mirror of
https://github.com/directus/directus.git
synced 2026-04-25 03:00:53 -04:00
enable custom name for refresh token (#6890)
This commit is contained in:
j3n57h0m45
@@ -38,6 +38,7 @@ ACCESS_TOKEN_TTL="15m"
|
||||
REFRESH_TOKEN_TTL="7d"
|
||||
REFRESH_TOKEN_COOKIE_SECURE=false
|
||||
REFRESH_TOKEN_COOKIE_SAME_SITE="lax"
|
||||
REFRESH_TOKEN_COOKIE_NAME="directus_refresh_token"
|
||||
|
||||
####################################################################################################
|
||||
## SSO (OAuth) Providers
|
||||
|
||||
@@ -59,7 +59,7 @@ router.post(
|
||||
}
|
||||
|
||||
if (mode === 'cookie') {
|
||||
res.cookie('directus_refresh_token', refreshToken, {
|
||||
res.cookie(env.REFRESH_TOKEN_COOKIE_NAME, refreshToken, {
|
||||
httpOnly: true,
|
||||
domain: env.REFRESH_TOKEN_COOKIE_DOMAIN,
|
||||
maxAge: ms(env.REFRESH_TOKEN_TTL as string),
|
||||
@@ -88,7 +88,7 @@ router.post(
|
||||
schema: req.schema,
|
||||
});
|
||||
|
||||
const currentRefreshToken = req.body.refresh_token || req.cookies.directus_refresh_token;
|
||||
const currentRefreshToken = req.body.refresh_token || req.cookies[env.REFRESH_TOKEN_COOKIE_NAME];
|
||||
|
||||
if (!currentRefreshToken) {
|
||||
throw new InvalidPayloadException(`"refresh_token" is required in either the JSON payload or Cookie`);
|
||||
@@ -107,7 +107,7 @@ router.post(
|
||||
}
|
||||
|
||||
if (mode === 'cookie') {
|
||||
res.cookie('directus_refresh_token', refreshToken, {
|
||||
res.cookie(env.REFRESH_TOKEN_COOKIE_NAME, refreshToken, {
|
||||
httpOnly: true,
|
||||
domain: env.REFRESH_TOKEN_COOKIE_DOMAIN,
|
||||
maxAge: ms(env.REFRESH_TOKEN_TTL as string),
|
||||
@@ -136,7 +136,7 @@ router.post(
|
||||
schema: req.schema,
|
||||
});
|
||||
|
||||
const currentRefreshToken = req.body.refresh_token || req.cookies.directus_refresh_token;
|
||||
const currentRefreshToken = req.body.refresh_token || req.cookies[env.REFRESH_TOKEN_COOKIE_NAME];
|
||||
|
||||
if (!currentRefreshToken) {
|
||||
throw new InvalidPayloadException(`"refresh_token" is required in either the JSON payload or Cookie`);
|
||||
@@ -144,8 +144,8 @@ router.post(
|
||||
|
||||
await authenticationService.logout(currentRefreshToken);
|
||||
|
||||
if (req.cookies.directus_refresh_token) {
|
||||
res.clearCookie('directus_refresh_token', {
|
||||
if (req.cookies[env.REFRESH_TOKEN_COOKIE_NAME]) {
|
||||
res.clearCookie(env.REFRESH_TOKEN_COOKIE_NAME, {
|
||||
httpOnly: true,
|
||||
domain: env.REFRESH_TOKEN_COOKIE_DOMAIN,
|
||||
secure: env.REFRESH_TOKEN_COOKIE_SECURE ?? false,
|
||||
@@ -340,7 +340,7 @@ router.get(
|
||||
emitStatus('success');
|
||||
|
||||
if (redirect) {
|
||||
res.cookie('directus_refresh_token', refreshToken, {
|
||||
res.cookie(env.REFRESH_TOKEN_COOKIE_NAME, refreshToken, {
|
||||
httpOnly: true,
|
||||
domain: env.REFRESH_TOKEN_COOKIE_DOMAIN,
|
||||
maxAge: ms(env.REFRESH_TOKEN_TTL as string),
|
||||
|
||||
@@ -34,6 +34,7 @@ const defaults: Record<string, any> = {
|
||||
REFRESH_TOKEN_TTL: '7d',
|
||||
REFRESH_TOKEN_COOKIE_SECURE: false,
|
||||
REFRESH_TOKEN_COOKIE_SAME_SITE: 'lax',
|
||||
REFRESH_TOKEN_COOKIE_NAME: 'directus_refresh_token',
|
||||
|
||||
ROOT_REDIRECT: './admin',
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@ import env from './env';
|
||||
const pinoOptions: LoggerOptions = {
|
||||
level: env.LOG_LEVEL || 'info',
|
||||
redact: {
|
||||
paths: ['req.headers.authorization', 'req.cookies.directus_refresh_token'],
|
||||
paths: ['req.headers.authorization', `req.cookies.${env.REFRESH_TOKEN_COOKIE_NAME}`],
|
||||
censor: '--redact--',
|
||||
},
|
||||
};
|
||||
|
||||
@@ -1376,7 +1376,7 @@ export class GraphQLService {
|
||||
userAgent: req?.get('user-agent'),
|
||||
});
|
||||
if (args.mode === 'cookie') {
|
||||
res?.cookie('directus_refresh_token', result.refreshToken, {
|
||||
res?.cookie(env.REFRESH_TOKEN_COOKIE_NAME, result.refreshToken, {
|
||||
httpOnly: true,
|
||||
domain: env.REFRESH_TOKEN_COOKIE_DOMAIN,
|
||||
maxAge: ms(env.REFRESH_TOKEN_TTL as string),
|
||||
@@ -1407,13 +1407,13 @@ export class GraphQLService {
|
||||
accountability: accountability,
|
||||
schema: this.schema,
|
||||
});
|
||||
const currentRefreshToken = args.refresh_token || req?.cookies.directus_refresh_token;
|
||||
const currentRefreshToken = args.refresh_token || req?.cookies[env.REFRESH_TOKEN_COOKIE_NAME];
|
||||
if (!currentRefreshToken) {
|
||||
throw new InvalidPayloadException(`"refresh_token" is required in either the JSON payload or Cookie`);
|
||||
}
|
||||
const result = await authenticationService.refresh(currentRefreshToken);
|
||||
if (args.mode === 'cookie') {
|
||||
res?.cookie('directus_refresh_token', result.refreshToken, {
|
||||
res?.cookie(env.REFRESH_TOKEN_COOKIE_NAME, result.refreshToken, {
|
||||
httpOnly: true,
|
||||
domain: env.REFRESH_TOKEN_COOKIE_DOMAIN,
|
||||
maxAge: ms(env.REFRESH_TOKEN_TTL as string),
|
||||
@@ -1443,7 +1443,7 @@ export class GraphQLService {
|
||||
accountability: accountability,
|
||||
schema: this.schema,
|
||||
});
|
||||
const currentRefreshToken = args.refresh_token || req?.cookies.directus_refresh_token;
|
||||
const currentRefreshToken = args.refresh_token || req?.cookies[env.REFRESH_TOKEN_COOKIE_NAME];
|
||||
if (!currentRefreshToken) {
|
||||
throw new InvalidPayloadException(`"refresh_token" is required in either the JSON payload or Cookie`);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user