starred/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-12-27 01:11:50 +03:00
Code Issues 418 Packages Projects Releases 12 Wiki Activity

feat: Improve security of access tokens (#279)

Browse Source 
Closes #275
This commit is contained in:
SimonTagne
2022-08-09 18:03:21 +02:00
committed by GitHub
parent 77ac2cf1b1
commit 2b4c2b0f49
40 changed files with 273 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
client/src/utils/access-token-storage.js
View File

@@ -1,15 +1,36 @@
import Cookies from 'js-cookie';
import jwtDecode from 'jwt-decode';
import Config from '../constants/Config';
export const setAccessToken = (accessToken) => {
const { exp } = jwtDecode(accessToken);
const expires = new Date(exp * 1000);
Cookies.set(Config.ACCESS_TOKEN_KEY, accessToken, {
expires: Config.ACCESS_TOKEN_EXPIRES,
expires,
secure: window.location.protocol === 'https:',
sameSite: 'strict',
});
Cookies.set(Config.ACCESS_TOKEN_VERSION_KEY, Config.ACCESS_TOKEN_VERSION, {
expires,
});
};
export const getAccessToken = () => Cookies.get(Config.ACCESS_TOKEN_KEY);
export const removeAccessToken = () => {
Cookies.remove(Config.ACCESS_TOKEN_KEY);
Cookies.remove(Config.ACCESS_TOKEN_VERSION_KEY);
};
export const getAccessToken = () => {
let accessToken = Cookies.get(Config.ACCESS_TOKEN_KEY);
const accessTokenVersion = Cookies.get(Config.ACCESS_TOKEN_VERSION_KEY);
if (accessToken && accessTokenVersion !== Config.ACCESS_TOKEN_VERSION) {
removeAccessToken();
accessToken = undefined;
}
return accessToken;
};