FragginWagon
8775f8b1fe
- Updated CSRF middleware to enhance cookie value decoding. - Reformatted OAuth proxy token store initialization for better clarity. - Adjusted Challonge proxy router for consistent line breaks and readability. - Enhanced OAuth router error handling and response formatting. - Improved session router for better readability and consistency in fetching provider records. - Refactored OAuth token store to improve key derivation logging. - Cleaned up cookie options utility for better readability. - Enhanced Challonge client credentials composable for consistent API calls. - Streamlined OAuth composable for improved logging. - Refactored main.js for better readability in session initialization. - Improved Challonge v2.1 service error handling for better clarity. - Cleaned up API client utility for improved readability. - Enhanced ApiKeyManager.vue for better text formatting. - Refactored ChallongeTest.vue for improved readability in composable usage.
80 lines
1.8 KiB
JavaScript
80 lines
1.8 KiB
JavaScript
import crypto from 'node:crypto';
|
|
|
|
const ONE_DAY_SECONDS = 60 * 60 * 24;
|
|
const SEVEN_DAYS_SECONDS = ONE_DAY_SECONDS * 7;
|
|
|
|
export const COOKIE_NAMES = {
|
|
sid: 'pdx_sid',
|
|
csrf: 'pdx_csrf'
|
|
};
|
|
|
|
export function getCookieSecurityConfig(config) {
|
|
const deploymentTarget =
|
|
config?.deploymentTarget || process.env.DEPLOYMENT_TARGET;
|
|
const nodeEnv = config?.nodeEnv || process.env.NODE_ENV;
|
|
|
|
const isProdTarget =
|
|
deploymentTarget === 'production' || nodeEnv === 'production';
|
|
|
|
return {
|
|
secure: isProdTarget,
|
|
sameSite: 'lax'
|
|
};
|
|
}
|
|
|
|
export function getSidCookieOptions(config) {
|
|
const { secure, sameSite } = getCookieSecurityConfig(config);
|
|
|
|
return {
|
|
httpOnly: true,
|
|
secure,
|
|
sameSite,
|
|
path: '/',
|
|
maxAge: SEVEN_DAYS_SECONDS * 1000
|
|
};
|
|
}
|
|
|
|
// Legacy cookie options used before widening cookie scope to '/'.
|
|
// Clearing these prevents browsers from sending multiple cookies with the same
|
|
// name but different paths (e.g. '/api' and '/'), which can cause session
|
|
// split-brain.
|
|
export function getLegacySidCookieOptions(config) {
|
|
const { secure, sameSite } = getCookieSecurityConfig(config);
|
|
|
|
return {
|
|
httpOnly: true,
|
|
secure,
|
|
sameSite,
|
|
path: '/api',
|
|
maxAge: SEVEN_DAYS_SECONDS * 1000
|
|
};
|
|
}
|
|
|
|
export function getCsrfCookieOptions(config) {
|
|
const { secure, sameSite } = getCookieSecurityConfig(config);
|
|
|
|
return {
|
|
httpOnly: false,
|
|
secure,
|
|
sameSite,
|
|
path: '/',
|
|
maxAge: ONE_DAY_SECONDS * 1000
|
|
};
|
|
}
|
|
|
|
export function getLegacyCsrfCookieOptions(config) {
|
|
const { secure, sameSite } = getCookieSecurityConfig(config);
|
|
|
|
return {
|
|
httpOnly: false,
|
|
secure,
|
|
sameSite,
|
|
path: '/api',
|
|
maxAge: ONE_DAY_SECONDS * 1000
|
|
};
|
|
}
|
|
|
|
export function generateToken(bytes = 24) {
|
|
return crypto.randomBytes(bytes).toString('base64url');
|
|
}
|