From d97a96fe1c4fd473d26acc462b9ecefce498b32c Mon Sep 17 00:00:00 2001 From: Adrien de Peretti Date: Wed, 14 Dec 2022 16:24:11 +0100 Subject: [PATCH] feat: Allow to access session from the plugin and remove cookie usage (#32) --- packages/medusa-plugin-auth/.gitignore | 1 + packages/medusa-plugin-auth/src/api/index.ts | 51 +------------------ .../src/auth-strategies/facebook/admin.ts | 5 +- .../src/auth-strategies/facebook/store.ts | 5 +- .../src/auth-strategies/google/admin.ts | 5 +- .../src/auth-strategies/google/store.ts | 5 +- .../src/auth-strategies/jwt/admin.ts | 21 -------- .../src/auth-strategies/jwt/index.ts | 11 ---- .../src/auth-strategies/jwt/store.ts | 21 -------- .../src/auth-strategies/jwt/types.ts | 2 - .../src/auth-strategies/linkedin/admin.ts | 5 +- .../src/auth-strategies/linkedin/store.ts | 5 +- .../src/core/utils/build-callback-handler.ts | 14 +++-- .../src/core/utils/get-cookie-options.ts | 18 ------- .../medusa-plugin-auth/src/loaders/index.ts | 2 - .../medusa-plugin-auth/src/types/index.ts | 3 -- 16 files changed, 24 insertions(+), 150 deletions(-) delete mode 100644 packages/medusa-plugin-auth/src/auth-strategies/jwt/admin.ts delete mode 100644 packages/medusa-plugin-auth/src/auth-strategies/jwt/index.ts delete mode 100644 packages/medusa-plugin-auth/src/auth-strategies/jwt/store.ts delete mode 100644 packages/medusa-plugin-auth/src/auth-strategies/jwt/types.ts delete mode 100644 packages/medusa-plugin-auth/src/core/utils/get-cookie-options.ts diff --git a/packages/medusa-plugin-auth/.gitignore b/packages/medusa-plugin-auth/.gitignore index 03db783..7079bb7 100644 --- a/packages/medusa-plugin-auth/.gitignore +++ b/packages/medusa-plugin-auth/.gitignore @@ -8,6 +8,7 @@ /services /loaders /auth-strategies +index.* node_modules .DS_store diff --git a/packages/medusa-plugin-auth/src/api/index.ts b/packages/medusa-plugin-auth/src/api/index.ts index 3263b82..517df2b 100644 --- a/packages/medusa-plugin-auth/src/api/index.ts +++ b/packages/medusa-plugin-auth/src/api/index.ts @@ -1,13 +1,11 @@ import { Router } from 'express'; import { ConfigModule } from '@medusajs/medusa/dist/types/global'; -import wrapHandler from '@medusajs/medusa/dist/api/middlewares/await-middleware'; import loadConfig from '@medusajs/medusa/dist/loaders/config'; -import cors from 'cors'; import GoogleStrategy from '../auth-strategies/google'; import FacebookStrategy from '../auth-strategies/facebook'; import LinkedinStrategy from '../auth-strategies/linkedin'; -import { ADMIN_AUTH_TOKEN_COOKIE_NAME, AuthOptions, STORE_AUTH_TOKEN_COOKIE_NAME } from '../types'; +import { AuthOptions } from '../types'; export default function (rootDirectory, pluginOptions: AuthOptions): Router[] { const configModule = loadConfig(rootDirectory) as ConfigModule; @@ -20,53 +18,6 @@ function loadRouters(configModule: ConfigModule, options: AuthOptions): Router[] routers.push(...GoogleStrategy.getRouter(configModule, options)); routers.push(...FacebookStrategy.getRouter(configModule, options)); routers.push(...LinkedinStrategy.getRouter(configModule, options)); - routers.push(getLogoutRouter(configModule)); return routers; } - -function getLogoutRouter(configModule: ConfigModule): Router { - const router = Router(); - - const adminCorsOptions = { - origin: configModule.projectConfig.admin_cors.split(','), - credentials: true, - }; - - router.use('/admin/auth', cors(adminCorsOptions)); - router.delete( - '/admin/auth', - wrapHandler(async (req, res) => { - if ((req as unknown as Request & { session: unknown }).session) { - (req as unknown as Request & { session: { jwt: string } }).session.jwt = null; - (req as unknown as Request & { session: { destroy: () => void } }).session.destroy(); - } - - res.clearCookie(ADMIN_AUTH_TOKEN_COOKIE_NAME); - - res.status(200).json({}); - }) - ); - - const storeCorsOptions = { - origin: configModule.projectConfig.store_cors.split(','), - credentials: true, - }; - - router.use('/store/auth', cors(storeCorsOptions)); - router.delete( - '/store/auth', - wrapHandler(async (req, res) => { - if ((req as unknown as Request & { session: unknown }).session) { - (req as unknown as Request & { session: { jwt_store: string } }).session.jwt_store = null; - (req as unknown as Request & { session: { destroy: () => void } }).session.destroy(); - } - - res.clearCookie(STORE_AUTH_TOKEN_COOKIE_NAME); - - res.status(200).json({}); - }) - ); - - return router; -} diff --git a/packages/medusa-plugin-auth/src/auth-strategies/facebook/admin.ts b/packages/medusa-plugin-auth/src/auth-strategies/facebook/admin.ts index 7fda9e2..6bd31a7 100644 --- a/packages/medusa-plugin-auth/src/auth-strategies/facebook/admin.ts +++ b/packages/medusa-plugin-auth/src/auth-strategies/facebook/admin.ts @@ -1,7 +1,7 @@ import passport from 'passport'; import { Strategy as FacebookStrategy } from 'passport-facebook'; import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global'; -import { ADMIN_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types'; +import { TWENTY_FOUR_HOURS_IN_MS } from '../../types'; import { UserService } from '@medusajs/medusa'; import { MedusaError } from 'medusa-core-utils'; import { Router } from 'express'; @@ -92,8 +92,7 @@ export function getFacebookAdminAuthRouter(facebook: FacebookAuthOptions, config const expiresIn = facebook.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS; const callbackHandler = buildCallbackHandler( - "admin", - ADMIN_AUTH_TOKEN_COOKIE_NAME, + 'admin', configModule.projectConfig.jwt_secret, expiresIn, facebook.admin.successRedirect diff --git a/packages/medusa-plugin-auth/src/auth-strategies/facebook/store.ts b/packages/medusa-plugin-auth/src/auth-strategies/facebook/store.ts index daa760a..be3d9dc 100644 --- a/packages/medusa-plugin-auth/src/auth-strategies/facebook/store.ts +++ b/packages/medusa-plugin-auth/src/auth-strategies/facebook/store.ts @@ -7,7 +7,7 @@ import { CustomerService } from '@medusajs/medusa'; import { MedusaError } from 'medusa-core-utils'; import { EntityManager } from 'typeorm'; -import { CUSTOMER_METADATA_KEY, STORE_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types'; +import { CUSTOMER_METADATA_KEY, TWENTY_FOUR_HOURS_IN_MS } from '../../types'; import { FACEBOOK_STORE_STRATEGY_NAME, FacebookAuthOptions, Profile } from './types'; import { PassportStrategy } from '../../core/Strategy'; import { buildCallbackHandler } from '../../core/utils/build-callback-handler'; @@ -118,8 +118,7 @@ export function getFacebookStoreAuthRouter(facebook: FacebookAuthOptions, config const expiresIn = facebook.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS; const callbackHandler = buildCallbackHandler( - "store", - STORE_AUTH_TOKEN_COOKIE_NAME, + 'store', configModule.projectConfig.jwt_secret, expiresIn, facebook.store.successRedirect diff --git a/packages/medusa-plugin-auth/src/auth-strategies/google/admin.ts b/packages/medusa-plugin-auth/src/auth-strategies/google/admin.ts index a3788f1..1e0f7b5 100644 --- a/packages/medusa-plugin-auth/src/auth-strategies/google/admin.ts +++ b/packages/medusa-plugin-auth/src/auth-strategies/google/admin.ts @@ -1,7 +1,7 @@ import passport from 'passport'; import { Strategy as GoogleStrategy } from 'passport-google-oauth2'; import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global'; -import { ADMIN_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types'; +import { TWENTY_FOUR_HOURS_IN_MS } from '../../types'; import { UserService } from '@medusajs/medusa'; import { MedusaError } from 'medusa-core-utils'; import { Router } from 'express'; @@ -94,8 +94,7 @@ export function getGoogleAdminAuthRouter(google: GoogleAuthOptions, configModule const expiresIn = google.