Fix cookie reading for auth

UW-Macrostrat · Sep 18, 2024 · cecc8f0 · cecc8f0
1 parent d81d4fa
commit cecc8f0
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 14 deletions.
diff --git a/pages/dev/security/+guard.ts b/pages/dev/security/+guard.ts
@@ -7,8 +7,6 @@ export const guard: GuardAsync = async (
 ): ReturnType<GuardAsync> => {
   const { user } = pageContext;
 
-  console.log(user);
-
   if (user === undefined) {
     // Render the login page while preserving the URL. (This is novel technique
     // which we explain down below.)

diff --git a/server/index.ts b/server/index.ts
@@ -65,7 +65,6 @@ async function startServer() {
   const app = express();
 
   app.use(compression());
-  app.use(cookieParser());
   //
   if (isProduction) {
     app.use(sirv(`${root}/dist/client`));

diff --git a/server/vike-handler.ts b/server/vike-handler.ts
@@ -9,7 +9,8 @@ const environment = synthesizeConfigFromEnvironment();
 export async function vikeHandler<
   Context extends Record<string | number | symbol, unknown>
 >(request: Request, context?: Context): Promise<Response> {
-  const user = await getUserFromCookie(request);
+  const cookies = getCookies(request);
+  const user = await getUserFromCookie(cookies);
 
   const pageContextInit = {
     ...context,
@@ -19,8 +20,6 @@ export async function vikeHandler<
     macrostratLogoFlavor: macrostratLogoFlavor(),
   };
 
-  console.log(pageContextInit, request);
-
   const pageContext = await renderPage(pageContextInit);
   const response = pageContext.httpResponse;
 
@@ -34,24 +33,18 @@ export async function vikeHandler<
   });
 }
 
-async function getUserFromCookie(request: Request) {
+async function getUserFromCookie(cookies: Record<string, string>) {
   const isProduction = process.env.NODE_ENV === "production";
   // Pull out the authorization cookie and decrypt it
   let user: any = undefined;
   try {
-    const authHeader = request.cookies?.Authorization;
+    const authHeader = cookies?.Authorization;
     const secret = new TextEncoder().encode(process.env.SECRET_KEY);
     const jwt = authHeader.substring(7, authHeader.length);
-
-    console.log(authHeader, jwt, request.cookies);
     // We probably don't need to verify the JWT on each request
     user = (await jose.jwtVerify(jwt, secret)).payload;
-
-    console.log(user);
   } catch (e) {
     // I don't care if it fails, it just means the user isn't logged in
-    console.log("Failed to verify JWT");
-    console.log(e);
   }
 
   if (!isProduction && process.env.DEV_ENABLE_AUTH !== "true") {
@@ -61,6 +54,18 @@ async function getUserFromCookie(request: Request) {
   return user;
 }
 
+function getCookies(request: Request) {
+  const cookieHeader = request.headers.get("Cookie");
+  if (!cookieHeader) {
+    return {};
+  }
+  return cookieHeader.split("; ").reduce((acc, cookie) => {
+    const [key, value] = cookie.split("=");
+    acc[key] = value;
+    return acc;
+  }, {});
+}
+
 function synthesizeConfigFromEnvironment() {
   /** Creates a mapping of environment variables that start with VITE_,
    * and returns them as an object. This allows us to pass environment