refactor: handle authentication state in middleware

2026-04-15 03:43:14 +02:00 · 2023-02-04 18:12:49 +01:00
parent 064ef38d78
commit 4e840ecd29
17 changed files with 511 additions and 474 deletions
--- a/backend/src/auth/auth.controller.ts
+++ b/backend/src/auth/auth.controller.ts
@@ -120,7 +120,7 @@ export class AuthController {
    const accessToken = await this.authService.refreshAccessToken(
      request.cookies.refresh_token
    );
-    response.cookie("access_token", accessToken);
+    response = this.addTokensToResponse(response, undefined, accessToken);
    return new TokenDTO().from({ accessToken });
  }

@@ -162,11 +162,13 @@ export class AuthController {
    refreshToken?: string,
    accessToken?: string
  ) {
-    if (accessToken) response.cookie("access_token", accessToken);
+    if (accessToken)
+      response.cookie("access_token", accessToken, { sameSite: "lax" });
    if (refreshToken)
      response.cookie("refresh_token", refreshToken, {
        path: "/api/auth/token",
        httpOnly: true,
+        sameSite: "strict",
        maxAge: 1000 * 60 * 60 * 24 * 30 * 3,
      });