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS; const callbackHandler = buildCallbackHandler( - "admin", - ADMIN_AUTH_TOKEN_COOKIE_NAME, + 'admin', configModule.projectConfig.jwt_secret, expiresIn, google.admin.successRedirect diff --git a/packages/medusa-plugin-auth/src/auth-strategies/google/store.ts b/packages/medusa-plugin-auth/src/auth-strategies/google/store.ts index e80759c..f1a7436 100644 --- a/packages/medusa-plugin-auth/src/auth-strategies/google/store.ts +++ b/packages/medusa-plugin-auth/src/auth-strategies/google/store.ts @@ -7,7 +7,7 @@ import { CustomerService } from '@medusajs/medusa'; import { MedusaError } from 'medusa-core-utils'; import { EntityManager } from 'typeorm'; -import { CUSTOMER_METADATA_KEY, STORE_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types'; +import { CUSTOMER_METADATA_KEY, TWENTY_FOUR_HOURS_IN_MS } from '../../types'; import { PassportStrategy } from '../../core/Strategy'; import { GOOGLE_STORE_STRATEGY_NAME, GoogleAuthOptions, Profile } from './types'; import { buildCallbackHandler } from '../../core/utils/build-callback-handler'; @@ -120,8 +120,7 @@ export function getGoogleStoreAuthRouter(google: GoogleAuthOptions, configModule const expiresIn = google.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS; const callbackHandler = buildCallbackHandler( - "store", - STORE_AUTH_TOKEN_COOKIE_NAME, + 'store', configModule.projectConfig.jwt_secret, expiresIn, google.store.successRedirect diff --git a/packages/medusa-plugin-auth/src/auth-strategies/jwt/admin.ts b/packages/medusa-plugin-auth/src/auth-strategies/jwt/admin.ts deleted file mode 100644 index 00a0dc7..0000000 --- a/packages/medusa-plugin-auth/src/auth-strategies/jwt/admin.ts +++ /dev/null @@ -1,21 +0,0 @@ -import { PassportStrategy } from '../../core/Strategy'; -import { Strategy as JWTStrategy } from 'passport-jwt'; -import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global'; -import { JWT_ADMIN_STRATEGY_NAME } from './types'; -import { ADMIN_AUTH_TOKEN_COOKIE_NAME } from '../../types'; - -export class JwtAdminStrategy extends PassportStrategy(JWTStrategy, JWT_ADMIN_STRATEGY_NAME) { - constructor(protected readonly container: MedusaContainer, protected readonly configModule: ConfigModule) { - const { jwt_secret } = configModule.projectConfig; - super({ - jwtFromRequest: (req) => { - return req.cookies[ADMIN_AUTH_TOKEN_COOKIE_NAME] ?? req.session.jwt; - }, - secretOrKey: jwt_secret, - }); - } - - async validate(jwtPayload): Promise { - return jwtPayload; - } -} diff --git a/packages/medusa-plugin-auth/src/auth-strategies/jwt/index.ts b/packages/medusa-plugin-auth/src/auth-strategies/jwt/index.ts deleted file mode 100644 index 10ed5f7..0000000 --- a/packages/medusa-plugin-auth/src/auth-strategies/jwt/index.ts +++ /dev/null @@ -1,11 +0,0 @@ -import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global'; -import { StrategyExport } from '../../types'; -import { JwtAdminStrategy } from './admin'; -import { JwtStoreStrategy } from './store'; - -export default { - load: (container: MedusaContainer, configModule: ConfigModule): void => { - new JwtAdminStrategy(container, configModule); - new JwtStoreStrategy(container, configModule); - }, -} as StrategyExport; diff --git a/packages/medusa-plugin-auth/src/auth-strategies/jwt/store.ts b/packages/medusa-plugin-auth/src/auth-strategies/jwt/store.ts deleted