(cookies) use longTimeCookieSetting in server routes

2025-09-24 05:05:20 -04:00 · 2024-04-26 18:33:11 +02:00 · 2024-04-26 18:33:11 +02:00 · 58a933d9b8
commit 58a933d9b8
parent a4590eb192
2 changed files with 11 additions and 11 deletions
--- a/server/routes/mfa.js
+++ b/server/routes/mfa.js
@ -10,7 +10,7 @@ import {
    fetchLoginAttempts,
    saveLoginAttempts,
 } from './user.js';
-import cookieSettings from '../../src/cookieSettings.ts';
+import { longtimeCookieSetting } from '../../src/cookieSettings.ts';
 import auditLog from '../audit.ts';
@ -79,7 +79,7 @@ router.post('/mfa/init', handleErrorAsync(async (req, res) => {
    await auditLog(req, 'auth/mfa_initialised');
-    return res.cookie('token', token, cookieSettings).json(recoveryCodes);
+    return res.cookie('token', token, longtimeCookieSetting).json(recoveryCodes);
 }));
 router.post('/mfa/validate', handleErrorAsync(async (req, res) => {
@ -96,7 +96,7 @@ router.post('/mfa/validate', handleErrorAsync(async (req, res) => {
                const token = await issueAuthentication(req.db, req.rawUser, true, false, { mfa: false, mfaRequired: false });
                await auditLog(req, 'auth/mfa_recovery_successful');
-                return res.cookie('token', token, cookieSettings).json({ token });
+                return res.cookie('token', token, longtimeCookieSetting).json({ token });
            }
        }
@ -133,7 +133,7 @@ router.post('/mfa/validate', handleErrorAsync(async (req, res) => {
    const token = await issueAuthentication(req.db, req.rawUser, true, false, { mfaRequired: false });
    await auditLog(req, 'auth/mfa_validation_successful');
-    return res.cookie('token', token, cookieSettings).json({ token });
+    return res.cookie('token', token, longtimeCookieSetting).json({ token });
 }));
 router.post('/mfa/disable', handleErrorAsync(async (req, res) => {
@ -146,7 +146,7 @@ router.post('/mfa/disable', handleErrorAsync(async (req, res) => {
    const token = await issueAuthentication(req.db, req.user);
    await auditLog(req, 'auth/mfa_disabled');
-    return res.cookie('token', token, cookieSettings).json({ token });
+    return res.cookie('token', token, longtimeCookieSetting).json({ token });
 }));
 export default router;
--- a/server/routes/user.js
+++ b/server/routes/user.js
@ -8,7 +8,7 @@ import mailer from '../../src/mailer.ts';
 import { loadSuml } from '../loader.ts';
 import avatar from '../avatar.ts';
 import { config as socialLoginConfig, handlers as socialLoginHandlers, lookup as socialLookup } from '../social.ts';
-import cookieSettings from '../../src/cookieSettings.ts';
+import { longtimeCookieSetting } from '../../src/cookieSettings.ts';
 import { validateCaptcha } from '../captcha.ts';
 import assert from 'assert';
 import { addMfaInfo } from './mfa.js';
@ -280,7 +280,7 @@ const reloadUser = async (req, res, next) => {
        req.user.mfa !== dbUser.mfa
    ) {
        const token = await issueAuthentication(req.db, dbUser, false);
-        res.cookie('token', token, cookieSettings);
+        res.cookie('token', token, longtimeCookieSetting);
        req.rawUser = jwt.validate(token);
        req.user = req.rawUser;
    }
@ -337,7 +337,7 @@ export const loadCurrentUser = async (req, res) => {
    const token = await issueAuthentication(req.db, dbUser, false);
    if (req.query.no_cookie === undefined) {
-        res.cookie('token', token, cookieSettings);
+        res.cookie('token', token, longtimeCookieSetting);
    }
    req.rawUser = jwt.validate(token);
    req.user = req.rawUser;
@ -658,12 +658,12 @@ router.get('/user/social/:provider', handleErrorAsync(async (req, res) => {
        return `${host}/api/user/social-redirect-callback/${encodeURIComponent(token)}`;
    };
-    return res.cookie('token', token, cookieSettings).redirect(buildRedirectUrl());
+    return res.cookie('token', token, longtimeCookieSetting).redirect(buildRedirectUrl());
 }));
 // happens on locale
 router.get('/user/social-redirect-callback/:token', handleErrorAsync(async (req, res) => {
-    res.cookie('token', req.params.token, cookieSettings).redirect(`/${config.user.route}`);
+    res.cookie('token', req.params.token, longtimeCookieSetting).redirect(`/${config.user.route}`);
 }));
 router.get('/user/social-connections', handleErrorAsync(async (req, res) => {
@ -737,7 +737,7 @@ router.get('/user/init-universal/:token', handleErrorAsync(async (req, res) => {
        return res.json('Already logged in');
    }
-    res.cookie('token', req.params.token, cookieSettings);
+    res.cookie('token', req.params.token, longtimeCookieSetting);
    return res.json('Token saved');
 }));