mirror of
https://github.com/cheeaun/phanpy.git
synced 2025-01-22 16:46:28 +01:00
Use secure same-site session cookie instead of sessionStorage
This commit is contained in:
parent
0bbb631221
commit
5d2f8ffddc
5 changed files with 53 additions and 7 deletions
9
package-lock.json
generated
9
package-lock.json
generated
|
@ -25,6 +25,7 @@
|
||||||
"html-prettify": "~1.0.7",
|
"html-prettify": "~1.0.7",
|
||||||
"idb-keyval": "~6.2.1",
|
"idb-keyval": "~6.2.1",
|
||||||
"intl-locale-textinfo-polyfill": "~2.1.1",
|
"intl-locale-textinfo-polyfill": "~2.1.1",
|
||||||
|
"js-cookie": "~3.0.5",
|
||||||
"just-debounce-it": "~3.2.0",
|
"just-debounce-it": "~3.2.0",
|
||||||
"lz-string": "~1.5.0",
|
"lz-string": "~1.5.0",
|
||||||
"masto": "~6.8.0",
|
"masto": "~6.8.0",
|
||||||
|
@ -7472,6 +7473,14 @@
|
||||||
"jiti": "bin/jiti.js"
|
"jiti": "bin/jiti.js"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"node_modules/js-cookie": {
|
||||||
|
"version": "3.0.5",
|
||||||
|
"resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz",
|
||||||
|
"integrity": "sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw==",
|
||||||
|
"engines": {
|
||||||
|
"node": ">=14"
|
||||||
|
}
|
||||||
|
},
|
||||||
"node_modules/js-sha256": {
|
"node_modules/js-sha256": {
|
||||||
"version": "0.10.1",
|
"version": "0.10.1",
|
||||||
"resolved": "https://registry.npmjs.org/js-sha256/-/js-sha256-0.10.1.tgz",
|
"resolved": "https://registry.npmjs.org/js-sha256/-/js-sha256-0.10.1.tgz",
|
||||||
|
|
|
@ -31,6 +31,7 @@
|
||||||
"html-prettify": "~1.0.7",
|
"html-prettify": "~1.0.7",
|
||||||
"idb-keyval": "~6.2.1",
|
"idb-keyval": "~6.2.1",
|
||||||
"intl-locale-textinfo-polyfill": "~2.1.1",
|
"intl-locale-textinfo-polyfill": "~2.1.1",
|
||||||
|
"js-cookie": "~3.0.5",
|
||||||
"just-debounce-it": "~3.2.0",
|
"just-debounce-it": "~3.2.0",
|
||||||
"lz-string": "~1.5.0",
|
"lz-string": "~1.5.0",
|
||||||
"masto": "~6.8.0",
|
"masto": "~6.8.0",
|
||||||
|
|
|
@ -321,9 +321,9 @@ function App() {
|
||||||
window.location.pathname || '/',
|
window.location.pathname || '/',
|
||||||
);
|
);
|
||||||
|
|
||||||
const clientID = store.session.get('clientID');
|
const clientID = store.sessionCookie.get('clientID');
|
||||||
const clientSecret = store.session.get('clientSecret');
|
const clientSecret = store.sessionCookie.get('clientSecret');
|
||||||
const vapidKey = store.session.get('vapidKey');
|
const vapidKey = store.sessionCookie.get('vapidKey');
|
||||||
|
|
||||||
(async () => {
|
(async () => {
|
||||||
setUIState('loading');
|
setUIState('loading');
|
||||||
|
|
|
@ -64,9 +64,9 @@ function Login() {
|
||||||
});
|
});
|
||||||
|
|
||||||
if (client_id && client_secret) {
|
if (client_id && client_secret) {
|
||||||
store.session.set('clientID', client_id);
|
store.sessionCookie.set('clientID', client_id);
|
||||||
store.session.set('clientSecret', client_secret);
|
store.sessionCookie.set('clientSecret', client_secret);
|
||||||
store.session.set('vapidKey', vapid_key);
|
store.sessionCookie.set('vapidKey', vapid_key);
|
||||||
|
|
||||||
location.href = await getAuthorizationURL({
|
location.href = await getAuthorizationURL({
|
||||||
instanceURL,
|
instanceURL,
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
|
import Cookies from 'js-cookie';
|
||||||
|
|
||||||
import { getCurrentAccountNS } from './store-utils';
|
import { getCurrentAccountNS } from './store-utils';
|
||||||
|
|
||||||
|
const cookies = Cookies.withAttributes({ sameSite: 'strict', secure: true });
|
||||||
|
|
||||||
const local = {
|
const local = {
|
||||||
get: (key) => {
|
get: (key) => {
|
||||||
try {
|
try {
|
||||||
|
@ -86,6 +90,38 @@ const session = {
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Session secure cookie
|
||||||
|
const cookie = {
|
||||||
|
get: (key) => cookies.get(key),
|
||||||
|
set: (key, value) => cookies.set(key, value),
|
||||||
|
del: (key) => cookies.remove(key),
|
||||||
|
};
|
||||||
|
|
||||||
|
// Cookie with sessionStorage fallback
|
||||||
|
const sessionCookie = {
|
||||||
|
get: (key) => {
|
||||||
|
if (navigator.cookieEnabled) {
|
||||||
|
return cookie.get(key);
|
||||||
|
} else {
|
||||||
|
return session.get(key);
|
||||||
|
}
|
||||||
|
},
|
||||||
|
set: (key, value) => {
|
||||||
|
if (navigator.cookieEnabled) {
|
||||||
|
return cookie.set(key, value);
|
||||||
|
} else {
|
||||||
|
return session.set(key, value);
|
||||||
|
}
|
||||||
|
},
|
||||||
|
del: (key) => {
|
||||||
|
if (navigator.cookieEnabled) {
|
||||||
|
return cookie.del(key);
|
||||||
|
} else {
|
||||||
|
return session.del(key);
|
||||||
|
}
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
// Store with account namespace (id@domain.tld) <- uses id, not username
|
// Store with account namespace (id@domain.tld) <- uses id, not username
|
||||||
const account = {
|
const account = {
|
||||||
get: (key) => {
|
get: (key) => {
|
||||||
|
@ -118,4 +154,4 @@ const account = {
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
export default { local, session, account };
|
export default { local, session, sessionCookie, cookie, account };
|
||||||
|
|
Loading…
Reference in a new issue