file mode 100644 index 9799bb2..0000000 --- a/packages/medusa-plugin-auth/src/auth-strategies/jwt/store.ts +++ /dev/null @@ -1,21 +0,0 @@ -import { PassportStrategy } from '../../core/Strategy'; -import { Strategy as JWTStrategy } from 'passport-jwt'; -import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global'; -import { JWT_STORE_STRATEGY_NAME } from './types'; -import { STORE_AUTH_TOKEN_COOKIE_NAME } from '../../types'; - -export class JwtStoreStrategy extends PassportStrategy(JWTStrategy, JWT_STORE_STRATEGY_NAME) { - constructor(protected readonly container: MedusaContainer, protected readonly configModule: ConfigModule) { - const { jwt_secret } = configModule.projectConfig; - super({ - jwtFromRequest: (req) => { - return req.cookies[STORE_AUTH_TOKEN_COOKIE_NAME] ?? req.session.jwt_store; - }, - secretOrKey: jwt_secret, - }); - } - - async validate(jwtPayload): Promise { - return jwtPayload; - } -} diff --git a/packages/medusa-plugin-auth/src/auth-strategies/jwt/types.ts b/packages/medusa-plugin-auth/src/auth-strategies/jwt/types.ts deleted file mode 100644 index 4d788b4..0000000 --- a/packages/medusa-plugin-auth/src/auth-strategies/jwt/types.ts +++ /dev/null @@ -1,2 +0,0 @@ -export const JWT_ADMIN_STRATEGY_NAME = 'admin-jwt'; -export const JWT_STORE_STRATEGY_NAME = 'store-jwt'; diff --git a/packages/medusa-plugin-auth/src/auth-strategies/linkedin/admin.ts b/packages/medusa-plugin-auth/src/auth-strategies/linkedin/admin.ts index 6701447..f588cd0 100644 --- a/packages/medusa-plugin-auth/src/auth-strategies/linkedin/admin.ts +++ b/packages/medusa-plugin-auth/src/auth-strategies/linkedin/admin.ts @@ -1,7 +1,7 @@ import passport from 'passport'; import { Strategy as LinkedinStrategy } from 'passport-linkedin-oauth2'; import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global'; -import { ADMIN_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types'; +import { TWENTY_FOUR_HOURS_IN_MS } from '../../types'; import { UserService } from '@medusajs/medusa'; import { MedusaError } from 'medusa-core-utils'; import { Router } from 'express'; @@ -97,8 +97,7 @@ export function getLinkedinAdminAuthRouter(linkedin: LinkedinAuthOptions, config const expiresIn = linkedin.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS; const callbackHandler = buildCallbackHandler( - "admin", - ADMIN_AUTH_TOKEN_COOKIE_NAME, + 'admin', configModule.projectConfig.jwt_secret, expiresIn, linkedin.admin.successRedirect diff --git a/packages/medusa-plugin-auth/src/auth-strategies/linkedin/store.ts b/packages/medusa-plugin-auth/src/auth-strategies/linkedin/store.ts index cec9051..4396b3f 100644 --- a/packages/medusa-plugin-auth/src/auth-strategies/linkedin/store.ts +++ b/packages/medusa-plugin-auth/src/auth-strategies/linkedin/store.ts @@ -7,7 +7,7 @@ import { CustomerService } from '@medusajs/medusa'; import { MedusaError } from 'medusa-core-utils'; import { EntityManager } from 'typeorm'; -import { CUSTOMER_METADATA_KEY, STORE_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types'; +import { CUSTOMER_METADATA_KEY, TWENTY_FOUR_HOURS_IN_MS } from '../../types'; import { PassportStrategy } from '../../core/Strategy'; import { LINKEDIN_STORE_STRATEGY_NAME, LinkedinAuthOptions, Profile } from './types'; import { buildCallbackHandler } from '../../core/utils/build-callback-handler'; @@ -122,8 +122,7 @@ export function getLinkedinStoreAuthRouter(linkedin: LinkedinAuthOptions, config const expiresIn = linkedin.