fix: add accessToken to cookie

frouriojs · Sep 17, 2024 · ceb7fe1 · ceb7fe1
1 parent 48faf74
commit ceb7fe1
Show file tree

Hide file tree

Showing 9 changed files with 47 additions and 24 deletions.
diff --git a/client/features/auth/AuthLoader.tsx b/client/features/auth/AuthLoader.tsx
@@ -13,10 +13,12 @@ export const AuthLoader = () => {
   const { setLoading } = useLoading();
   const { setAlert } = useAlert();
   const updateCookie = useCallback(async () => {
-    const jwt = await fetchAuthSession().then((e) => e.tokens?.idToken?.toString());
+    const tokens = await fetchAuthSession().then((e) => e.tokens);
 
-    if (jwt !== undefined) {
-      await apiClient.session.$post({ body: { jwt } });
+    if (tokens !== undefined && tokens.idToken !== undefined) {
+      await apiClient.session.$post({
+        body: { idToken: tokens.idToken.toString(), accessToken: tokens.accessToken.toString() },
+      });
       await apiClient.private.me.$get().then(setUser);
     } else {
       setUser(null);

diff --git a/client/public/docs/openapi.json b/client/public/docs/openapi.json
@@ -692,12 +692,16 @@
               "schema": {
                 "type": "object",
                 "properties": {
-                  "jwt": {
+                  "idToken": {
+                    "type": "string"
+                  },
+                  "accessToken": {
                     "type": "string"
                   }
                 },
                 "required": [
-                  "jwt"
+                  "accessToken",
+                  "idToken"
                 ]
               }
             }

diff --git a/server/api/private/hooks.ts b/server/api/private/hooks.ts
@@ -1,7 +1,7 @@
 import assert from 'assert';
 import type { UserDto } from 'common/types/user';
 import { userUseCase } from 'domain/user/useCase/userUseCase';
-import { COOKIE_NAME } from 'service/constants';
+import { COOKIE_NAMES } from 'service/constants';
 import type { JwtUser } from 'service/types';
 import { defineHooks } from './$relay';
 
@@ -12,7 +12,7 @@ export default defineHooks(() => ({
     req.user = await req
       .jwtVerify<JwtUser>({ onlyCookie: true })
       .then((jwtUser) => {
-        const token = req.cookies[COOKIE_NAME];
+        const token = req.cookies[COOKIE_NAMES.accessToken];
         assert(token);
 
         return userUseCase.findOrCreateUser(jwtUser, token);

diff --git a/server/api/session/controller.ts b/server/api/session/controller.ts
@@ -1,6 +1,6 @@
 import type { CookieSerializeOptions } from '@fastify/cookie';
 import assert from 'assert';
-import { COOKIE_NAME } from 'service/constants';
+import { COOKIE_NAMES } from 'service/constants';
 import { z } from 'zod';
 import type { Methods } from '.';
 import { defineController } from './$relay';
@@ -18,17 +18,22 @@ const options: CookieSerializeOptions = {
 
 export default defineController((fastify) => ({
   post: {
-    validators: { body: z.object({ jwt: z.string() }) },
+    validators: { body: z.object({ idToken: z.string(), accessToken: z.string() }) },
     hooks: {
       preHandler: (req, reply, done) => {
         assert(req.body);
 
         const decoded = z
           .object({ payload: z.object({ exp: z.number() }).passthrough() })
           .passthrough()
-          .parse(fastify.jwt.decode(req.body.jwt));
+          .parse(fastify.jwt.decode(req.body.idToken));
 
-        reply.setCookie(COOKIE_NAME, req.body.jwt, {
+        reply.setCookie(COOKIE_NAMES.idToken, req.body.idToken, {
+          ...options,
+          expires: new Date(decoded.payload.exp * 1000),
+        });
+
+        reply.setCookie(COOKIE_NAMES.accessToken, req.body.accessToken, {
           ...options,
           expires: new Date(decoded.payload.exp * 1000),
         });
@@ -41,7 +46,8 @@ export default defineController((fastify) => ({
   delete: {
     hooks: {
       preHandler: (_, reply, done) => {
-        reply.clearCookie(COOKIE_NAME, options);
+        reply.clearCookie(COOKIE_NAMES.idToken, options);
+        reply.clearCookie(COOKIE_NAMES.accessToken, options);
         done();
       },
     },

diff --git a/server/api/session/index.ts b/server/api/session/index.ts
@@ -2,7 +2,7 @@ import type { DefineMethods } from 'aspida';
 
