken.userFingerprint)], "x-authc-app-origin": config.APPLICATIONORIGIN, }); diff --git a/services/auth/profile.js b/services/auth/profile.js index 3918d45..5304279 100644 --- a/services/auth/profile.js +++ b/services/auth/profile.js @@ -1,6 +1,7 @@ -import { createHash, secureCookie } from "../../utils/credential.js"; +import { createHash } from "../../utils/credential.js"; import { makeAccesstoken, makeRefreshtoken } from "../../utils/jwt.js"; import config from "../../config.js"; +import { refreshCookie, fgpCookie } from "../../utils/cookies.js"; export const userProfileHandler = async function (request, reply) { try { @@ -50,18 +51,9 @@ export const userProfileHandler = async function (request, reply) { access_token: userAccessToken.token, access_token_expiry: userAccessToken.expiration, }; - const expireDate = new Date(); - expireDate.setTime(expireDate.getTime() + 7 * 24 * 60 * 60 * 1000); // TODO: Make configurable now, set to 7 days reply.headers({ - "set-cookie": [ - `userRefreshToken=${userRefreshToken.token}; Path=/; Expires=${expireDate}; SameSite=${ - config.SAMESITE - }; HttpOnly; ${secureCookie()}`, - `Fgp=${userAccessToken.userFingerprint}; Path=/; Max-Age=3600; SameSite=${ - config.SAMESITE - }; HttpOnly; ${secureCookie()}`, - ], + "set-cookie": [refreshCookie(userRefreshToken.token), fgpCookie(userAccessToken.userFingerprint)], "x-authc-app-origin": config.APPLICATIONORIGIN, }); diff --git a/services/auth/refresh.js b/services/auth/refresh.js index f7d4054..8e1713f 100644 --- a/services/auth/refresh.js +++ b/services/auth/refresh.js @@ -1,7 +1,7 @@ import { makeAccesstoken, makeRefreshtoken, validateJWT } from "../../utils/jwt.js"; import config from "../../config.js"; import { parse } from "cookie"; -import { secureCookie } from "../../utils/credential.js"; +import { refreshCookie, fgpCookie } from "../../utils/cookies.js"; export const tokenRefreshHandler = async function (request, reply) { try { @@ -37,18 +37,9 @@ export const tokenRefreshHandler = async function (request, reply) { access_token: userAccessToken.token, access_token_expiry: userAccessToken.expiration, }; - const expireDate = new Date(); - expireDate.setTime(expireDate.getTime() + 7 * 24 * 60 * 60 * 1000); // TODO: Make configurable now, set to 7 days reply.headers({ - "set-cookie": [ - `userRefreshToken=${userRefreshToken.token}; Path=/; Expires=${expireDate}; SameSite=${ - config.SAMESITE - }; HttpOnly; ${secureCookie()}`, - `Fgp=${userAccessToken.userFingerprint}; Path=/; Max-Age=3600; SameSite=${ - config.SAMESITE - }; HttpOnly; ${secureCookie()}`, - ], + "set-cookie": [refreshCookie(userRefreshToken.token), fgpCookie(userAccessToken.userFingerprint)], "x-authc-app-origin": config.APPLICATIONORIGIN, }); diff --git a/services/auth/registration.js b/services/auth/registration.js index 013a819..5f6e19b 100644 --- a/services/auth/registration.js +++ b/services/auth/registration.js @@ -3,6 +3,7 @@ import { randomUUID } from "crypto"; import { createId } from "@paralleldrive/cuid2"; import { makeAccesstoken, makeRefreshtoken } from "../../utils/jwt.js"; import config from "../../config.js"; +import { refreshCookie, fgpCookie } from "../../utils/cookies.js"; export const registrationHandler = async function (request, reply) { try { @@ -53,14 +54,7 @@ export const registrationHandler = async function (request, reply) { expireDate.setTime(expireDate.getTime() + 7 * 24 * 60 * 60 * 1000); // TODO: Make configurable now, set to 7 days reply.headers({ - "set-cookie": [ - `userRefreshToken=${ - userRefreshToken.token - }; Path=/; Expires=${expireDate}; SameSite=None; HttpOnly; ${secureCookie()}`, - `Fgp=${userAccessToken.userFingerprint}; Path=/; Max-Age=3600; SameSite=${ - config.SAMESITE - }; HttpOnly; ${secureCookie()}`, - ], + "set-cookie": [refreshCookie(userRefreshToken.token), fgpCookie(userAccessToken.userFingerprint)], "x-authc-app-origin": config.REGISTRATIONORIGIN, }); diff --git a/utils/cookies.js b/utils/cookies.js new file mode 100644 index 0000000..9c146d5 --- /dev/null +++ b/utils/cookies.js @@ -0,0 +1,13 @@ +import { secureCookie } from "./credential.js"; +import config from "../config.js"; + +export function refreshCookie(token) { + const expireDate = new Date(); + expireDate.setTime(expireDate.getTime() + 7 * 24 * 60 * 60 * 1000); // TODO: Make configurable now, set to 7 days + return `userRefreshToken=${token}; Path=/; Expires=${expireDate}; SameSite=${ + config.SAMESITE + }; HttpOnly; ${secureCookie()}`; +} +export function fgpCookie(fingerprint) { + return `Fgp=${fingerprint}; Path=/; Max-Age=3600; SameSite=${config.SAMESITE}; HttpOnly; ${secureCookie()}`; +}