From 22e5858e5ae631f9b1dda389a2be3d47a9aab841 Mon Sep 17 00:00:00 2001 From: Sabine Schaller Date: Thu, 1 Aug 2024 11:49:21 +0200 Subject: [PATCH 1/3] fix(auth): interact redirect --- packages/auth/src/app.ts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/packages/auth/src/app.ts b/packages/auth/src/app.ts index 191cba8120..ce8eb70ffa 100644 --- a/packages/auth/src/app.ts +++ b/packages/auth/src/app.ts @@ -353,7 +353,13 @@ export class App { signed: true, store: { async get(key) { - return await redis.hgetall(key) + const s = await redis.hgetall(key) + const session = { + nonce: s.nonce, + _expire: Number(s._expire), + _maxAge: Number(s._maxAge) + } + return session }, async set(key, session) { // Add a delay to cookie age to ensure redis record expires after cookie From b1f92481b323ecab333896228ed8588ba9529ab3 Mon Sep 17 00:00:00 2001 From: Blair Currey <12960453+BlairCurrey@users.noreply.github.com> Date: Tue, 6 Aug 2024 15:25:39 -0400 Subject: [PATCH 2/3] fix(auth): session cookie not expiring in browser --- packages/auth/src/app.ts | 27 +++++++------------------ packages/auth/src/interaction/routes.ts | 1 - 2 files changed, 7 insertions(+), 21 deletions(-) diff --git a/packages/auth/src/app.ts b/packages/auth/src/app.ts index ce8eb70ffa..57b58064b0 100644 --- a/packages/auth/src/app.ts +++ b/packages/auth/src/app.ts @@ -353,24 +353,22 @@ export class App { signed: true, store: { async get(key) { - const s = await redis.hgetall(key) - const session = { - nonce: s.nonce, - _expire: Number(s._expire), - _maxAge: Number(s._maxAge) - } - return session + const s = await redis.get(key) + + if (!s) return null + + return JSON.parse(s) }, async set(key, session) { // Add a delay to cookie age to ensure redis record expires after cookie const expireInMs = maxAgeMs + 10 * 1000 const op = redis.multi() - op.hset(key, session) + op.set(key, JSON.stringify(session)) op.expire(key, expireInMs) await op.exec() }, async destroy(key) { - await redis.hdel(key) + await redis.del(key) } } }, @@ -447,17 +445,6 @@ export class App { koa.use(cors()) koa.keys = [this.config.cookieKey] - koa.use( - session( - { - key: 'sessionId', - maxAge: 60 * 1000, - signed: true - }, - koa - ) - ) - koa.use(router.middleware()) koa.use(router.routes()) diff --git a/packages/auth/src/interaction/routes.ts b/packages/auth/src/interaction/routes.ts index 8f29ea9fa5..6eb3f5dcff 100644 --- a/packages/auth/src/interaction/routes.ts +++ b/packages/auth/src/interaction/routes.ts @@ -181,7 +181,6 @@ async function startInteraction( const trx = await Interaction.startTransaction() try { - // TODO: also establish session in redis with short expiry await grantService.markPending(interaction.id, trx) await trx.commit() From 2e309f900b9bcf0567f9c5a2c07090a5104043e3 Mon Sep 17 00:00:00 2001 From: Blair Currey <12960453+BlairCurrey@users.noreply.github.com> Date: Tue, 6 Aug 2024 15:56:33 -0400 Subject: [PATCH 3/3] fix(auth): session expiration time unit --- packages/auth/src/app.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/auth/src/app.ts b/packages/auth/src/app.ts index 57b58064b0..a70d438e24 100644 --- a/packages/auth/src/app.ts +++ b/packages/auth/src/app.ts @@ -361,10 +361,10 @@ export class App { }, async set(key, session) { // Add a delay to cookie age to ensure redis record expires after cookie - const expireInMs = maxAgeMs + 10 * 1000 + const expireInSec = maxAgeMs / 1000 + 10 const op = redis.multi() op.set(key, JSON.stringify(session)) - op.expire(key, expireInMs) + op.expire(key, expireInSec) await op.exec() }, async destroy(key) {