feat: invalidate cookies when refresh token is invalid

FireBlinkLTD · Nov 17, 2023 · cb8aed8 · cb8aed8
1 parent e7119d2
commit cb8aed8
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 6 deletions.
diff --git a/src/handlers/ProxyHandler.ts b/src/handlers/ProxyHandler.ts
@@ -1,6 +1,6 @@
 import { IncomingMessage, ServerResponse } from "http";
 import { HttpMethod, ProxyRequest, RequestHandlerConfig } from "prxi";
-import { invalidateAuthCookies, sendErrorResponse, sendRedirect, setAuthCookies, setCookies } from "../utils/ResponseUtils";
+import { invalidateAuthCookies, sendErrorResponse, sendRedirect, setAuthCookies } from "../utils/ResponseUtils";
 import { getConfig } from "../config/getConfig";
 import { Mapping } from "../config/Mapping";
 import { JWTVerificationResult, OpenIDUtils } from "../utils/OpenIDUtils";
@@ -170,7 +170,6 @@ export class ProxyHandler implements RequestHandlerConfig {
         accessToken = context.accessToken = null;
         idToken = context.idToken = null;
         refreshToken = context.refreshToken = null;
-        invalidateAuthCookies(res);
 
         accessTokenVerificationResult = JWTVerificationResult.MISSING;
       }
@@ -184,12 +183,14 @@ export class ProxyHandler implements RequestHandlerConfig {
           query = req.url.substring(queryIdx);
         }
 
-        setCookies(res, {
+        invalidateAuthCookies(res, {
           [getConfig().cookies.names.originalPath]: {
             value: path + query,
             expires: new Date(Date.now() + 30 * 60 * 1000), // 30 minutes
           }
         });
+      } else {
+        invalidateAuthCookies(res);
       }
 
       if (context.mapping.auth.required) {

diff --git a/src/utils/ResponseUtils.ts b/src/utils/ResponseUtils.ts
@@ -21,10 +21,11 @@ const getDomain = (): string => {
 /**
  * Invalidate auth cookies
  * @param resp
+ * @param override
  */
-export const invalidateAuthCookies = (resp: ServerResponse): void => {
+export const invalidateAuthCookies = (resp: ServerResponse, override?: Record<string, { value: string, expires?: Date }>): void => {
   getLogger('ResponseUtils').debug('Invalidate auth cookies');
-  const accessCookies: Record<string, { value: string, expires?: Date }> = {
+  let accessCookies: Record<string, { value: string, expires?: Date }> = {
     [getConfig().cookies.names.originalPath]: {
       value: 'n/a',
       expires: new Date(0),
@@ -47,6 +48,13 @@ export const invalidateAuthCookies = (resp: ServerResponse): void => {
     },
   };
 
+  if (override) {
+    accessCookies = {
+      ...accessCookies,
+      ...override,
+    }
+  }
+
   setCookies(resp, accessCookies);
 }
 
@@ -101,7 +109,7 @@ export const setAuthCookies = (resp: ServerResponse, tokens: TokenSet, metaToken
  * @param resp
  * @param cookies
  */
-export const setCookies = (resp: ServerResponse, cookies: Record<string, {value: string, expires?: Date}>): void => {
+const setCookies = (resp: ServerResponse, cookies: Record<string, {value: string, expires?: Date}>): void => {
   const setCookies = [];
   for (const name of Object.keys(cookies)) {
     setCookies.push(serialize(name, cookies[name].value, {