 export type Methods = DefineMethods<{
   post: {
-    reqBody: { jwt: string };
+    reqBody: { idToken: string; accessToken: string };
     resBody: { status: 'success' };
   };
   delete: {

diff --git a/server/service/app.ts b/server/service/app.ts
@@ -10,7 +10,7 @@ import type { FastifyInstance, FastifyRequest } from 'fastify';
 import Fastify from 'fastify';
 import buildGetJwks from 'get-jwks';
 import server from '../$server';
-import { COOKIE_NAME } from './constants';
+import { COOKIE_NAMES } from './constants';
 import { CustomError } from './customAssert';
 import {
   API_BASE_PATH,
@@ -29,7 +29,7 @@ export const init = (): FastifyInstance => {
   fastify.register(cookie);
 
   fastify.register(fastifyJwt, {
-    cookie: { cookieName: COOKIE_NAME, signed: false },
+    cookie: { cookieName: COOKIE_NAMES.idToken, signed: false },
     decode: { complete: true },
     secret: (_: FastifyRequest, token: TokenOrHeader) => {
       assert('header' in token);

diff --git a/server/service/constants.ts b/server/service/constants.ts
@@ -1 +1 @@
-export const COOKIE_NAME = 'session';
+export const COOKIE_NAMES = { idToken: 'idToken', accessToken: 'accessToken' };
diff --git a/server/tests/api/apiClient.ts b/server/tests/api/apiClient.ts
@@ -5,7 +5,7 @@ import {
 } from '@aws-sdk/client-cognito-identity-provider';
 import api from 'api/$api';
 import axios from 'axios';
-import { COOKIE_NAME } from 'service/constants';
+import { COOKIE_NAMES } from 'service/constants';
 import {
   API_BASE_PATH,
   COGNITO_USER_POOL_CLIENT_ID,
@@ -47,7 +47,10 @@ export const createSessionClients = async (option?: {
 
   const cookie = await cognitoClient
     .send(command2)
-    .then((res) => `${COOKIE_NAME}=${res.AuthenticationResult?.IdToken}`);
+    .then(
+      (res) =>
+        `${COOKIE_NAMES.idToken}=${res.AuthenticationResult?.IdToken};${COOKIE_NAMES.accessToken}=${res.AuthenticationResult?.AccessToken}`,
+    );
 
   const agent = axios.create({ baseURL, headers: { cookie, 'Content-Type': 'text/plain' } });
 

diff --git a/server/tests/api/public.test.ts b/server/tests/api/public.test.ts
@@ -1,5 +1,6 @@
 import { createSigner } from 'fast-jwt';
-import { COOKIE_NAME } from 'service/constants';
+import { COOKIE_NAMES } from 'service/constants';
+import { ulid } from 'ulid';
 import { expect, test } from 'vitest';
 import { createSessionClients, noCookieClient } from './apiClient';
 import { DELETE, GET, POST } from './utils';
@@ -21,17 +22,24 @@ test(GET(noCookieClient.health), async () => {
 });
 
 test(POST(noCookieClient.session), async () => {
-  const jwt = createSigner({ key: 'dummy' })({ exp: Math.floor(Date.now() / 1000) + 100 });
-  const res = await noCookieClient.session.post({ body: { jwt } });
-
-  expect(res.headers['set-cookie'][0].startsWith(`${COOKIE_NAME}=${jwt};`)).toBeTruthy();
+  const idToken = createSigner({ key: 'dummy' })({ exp: Math.floor(Date.now() / 1000) + 100 });
+  const accessToken = ulid();
+  const res = await noCookieClient.session.post({ body: { idToken, accessToken } });
+
+  expect(
+    res.headers['set-cookie'][0].startsWith(`${COOKIE_NAMES.idToken}=${idToken};`),
+  ).toBeTruthy();
+  expect(
+    res.headers['set-cookie'][1].startsWith(`${COOKIE_NAMES.accessToken}=${accessToken};`),
+  ).toBeTruthy();
   expect(res.body.status === 'success').toBeTruthy();
 });
 
 test(DELETE(noCookieClient.session), async () => {
   const apiClient = await createSessionClients();
   const res = await apiClient.session.delete();
 
-  expect(res.headers['set-cookie'][0].startsWith(`${COOKIE_NAME}=;`)).toBeTruthy();
+  expect(res.headers['set-cookie'][0].startsWith(`${COOKIE_NAMES.idToken}=;`)).toBeTruthy();
+  expect(res.headers['set-cookie'][1].startsWith(`${COOKIE_NAMES.accessToken}=;`)).toBeTruthy();
   expect(res.body.status === 'success').toBeTruthy();
 });