feat: Allow to access session from the plugin and remove cookie usage (…

…adrien2p#32)

packages/medusa-plugin-auth/.gitignore

@@ -8,6 +8,7 @@
 /services
 /loaders
 /auth-strategies
+index.*
 
 node_modules
 .DS_store

packages/medusa-plugin-auth/src/api/index.ts

@@ -1,13 +1,11 @@
 import { Router } from 'express';
 import { ConfigModule } from '@medusajs/medusa/dist/types/global';
-import wrapHandler from '@medusajs/medusa/dist/api/middlewares/await-middleware';
 import loadConfig from '@medusajs/medusa/dist/loaders/config';
-import cors from 'cors';
 import GoogleStrategy from '../auth-strategies/google';
 import FacebookStrategy from '../auth-strategies/facebook';
 import LinkedinStrategy from '../auth-strategies/linkedin';
 
-import { ADMIN_AUTH_TOKEN_COOKIE_NAME, AuthOptions, STORE_AUTH_TOKEN_COOKIE_NAME } from '../types';
+import { AuthOptions } from '../types';
 
 export default function (rootDirectory, pluginOptions: AuthOptions): Router[] {
 	const configModule = loadConfig(rootDirectory) as ConfigModule;
@@ -20,53 +18,6 @@ function loadRouters(configModule: ConfigModule, options: AuthOptions): Router[]
 	routers.push(...GoogleStrategy.getRouter(configModule, options));
 	routers.push(...FacebookStrategy.getRouter(configModule, options));
 	routers.push(...LinkedinStrategy.getRouter(configModule, options));
-	routers.push(getLogoutRouter(configModule));
 
 	return routers;
 }
-
-function getLogoutRouter(configModule: ConfigModule): Router {
-	const router = Router();
-
-	const adminCorsOptions = {
-		origin: configModule.projectConfig.admin_cors.split(','),
-		credentials: true,
-	};
-
-	router.use('/admin/auth', cors(adminCorsOptions));
-	router.delete(
-		'/admin/auth',
-		wrapHandler(async (req, res) => {
-			if ((req as unknown as Request & { session: unknown }).session) {
-				(req as unknown as Request & { session: { jwt: string } }).session.jwt = null;
-				(req as unknown as Request & { session: { destroy: () => void } }).session.destroy();
-			}
-
-			res.clearCookie(ADMIN_AUTH_TOKEN_COOKIE_NAME);
-
-			res.status(200).json({});
-		})
-	);
-
-	const storeCorsOptions = {
-		origin: configModule.projectConfig.store_cors.split(','),
-		credentials: true,
-	};
-
-	router.use('/store/auth', cors(storeCorsOptions));
-	router.delete(
-		'/store/auth',
-		wrapHandler(async (req, res) => {
-			if ((req as unknown as Request & { session: unknown }).session) {
-				(req as unknown as Request & { session: { jwt_store: string } }).session.jwt_store = null;
-				(req as unknown as Request & { session: { destroy: () => void } }).session.destroy();
-			}
-
-			res.clearCookie(STORE_AUTH_TOKEN_COOKIE_NAME);
-
-			res.status(200).json({});
-		})
-	);
-
-	return router;
-}

packages/medusa-plugin-auth/src/auth-strategies/facebook/admin.ts

@@ -1,7 +1,7 @@
 import passport from 'passport';
 import { Strategy as FacebookStrategy } from 'passport-facebook';
 import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global';
-import { ADMIN_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import { TWENTY_FOUR_HOURS_IN_MS } from '../../types';
 import { UserService } from '@medusajs/medusa';
 import { MedusaError } from 'medusa-core-utils';
 import { Router } from 'express';
@@ -92,8 +92,7 @@ export function getFacebookAdminAuthRouter(facebook: FacebookAuthOptions, config
 
 	const expiresIn = facebook.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS;
 	const callbackHandler = buildCallbackHandler(
-		"admin",
-		ADMIN_AUTH_TOKEN_COOKIE_NAME,
+		'admin',
 		configModule.projectConfig.jwt_secret,
 		expiresIn,
 		facebook.admin.successRedirect

packages/medusa-plugin-auth/src/auth-strategies/facebook/store.ts

@@ -7,7 +7,7 @@ import { CustomerService } from '@medusajs/medusa';
 import { MedusaError } from 'medusa-core-utils';
 import { EntityManager } from 'typeorm';
 
