-
Notifications
You must be signed in to change notification settings - Fork 355
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CORL-1048] Cookie Deprecation #2944
Merged
Merged
Changes from 7 commits
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
8640d35
feat: dropped cookie support due to ITP issues
wyattjoh fac7f25
feat: added improved accessToken handling
wyattjoh 44b730b
fix: linting
wyattjoh b9d9c72
fix: removed variadic part of JWT
wyattjoh 06f302a
fix: bump long-settimeout version
wyattjoh 40d6e24
review: removed management classes
wyattjoh bb543e3
fix: updated snaps
wyattjoh dadaa1d
review: renamed based on review
wyattjoh 9630f86
review: removed guard clauses around errors surrounding auth
wyattjoh d6fc053
Merge branch 'master' into feature/CORL-1048
wyattjoh File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
import { Claims, computeExpiresIn, parseAccessTokenClaims } from "./helpers"; | ||
|
||
/** | ||
* ACCESS_TOKEN_KEY is the key in storage where the accessToken is stored. | ||
*/ | ||
const ACCESS_TOKEN_KEY = "coral:v1:accessToken"; | ||
|
||
/** | ||
* storage is the Storage used to retrieve/update/delete access tokens on. | ||
*/ | ||
const storage = localStorage; | ||
|
||
export interface AuthState { | ||
/** | ||
* accessToken is the access token issued by the server. | ||
*/ | ||
accessToken: string; | ||
|
||
/** | ||
* claims are the parsed claims from the access token. | ||
*/ | ||
claims: Claims; | ||
} | ||
|
||
export type AccessTokenProvider = () => string | undefined; | ||
|
||
function parseAccessToken(accessToken: string) { | ||
// Try to parse the access token claims. | ||
const claims = parseAccessTokenClaims(accessToken); | ||
if (!claims) { | ||
// Claims couldn't be parsed. | ||
return; | ||
} | ||
|
||
if (claims.exp) { | ||
const expiresIn = computeExpiresIn(claims.exp); | ||
if (!expiresIn) { | ||
// Looks like the access token has expired. | ||
return; | ||
} | ||
} | ||
|
||
return { accessToken, claims }; | ||
} | ||
|
||
export function retrieveAccessToken() { | ||
try { | ||
// Get the access token from storage. | ||
const accessToken = storage.getItem(ACCESS_TOKEN_KEY); | ||
if (!accessToken) { | ||
// Looks like the access token wasn't in storage. | ||
return; | ||
} | ||
|
||
// Return the parsed access token. | ||
return parseAccessToken(accessToken); | ||
} catch (err) { | ||
if (process.env.NODE_ENV !== "production") { | ||
// eslint-disable-next-line no-console | ||
console.error("could not get access token from storage", err); | ||
} | ||
|
||
return; | ||
} | ||
} | ||
|
||
export function updateAccessToken(accessToken: string) { | ||
cvle marked this conversation as resolved.
Show resolved
Hide resolved
|
||
try { | ||
// Update the access token in storage. | ||
storage.setItem(ACCESS_TOKEN_KEY, accessToken); | ||
} catch (err) { | ||
if (process.env.NODE_ENV !== "production") { | ||
// eslint-disable-next-line no-console | ||
console.error("could not set access token in storage", err); | ||
} | ||
} | ||
|
||
// Return the parsed access token. | ||
return parseAccessToken(accessToken); | ||
} | ||
|
||
export function deleteAccessToken() { | ||
try { | ||
storage.removeItem(ACCESS_TOKEN_KEY); | ||
} catch (err) { | ||
if (process.env.NODE_ENV !== "production") { | ||
// eslint-disable-next-line no-console | ||
console.error("could not remove access token from storage", err); | ||
} | ||
} | ||
|
||
return undefined; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
const SKEW_TOLERANCE = 300; | ||
|
||
export interface Claims { | ||
jti?: string; | ||
exp?: number; | ||
} | ||
|
||
export function parseAccessTokenClaims<T = {}>( | ||
accessToken: string | ||
): (Claims & T) | null { | ||
const parts = accessToken.split("."); | ||
if (parts.length !== 3) { | ||
if (process.env.NODE_ENV !== "production") { | ||
// eslint-disable-next-line no-console | ||
console.warn("access token does not have the right number of parts"); | ||
} | ||
return null; | ||
} | ||
|
||
try { | ||
const claims = JSON.parse(atob(parts[1])); | ||
|
||
// Validate `jti` claim. | ||
if (!claims.jti || typeof claims.jti !== "string") { | ||
delete claims.jti; | ||
} | ||
|
||
// Validate `exp` claim. | ||
if (!claims.exp || typeof claims.exp !== "number") { | ||
delete claims.exp; | ||
} | ||
|
||
return claims; | ||
} catch (err) { | ||
if (process.env.NODE_ENV !== "production") { | ||
// eslint-disable-next-line no-console | ||
console.error("access token can not be parsed:", err); | ||
} | ||
|
||
return null; | ||
} | ||
} | ||
|
||
/** | ||
* computeExpiresIn will return null if we are already expired, or the time in | ||
* milliseconds from now that we are expired. | ||
* | ||
* @param expiredAt the epoch timestamp that we're considered expired | ||
*/ | ||
export function computeExpiresIn(expiredAt: number) { | ||
const expiresIn = expiredAt * 1000 - Date.now(); | ||
if (expiresIn + SKEW_TOLERANCE <= 0) { | ||
return null; | ||
} | ||
|
||
return expiresIn; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
export * from "./auth"; |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a question: What harm is there to output these errors in production?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From a users perspective, it's not likely that this would be used to debug issues. If we're concerned about tracking these errors, we should consider these types of guards as indicators to include error reporters.