Skip to content

Commit b66d7d3

Browse files
rkpasiarkpasia
committed
Update /auth flows to use env vars
1 parent 5663818 commit b66d7d3

File tree

2 files changed

+31
-8
lines changed

2 files changed

+31
-8
lines changed

src/routes/auth/login/+page.server.js

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,14 @@
11
import { fail, redirect } from '@sveltejs/kit'
22
import * as jose from 'jose'
33
import { userAuthentication } from '$lib/server/api/v1/auth_api'
4+
import {
5+
AUTH_COOKIE_NAME,
6+
AUTH_COOKIE_DOMAIN,
7+
AUTH_COOKIE_PATH,
8+
AUTH_COOKIE_SAME_SITE,
9+
AUTH_COOKIE_SECURE,
10+
AUTH_COOKIE_HTTP_ONLY
11+
} from '$env/static/private'
412

513
export const actions = {
614
// Default page action / Handles POST requests
@@ -23,13 +31,16 @@ export const actions = {
2331
const tokenClaims = jose.decodeJwt(authToken)
2432

2533
// Set the authentication cookie
26-
cookies.set('fastapiusersauth', authData.access_token, {
27-
path: '/',
34+
const cookieOptions = {
35+
domain: `${AUTH_COOKIE_DOMAIN}`,
36+
path: `${AUTH_COOKIE_PATH}`,
2837
expires: new Date(tokenClaims.exp * 1000),
29-
sameSite: 'lax',
30-
secure: true,
31-
httpOnly: true
32-
})
38+
sameSite: `${AUTH_COOKIE_SAME_SITE}`,
39+
secure: `${AUTH_COOKIE_SECURE}` === 'true',
40+
httpOnly: `${AUTH_COOKIE_HTTP_ONLY}` === 'true'
41+
}
42+
console.log(cookieOptions)
43+
cookies.set(AUTH_COOKIE_NAME, authData.access_token, cookieOptions)
3344

3445
throw redirect(302, '/')
3546
}

src/routes/auth/logout/+server.js

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,13 @@
11
import { error } from '@sveltejs/kit'
22
import { logout } from '$lib/server/api/v1/auth_api'
3+
import {
4+
AUTH_COOKIE_NAME,
5+
AUTH_COOKIE_DOMAIN,
6+
AUTH_COOKIE_PATH,
7+
AUTH_COOKIE_SAME_SITE,
8+
AUTH_COOKIE_SECURE,
9+
AUTH_COOKIE_HTTP_ONLY
10+
} from '$env/static/private'
311

412
export async function GET({ fetch, cookies }) {
513

@@ -12,9 +20,13 @@ export async function GET({ fetch, cookies }) {
1220

1321
// Set the fastapiusersauth cookie to expire in the past
1422
// This will delete the cookie
15-
cookies.set('fastapiusersauth', '', {
23+
cookies.set(AUTH_COOKIE_NAME, '', {
24+
domain: `${AUTH_COOKIE_DOMAIN}`,
25+
path: `${AUTH_COOKIE_PATH}`,
1626
expires: new Date(0),
17-
path: '/'
27+
sameSite: `${AUTH_COOKIE_SAME_SITE}`,
28+
secure: `${AUTH_COOKIE_SECURE}` === 'true',
29+
httpOnly: `${AUTH_COOKIE_HTTP_ONLY}` === 'true'
1830
})
1931

2032
const headers = new Headers()

0 commit comments

Comments
 (0)