Migrate to session based auth

2024-11-29 18:20:51 -05:00
parent b86c7258e7
commit c65fcc2558
13 changed files with 111 additions and 104 deletions
--- a/frontend/src/routes/collections/+page.server.ts
+++ b/frontend/src/routes/collections/+page.server.ts
@@ -152,34 +152,9 @@ export const actions: Actions = {
 		formDataToSend.append('end_date', end_date || '');
 		formDataToSend.append('link', link || '');

-		let auth = event.cookies.get('auth');
+		let sessionId = event.cookies.get('sessionid');

-		if (!auth) {
-			const refresh = event.cookies.get('refresh');
-			if (!refresh) {
-				return {
-					status: 401,
-					body: { message: 'Unauthorized' }
-				};
-			}
-			let res = await tryRefreshToken(refresh);
-			if (res) {
-				auth = res;
-				event.cookies.set('auth', auth, {
-					httpOnly: true,
-					sameSite: 'lax',
-					expires: new Date(Date.now() + 60 * 60 * 1000), // 60 minutes
-					path: '/'
-				});
-			} else {
-				return {
-					status: 401,
-					body: { message: 'Unauthorized' }
-				};
-			}
-		}
-
-		if (!auth) {
+		if (!sessionId) {
 			return {
 				status: 401,
 				body: { message: 'Unauthorized' }
@@ -199,9 +174,10 @@ export const actions: Actions = {
 			method: 'PATCH',
 			headers: {
 				'X-CSRFToken': csrfToken,
-				Cookie: auth
+				Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`
 			},
-			body: formDataToSend
+			body: formDataToSend,
+			credentials: 'include'
 		});

 		if (!res.ok) {
@@ -218,6 +194,10 @@ export const actions: Actions = {
 	},
 	get: async (event) => {
 		if (!event.locals.user) {
+			return {
+				status: 401,
+				body: { message: 'Unauthorized' }
+			};
 		}

 		const formData = await event.request.formData();
@@ -240,19 +220,20 @@ export const actions: Actions = {
 		let previous = null;
 		let count = 0;

-		let visitedFetch = await fetch(
+		let collectionsFetch = await fetch(
 			`${serverEndpoint}/api/collections/?order_by=${order_by}&order_direction=${order_direction}`,
 			{
 				headers: {
-					Cookie: `${event.cookies.get('auth')}`
-				}
+					Cookie: `sessionid=${event.cookies.get('sessionid')}`
+				},
+				credentials: 'include'
 			}
 		);
-		if (!visitedFetch.ok) {
+		if (!collectionsFetch.ok) {
 			console.error('Failed to fetch visited adventures');
 			return redirect(302, '/login');
 		} else {
-			let res = await visitedFetch.json();
+			let res = await collectionsFetch.json();
 			let visited = res.results as Adventure[];
 			next = res.next;
 			previous = res.previous;
@@ -309,15 +290,16 @@ export const actions: Actions = {
 		}

 		const fullUrl = `${serverEndpoint}${url}`;
-		console.log(fullUrl);
-		console.log(serverEndpoint);
+
+		let sessionId = event.cookies.get('sessionid');

 		try {
 			const response = await fetch(fullUrl, {
 				headers: {
 					'Content-Type': 'application/json',
-					Cookie: `${event.cookies.get('auth')}`
-				}
+					Cookie: `sessionid=${sessionId}`
+				},
+				credentials: 'include'
 			});

 			if (!response.ok) {
--- a/frontend/src/routes/collections/[id]/+page.server.ts
+++ b/frontend/src/routes/collections/[id]/+page.server.ts
@@ -6,9 +6,10 @@ const endpoint = PUBLIC_SERVER_URL || 'http://localhost:8000';

 export const load = (async (event) => {
 	const id = event.params as { id: string };
+	let sessionid = event.cookies.get('sessionid');
 	let request = await fetch(`${endpoint}/api/collections/${id.id}/`, {
 		headers: {
-			Cookie: `${event.cookies.get('auth')}`
+			Cookie: `sessionid=${sessionid}`
 		}
 	});
 	if (!request.ok) {
@@ -30,7 +31,7 @@ export const load = (async (event) => {
 }) satisfies PageServerLoad;

 import type { Actions } from '@sveltejs/kit';
-import { tryRefreshToken } from '$lib/index.server';
+import { fetchCSRFToken, tryRefreshToken } from '$lib/index.server';

 const serverEndpoint = PUBLIC_SERVER_URL || 'http://localhost:8000';

@@ -39,31 +40,6 @@ export const actions: Actions = {
 		const id = event.params as { id: string };
 		const adventureId = id.id;

-		if (!event.locals.user) {
-			const refresh = event.cookies.get('refresh');
-			let auth = event.cookies.get('auth');
-			if (!refresh) {
-				return {
-					status: 401,
-					body: { message: 'Unauthorized' }
-				};
-			}
-			let res = await tryRefreshToken(refresh);
-			if (res) {
-				auth = res;
-				event.cookies.set('auth', auth, {
-					httpOnly: true,
-					sameSite: 'lax',
-					expires: new Date(Date.now() + 60 * 60 * 1000), // 60 minutes
-					path: '/'
-				});
-			} else {
-				return {
-					status: 401,
-					body: { message: 'Unauthorized' }
-				};
-			}
-		}
 		if (!adventureId) {
 			return {
 				status: 400,
@@ -71,15 +47,27 @@ export const actions: Actions = {
 			};
 		}

+		let sessionId = event.cookies.get('sessionid');
+
+		if (!sessionId) {
+			return {
+				status: 401,
+				error: new Error('Unauthorized')
+			};
+		}
+
+		let csrfToken = await fetchCSRFToken();
+
 		let res = await fetch(`${serverEndpoint}/api/collections/${event.params.id}`, {
 			method: 'DELETE',
 			headers: {
-				Cookie: `${event.cookies.get('auth')}`,
-				'Content-Type': 'application/json'
-			}
+				Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
+				'Content-Type': 'application/json',
+				'X-CSRFToken': csrfToken
+			},
+			credentials: 'include'
 		});

-		console.log(res);
 		if (!res.ok) {
 			return {
 				status: res.status,
--- a/frontend/src/routes/collections/archived/+page.server.ts
+++ b/frontend/src/routes/collections/archived/+page.server.ts
@@ -8,13 +8,11 @@ export const load = (async (event) => {
 	if (!event.locals.user) {
 		return redirect(302, '/login');
 	} else {
-		let next = null;
-		let previous = null;
-		let count = 0;
+		let sessionId = event.cookies.get('sessionid');
 		let adventures: Adventure[] = [];
 		let initialFetch = await fetch(`${serverEndpoint}/api/collections/archived/`, {
 			headers: {
-				Cookie: `${event.cookies.get('auth')}`
+				Cookie: `sessionid=${sessionId}`
 			}
 		});
 		if (!initialFetch.ok) {