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS; const callbackHandler = buildCallbackHandler( - "store", - STORE_AUTH_TOKEN_COOKIE_NAME, + 'store', configModule.projectConfig.jwt_secret, expiresIn, linkedin.store.successRedirect diff --git a/packages/medusa-plugin-auth/src/core/utils/build-callback-handler.ts b/packages/medusa-plugin-auth/src/core/utils/build-callback-handler.ts index e219f4e..4bbb0c8 100644 --- a/packages/medusa-plugin-auth/src/core/utils/build-callback-handler.ts +++ b/packages/medusa-plugin-auth/src/core/utils/build-callback-handler.ts @@ -1,10 +1,16 @@ import jwt from 'jsonwebtoken'; -import { getCookieOptions } from './get-cookie-options'; -export function buildCallbackHandler(domain: "admin" | "store", cookieName: string, secret: string, expiresIn: number, successRedirect: string) { +export function buildCallbackHandler( + domain: 'admin' | 'store', + secret: string, + expiresIn: number, + successRedirect: string +) { return (req, res) => { - const tokenData = domain === "admin" ? { userId: req.user.id } : { customer_id: req.user.id } + const tokenData = domain === 'admin' ? { userId: req.user.id } : { customer_id: req.user.id }; const token = jwt.sign(tokenData, secret, { expiresIn }); - res.cookie(cookieName, token, getCookieOptions(expiresIn)).redirect(successRedirect); + const sessionKey = domain === 'admin' ? 'jwt' : 'jwt_store'; + req.session[sessionKey] = token; + res.redirect(successRedirect); }; } diff --git a/packages/medusa-plugin-auth/src/core/utils/get-cookie-options.ts b/packages/medusa-plugin-auth/src/core/utils/get-cookie-options.ts deleted file mode 100644 index dd82c33..0000000 --- a/packages/medusa-plugin-auth/src/core/utils/get-cookie-options.ts +++ /dev/null @@ -1,18 +0,0 @@ -import { CookieOptions } from 'express-serve-static-core'; - -export function getCookieOptions(maxAge: number): CookieOptions { - let secure = false; - let sameSite: CookieOptions['sameSite'] = false; - - if (process.env.NODE_ENV === 'production' || process.env.NODE_ENV === 'staging') { - secure = true; - sameSite = 'none'; - } - - return { - sameSite, - secure, - httpOnly: true, - maxAge, - }; -} diff --git a/packages/medusa-plugin-auth/src/loaders/index.ts b/packages/medusa-plugin-auth/src/loaders/index.ts index 3aa633b..c7a99aa 100644 --- a/packages/medusa-plugin-auth/src/loaders/index.ts +++ b/packages/medusa-plugin-auth/src/loaders/index.ts @@ -1,7 +1,6 @@ import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global'; import { AuthOptions } from '../types'; -import JwtStrategy from '../auth-strategies/jwt'; import GoogleStrategy from '../auth-strategies/google'; import FacebookStrategy from '../auth-strategies/facebook'; import LinkedinStrategy from '../auth-strategies/linkedin'; @@ -9,7 +8,6 @@ import LinkedinStrategy from '../auth-strategies/linkedin'; export default async function authStrategiesLoader(container: MedusaContainer, authOptions: AuthOptions) { const configModule = container.resolve('configModule') as ConfigModule; - JwtStrategy.load(container, configModule); GoogleStrategy.load(container, configModule, authOptions); FacebookStrategy.load(container, configModule, authOptions); LinkedinStrategy.load(container, configModule, authOptions); diff --git a/packages/medusa-plugin-auth/src/types/index.ts b/packages/medusa-plugin-auth/src/types/index.ts index 55e2b9f..07ed3f3 100644 --- a/packages/medusa-plugin-auth/src/types/index.ts +++ b/packages/medusa-plugin-auth/src/types/index.ts @@ -4,9 +4,6 @@ import { LinkedinAuthOptions } from '../auth-strategies/linkedin'; import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global'; import { Router } from 'express'; -export const STORE_AUTH_TOKEN_COOKIE_NAME = 'store_auth_token'; -export const ADMIN_AUTH_TOKEN_COOKIE_NAME = 'admin_auth_token'; - export const CUSTOMER_METADATA_KEY = 'useSocialAuth'; export const TWENTY_FOUR_HOURS_IN_MS = 24 * 60 * 60 * 1000;