-import { CUSTOMER_METADATA_KEY, STORE_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import { CUSTOMER_METADATA_KEY, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
 import { FACEBOOK_STORE_STRATEGY_NAME, FacebookAuthOptions, Profile } from './types';
 import { PassportStrategy } from '../../core/Strategy';
 import { buildCallbackHandler } from '../../core/utils/build-callback-handler';
@@ -118,8 +118,7 @@ export function getFacebookStoreAuthRouter(facebook: FacebookAuthOptions, config
 
 	const expiresIn = facebook.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS;
 	const callbackHandler = buildCallbackHandler(
-		"store",
-		STORE_AUTH_TOKEN_COOKIE_NAME,
+		'store',
 		configModule.projectConfig.jwt_secret,
 		expiresIn,
 		facebook.store.successRedirect

packages/medusa-plugin-auth/src/auth-strategies/google/admin.ts

@@ -1,7 +1,7 @@
 import passport from 'passport';
 import { Strategy as GoogleStrategy } from 'passport-google-oauth2';
 import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global';
-import { ADMIN_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import { TWENTY_FOUR_HOURS_IN_MS } from '../../types';
 import { UserService } from '@medusajs/medusa';
 import { MedusaError } from 'medusa-core-utils';
 import { Router } from 'express';
@@ -94,8 +94,7 @@ export function getGoogleAdminAuthRouter(google: GoogleAuthOptions, configModule
 
 	const expiresIn = google.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS;
 	const callbackHandler = buildCallbackHandler(
-		"admin",
-		ADMIN_AUTH_TOKEN_COOKIE_NAME,
+		'admin',
 		configModule.projectConfig.jwt_secret,
 		expiresIn,
 		google.admin.successRedirect

packages/medusa-plugin-auth/src/auth-strategies/google/store.ts

@@ -7,7 +7,7 @@ import { CustomerService } from '@medusajs/medusa';
 import { MedusaError } from 'medusa-core-utils';
 import { EntityManager } from 'typeorm';
 
-import { CUSTOMER_METADATA_KEY, STORE_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import { CUSTOMER_METADATA_KEY, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
 import { PassportStrategy } from '../../core/Strategy';
 import { GOOGLE_STORE_STRATEGY_NAME, GoogleAuthOptions, Profile } from './types';
 import { buildCallbackHandler } from '../../core/utils/build-callback-handler';
@@ -120,8 +120,7 @@ export function getGoogleStoreAuthRouter(google: GoogleAuthOptions, configModule
 
 	const expiresIn = google.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS;
 	const callbackHandler = buildCallbackHandler(
-		"store",
-		STORE_AUTH_TOKEN_COOKIE_NAME,
+		'store',
 		configModule.projectConfig.jwt_secret,
 		expiresIn,
 		google.store.successRedirect

packages/medusa-plugin-auth/src/auth-strategies/linkedin/admin.ts

@@ -1,7 +1,7 @@
 import passport from 'passport';
 import { Strategy as LinkedinStrategy } from 'passport-linkedin-oauth2';
 import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global';
-import { ADMIN_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import { TWENTY_FOUR_HOURS_IN_MS } from '../../types';
 import { UserService } from '@medusajs/medusa';
 import { MedusaError } from 'medusa-core-utils';
 import { Router } from 'express';
@@ -97,8 +97,7 @@ export function getLinkedinAdminAuthRouter(linkedin: LinkedinAuthOptions, config
 	const expiresIn = linkedin.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS;
 
 	const callbackHandler = buildCallbackHandler(
-		"admin",
-		ADMIN_AUTH_TOKEN_COOKIE_NAME,
+		'admin',
 		configModule.projectConfig.jwt_secret,
 		expiresIn,
 		linkedin.admin.successRedirect

packages/medusa-plugin-auth/src/auth-strategies/linkedin/store.ts

@@ -7,7 +7,7 @@ import { CustomerService } from '@medusajs/medusa';
 import { MedusaError } from 'medusa-core-utils';
 import { EntityManager } from 'typeorm';
 
