@openneuro/server 3.36.6-alpha.4 → 3.37.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@openneuro/server",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.37.0",
|
|
4
4
|
"description": "Core service for the OpenNeuro platform.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"main": "src/server.js",
|
|
@@ -104,5 +104,5 @@
|
|
|
104
104
|
"publishConfig": {
|
|
105
105
|
"access": "public"
|
|
106
106
|
},
|
|
107
|
-
"gitHead": "
|
|
107
|
+
"gitHead": "7d52e73da82b60697458c5f6804f1c053ed7fda6"
|
|
108
108
|
}
|
|
@@ -133,6 +133,9 @@ const refreshToken = async jwt => {
|
|
|
133
133
|
}
|
|
134
134
|
}
|
|
135
135
|
|
|
136
|
+
// Shared options for Express response.cookie()
|
|
137
|
+
const cookieOptions = { sameSite: 'Lax' }
|
|
138
|
+
|
|
136
139
|
// attach user obj to request based on jwt
|
|
137
140
|
// if user does not exist, continue
|
|
138
141
|
export const authenticate = (req, res, next) => {
|
|
@@ -142,7 +145,7 @@ export const authenticate = (req, res, next) => {
|
|
|
142
145
|
const token = await refreshToken(jwt)
|
|
143
146
|
if (token) {
|
|
144
147
|
req.cookies.accessToken = token
|
|
145
|
-
res.cookie('accessToken', token,
|
|
148
|
+
res.cookie('accessToken', token, cookieOptions)
|
|
146
149
|
}
|
|
147
150
|
}
|
|
148
151
|
passport.authenticate('jwt', { session: false }, (err, user) => {
|
|
@@ -153,12 +156,12 @@ export const authenticate = (req, res, next) => {
|
|
|
153
156
|
}
|
|
154
157
|
|
|
155
158
|
export const authSuccessHandler = (req, res, next) => {
|
|
156
|
-
const redirectPath = req.query.state
|
|
159
|
+
const redirectPath = req.query.state
|
|
157
160
|
? Buffer.from(req.query.state, 'base64').toString()
|
|
158
161
|
: '/'
|
|
159
162
|
if (req.user) {
|
|
160
163
|
// Set the JWT associated with this login on a cookie
|
|
161
|
-
res.cookie('accessToken', req.user.token,
|
|
164
|
+
res.cookie('accessToken', req.user.token, cookieOptions)
|
|
162
165
|
res.redirect(redirectPath)
|
|
163
166
|
} else {
|
|
164
167
|
res.status(401)
|