Merge pull request #155 from desci-labs/cookie-fix-orcid

fix inspector attachment, add COOKIE_DOMAIN var, make orcid first time registration smoother
desci-labs · Nov 9, 2023 · 646cfab · 646cfab
2 parents 9a14dc8 + 6f8d596
commit 646cfab
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 10 deletions.
diff --git a/.env.example b/.env.example
@@ -46,6 +46,8 @@ ARWEAVE_PUBKEY=
 # base64-encoded private key JSON stringified object (https://docs.arweave.org/developers/server/http-api#key-format)
 ARWAVE_SECRET_PRIVATE_KEY_SECRET=
 
+COOKIE_DOMAIN=
+
 ESTUARY_API_KEY=
 ESTUARY_API_URL=https://api.estuary.tech
 

diff --git a/desci-server/kubernetes/deployment.yaml b/desci-server/kubernetes/deployment.yaml
@@ -39,6 +39,7 @@ spec:
           export JWT_SECRET={{ .Data.JWT_SECRET }}
           export JWT_EXPIRATION=15m
           export SESSION_KEY={{ .Data.SESSION_KEY }}
+          export COOKIE_DOMAIN={{ .Data.COOKIE_DOMAIN }}
           export ORCID_API_DOMAIN={{ .Data.ORCID_API_DOMAIN }}
           export ORCID_CLIENT_ID={{ .Data.ORCID_CLIENT_ID }}
           export ORCID_CLIENT_SECRET={{ .Data.ORCID_CLIENT_SECRET }}

diff --git a/desci-server/kubernetes/deployment_dev.yaml b/desci-server/kubernetes/deployment_dev.yaml
@@ -39,6 +39,7 @@ spec:
           export JWT_SECRET={{ .Data.JWT_SECRET }}
           export JWT_EXPIRATION=15m
           export SESSION_KEY={{ .Data.SESSION_KEY }}
+          export COOKIE_DOMAIN={{ .Data.COOKIE_DOMAIN }}
           export ORCID_API_DOMAIN={{ .Data.ORCID_API_DOMAIN }}
           export ORCID_CLIENT_ID={{ .Data.ORCID_CLIENT_ID }}
           export ORCID_CLIENT_SECRET={{ .Data.ORCID_CLIENT_SECRET }}

diff --git a/desci-server/nodemon.json b/desci-server/nodemon.json
@@ -1,8 +1,8 @@
 {
   "watch": ["."],
-  "ext": ".ts,.js",
+  "ext": ".ts,.js,*",
   "ignore": ["log/server.log"],
   "verbose": true,
-  "exec": "npx kill-port 5420 9229 ; node -r ts-node/register --inspect=0.0.0.0:9229",
+  "exec": "npx kill-port 5420 9229 ; sleep 1; node -r ts-node/register --inspect=0.0.0.0:9229",
   "delay": 2500
 }
diff --git a/desci-server/src/controllers/auth/logout.ts b/desci-server/src/controllers/auth/logout.ts
@@ -13,5 +13,25 @@ export const logout = async (req: Request, res: Response, next: NextFunction) =>
     domain: process.env.NODE_ENV === 'production' ? '.desci.com' : 'localhost',
     sameSite: 'strict',
   });
+
+  (process.env.COOKIE_DOMAIN?.split(',') || [undefined]).map((domain) => {
+    res.clearCookie('auth', {
+      maxAge: oneYear,
+      httpOnly: true, // Ineffective whilst we still return the bearer token to the client in the response
+      secure: process.env.NODE_ENV === 'production',
+      domain: process.env.NODE_ENV === 'production' ? domain || '.desci.com' : 'localhost',
+      sameSite: 'strict',
+    });
+  });
+
+  if (process.env.SERVER_URL === 'https://nodes-api-dev.desci.com') {
+    // insecure cookie for local dev, should only be used for testing
+    res.clearCookie('auth', {
+      maxAge: oneYear,
+      httpOnly: true,
+      sameSite: 'strict',
+    });
+  }
+
   res.send('Logged out successfully');
 };
diff --git a/desci-server/src/controllers/auth/magic.ts b/desci-server/src/controllers/auth/magic.ts
@@ -68,13 +68,14 @@ export const magic = async (req: Request, res: Response, next: NextFunction) =>
 
         if (!user.name) {
           const orcidRecord = await getOrcidRecord(orcid, access_token);
-          const name = orcidRecord['person']['name'];
+          const nameObj = orcidRecord['person']['name'];
+          const name = `${[nameObj['given-names']?.value, nameObj['family-name']?.value].filter(Boolean).join(' ')}`;
           await prismaClient.user.update({
             where: {
               id: user.id,
             },
             data: {
-              name: `${[name['given-names']?.value, name['family-name']?.value].filter(Boolean).join(' ')}`,
+              name,
             },
           });
         }

diff --git a/desci-server/src/utils/sendCookie.ts b/desci-server/src/utils/sendCookie.ts
@@ -4,12 +4,14 @@ import { oneDay, oneYear } from 'controllers/auth';
 import logger from 'logger';
 export const sendCookie = (res: Response, token: string, isDevMode: boolean) => {
   if (!isDevMode) {
-    res.cookie('auth', token, {
-      maxAge: oneYear,
-      httpOnly: true, // Ineffective whilst we still return the bearer token to the client in the response
-      secure: process.env.NODE_ENV === 'production',
-      domain: process.env.NODE_ENV === 'production' ? '.desci.com' : 'localhost',
-      sameSite: 'strict',
+    (process.env.COOKIE_DOMAIN?.split(',') || [undefined]).map((domain) => {
+      res.cookie('auth', token, {
+        maxAge: oneYear,
+        httpOnly: true, // Ineffective whilst we still return the bearer token to the client in the response
+        secure: process.env.NODE_ENV === 'production',
+        domain: process.env.NODE_ENV === 'production' ? domain || '.desci.com' : 'localhost',
+        sameSite: 'strict',
+      });
     });
   }