-import { CUSTOMER_METADATA_KEY, STORE_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import { CUSTOMER_METADATA_KEY, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
 import { PassportStrategy } from '../../core/Strategy';
 import { LINKEDIN_STORE_STRATEGY_NAME, LinkedinAuthOptions, Profile } from './types';
 import { buildCallbackHandler } from '../../core/utils/build-callback-handler';
@@ -122,8 +122,7 @@ export function getLinkedinStoreAuthRouter(linkedin: LinkedinAuthOptions, config
 
 	const expiresIn = linkedin.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS;
 	const callbackHandler = buildCallbackHandler(
-		"store",
-		STORE_AUTH_TOKEN_COOKIE_NAME,
+		'store',
 		configModule.projectConfig.jwt_secret,
 		expiresIn,
 		linkedin.store.successRedirect

packages/medusa-plugin-auth/src/core/utils/build-callback-handler.ts

@@ -1,10 +1,16 @@
 import jwt from 'jsonwebtoken';
-import { getCookieOptions } from './get-cookie-options';
 
-export function buildCallbackHandler(domain: "admin" | "store", cookieName: string, secret: string, expiresIn: number, successRedirect: string) {
+export function buildCallbackHandler(
+	domain: 'admin' | 'store',
+	secret: string,
+	expiresIn: number,
+	successRedirect: string
+) {
 	return (req, res) => {
-		const tokenData = domain === "admin" ? { userId: req.user.id } : { customer_id: req.user.id }
+		const tokenData = domain === 'admin' ? { userId: req.user.id } : { customer_id: req.user.id };
 		const token = jwt.sign(tokenData, secret, { expiresIn });
-		res.cookie(cookieName, token, getCookieOptions(expiresIn)).redirect(successRedirect);
+		const sessionKey = domain === 'admin' ? 'jwt' : 'jwt_store';
+		req.session[sessionKey] = token;
+		res.redirect(successRedirect);
 	};
 }

packages/medusa-plugin-auth/src/loaders/index.ts

@@ -1,15 +1,13 @@
 import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global';
 
 import { AuthOptions } from '../types';
-import JwtStrategy from '../auth-strategies/jwt';
 import GoogleStrategy from '../auth-strategies/google';
 import FacebookStrategy from '../auth-strategies/facebook';
 import LinkedinStrategy from '../auth-strategies/linkedin';
 
 export default async function authStrategiesLoader(container: MedusaContainer, authOptions: AuthOptions) {
 	const configModule = container.resolve('configModule') as ConfigModule;
 
-	JwtStrategy.load(container, configModule);
 	GoogleStrategy.load(container, configModule, authOptions);
 	FacebookStrategy.load(container, configModule, authOptions);
 	LinkedinStrategy.load(container, configModule, authOptions);

packages/medusa-plugin-auth/src/types/index.ts

@@ -4,9 +4,6 @@ import { LinkedinAuthOptions } from '../auth-strategies/linkedin';
 import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global';
 import { Router } from 'express';
 
-export const STORE_AUTH_TOKEN_COOKIE_NAME = 'store_auth_token';
-export const ADMIN_AUTH_TOKEN_COOKIE_NAME = 'admin_auth_token';
-
 export const CUSTOMER_METADATA_KEY = 'useSocialAuth';
 
 export const TWENTY_FOUR_HOURS_IN_MS = 24 * 60 * 60 * 1000;