Skip to content

Commit

Permalink
Refresh jwt/cookie when myProjects doesn't match.
Browse files Browse the repository at this point in the history
  • Loading branch information
@myieye
myieye committed Dec 11, 2023
1 parent 9fe376b commit ec41557
Show file tree
Hide file tree
Showing 5 changed files with 56 additions and 22 deletions.
16 changes: 14 additions & 2 deletions backend/LexBoxApi/GraphQL/LexQueries.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,15 @@ public class LexQueries

[UseProjection]
[UseSorting]
public IQueryable<Project> MyProjects(LoggedInContext loggedInContext, LexBoxDbContext context)
public async Task<IQueryable<Project>> MyProjects(LoggedInContext loggedInContext, LexBoxDbContext context, LexAuthService lexAuthService)
{
var userId = loggedInContext.User.Id;
return context.Projects.Where(p => p.Users.Select(u => u.UserId).Contains(userId));
var projects = context.Projects.Where(p => p.Users.Select(u => u.UserId).Contains(userId));
if (loggedInContext.User.Role != UserRole.admin && !ProjectsMatch(projects, loggedInContext.User.Projects))
{
await lexAuthService.RefreshUser(userId, LexAuthConstants.ProjectsClaimType);
}
return projects;
}

[UseProjection]
Expand Down Expand Up @@ -59,4 +64,11 @@ public LexAuthUser Me(LoggedInContext loggedInContext)
{
return loggedInContext.User;
}

private static bool ProjectsMatch(IQueryable<Project> dbProjects, AuthUserProject[] jwtProjects)
{
if (dbProjects.Count() != jwtProjects.Length) return false;
var dbProjectIds = dbProjects.Select(p => p.Id).ToHashSet();
return jwtProjects.All(p => dbProjectIds.Contains(p.ProjectId));
}
}
2 changes: 2 additions & 0 deletions frontend/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,9 +73,11 @@
"@opentelemetry/sdk-node": "^0.39.1",
"@opentelemetry/sdk-trace-web": "^1.13.0",
"@opentelemetry/semantic-conventions": "^1.13.0",
"@types/set-cookie-parser": "^2.4.7",
"@vitejs/plugin-basic-ssl": "^1.0.1",
"css-tree": "^2.3.1",
"mjml": "^4.14.1",
"set-cookie-parser": "^2.6.0",
"svelte-exmarkdown": "^3.0.1",
"svelte-intl-precompile": "^0.12.3",
"sveltekit-search-params": "^1.0.15",
Expand Down
41 changes: 26 additions & 15 deletions frontend/pnpm-lock.yaml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 14 additions & 1 deletion frontend/src/hooks.server.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
import { getUser, isAuthn } from '$lib/user'
import { AUTH_COOKIE_NAME, getUser, isAuthn } from '$lib/user'
import { apiVersion } from '$lib/util/version';
import { redirect, type Handle, type HandleFetch, type HandleServerError, type ResolveOptions } from '@sveltejs/kit'
import { loadI18n } from '$lib/i18n';
import { ensureErrorIsTraced, traceRequest, traceFetch } from '$lib/otel/otel.server'
import { env } from '$env/dynamic/private';
import { getErrorMessage, validateFetchResponse } from './hooks.shared';
import * as setCookieParser from 'set-cookie-parser';

const UNAUTHENTICATED_ROOT = '(unauthenticated)';
const AUTHENTICATED_ROOT = '(authenticated)';
Expand Down Expand Up @@ -69,6 +70,18 @@ export const handleFetch: HandleFetch = async ({ event, request, fetch }) => {
apiVersion.value = response.headers.get('lexbox-version');
}

const lexBoxSetAuthCookieHeader = response.headers.getSetCookie()
.find(h => h.startsWith(`${AUTH_COOKIE_NAME}=`));

if (lexBoxSetAuthCookieHeader) {
const { name, value, ...options } = setCookieParser.parseString(lexBoxSetAuthCookieHeader);
event.cookies.set(AUTH_COOKIE_NAME, value, {
...options,
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-explicit-any
sameSite: options.sameSite?.toLocaleLowerCase() as any,
});
}

return response;
};

Expand Down
4 changes: 0 additions & 4 deletions frontend/src/routes/(authenticated)/project/[project_code]/AddProjectMember.svelte
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,9 +57,5 @@
autofocus
/>
<ProjectRoleSelect bind:value={$form.role} error={errors.role} />
<div class="alert alert-info gap-2 mt-4">
<span class="i-mdi-info-outline text-xl"></span>
{$t('project_page.add_user.user_needs_to_relogin')}
</div>
<span slot="submitText">{$t('project_page.add_user.submit_button')}</span>
</FormModal>

0 comments on commit ec41557

Please sign in to comment.