Merge pull request #2625 from semaphoreui/httponly

feat(auth): httponly
semaphoreui · Dec 13, 2024 · 9df76e6 · 9df76e6
2 parents 5e88746 + 07fcaba
commit 9df76e6
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 19 deletions.
diff --git a/web/src/App.vue b/web/src/App.vue
@@ -894,10 +894,6 @@ export default {
       return this.projects.find((x) => x.id === this.projectId);
     },
 
-    isAuthenticated() {
-      return document.cookie.includes('semaphore=');
-    },
-
     templatesUrl() {
       let viewId = localStorage.getItem(`project${this.projectId}__lastVisitedViewId`);
       if (viewId) {
@@ -911,14 +907,6 @@ export default {
   },
 
   async created() {
-    if (!this.isAuthenticated) {
-      if (this.$route.path !== '/auth/login') {
-        await this.$router.push({ path: '/auth/login' });
-      }
-      this.state = 'success';
-      return;
-    }
-
     if (localStorage.getItem('darkMode') === '1') {
       this.darkMode = true;
     }
@@ -927,6 +915,14 @@ export default {
       await this.loadData();
       this.state = 'success';
     } catch (err) {
+      if (err.response && err.response.status === 401) {
+        if (this.$route.path !== '/auth/login') {
+          await this.$router.push({ path: '/auth/login' });
+        }
+        this.state = 'success';
+        return;
+      }
+
       EventBus.$emit('i-snackbar', {
         color: 'error',
         text: getErrorMessage(err),
@@ -1063,6 +1059,11 @@ export default {
   },
 
   methods: {
+
+    async isAuthenticated() {
+      return document.cookie.includes('semaphore=');
+    },
+
     async onSubscriptionKeyUpdates() {
       EventBus.$emit('i-snackbar', {
         color: 'success',
@@ -1158,10 +1159,6 @@ export default {
     },
 
     async loadUserInfo() {
-      if (!this.isAuthenticated) {
-        return;
-      }
-
       this.user = (await axios({
         method: 'get',
         url: '/api/user',

diff --git a/web/src/views/Auth.vue b/web/src/views/Auth.vue
@@ -183,8 +183,9 @@ export default {
   },
 
   async created() {
-    if (this.isAuthenticated()) {
+    if (await this.isAuthenticated()) {
       document.location = document.baseURI;
+      return;
     }
     await axios({
       method: 'get',
@@ -207,8 +208,21 @@ export default {
       return pwd;
     },
 
-    isAuthenticated() {
-      return document.cookie.includes('semaphore=');
+    async isAuthenticated() {
+      try {
+        await axios({
+          method: 'get',
+          url: '/api/user',
+          responseType: 'json',
+        });
+      } catch (err) {
+        if (err.response.status === 401) {
+          return false;
+        }
+        throw err;
+      }
+
+      return true;
     },
 
     async signIn() {