diff --git a/server/auth/login.js b/server/auth/login.js index fb2cef0..9736daf 100644 --- a/server/auth/login.js +++ b/server/auth/login.js @@ -52,7 +52,7 @@ const route = async (req, res) => { const { accessToken, refreshToken } = tokenGenerateRefresh(account.index, account.email, account.username, account.type, account.admin, account.mod); //set the cookie - res.cookie('refreshToken', refreshToken, { httpOnly: true, secure: true, sameSite: 'none', maxAge: 60 * 60 * 24 * 30 }); //30 days + res.cookie('refreshToken', refreshToken, { path: '/', httpOnly: true, secure: true, sameSite: 'none', maxAge: 60 * 60 * 24 * 30 * 1000 }); //30 days //finally res.status(200).send(accessToken); diff --git a/server/auth/logout.js b/server/auth/logout.js index 9b0ac67..9977495 100644 --- a/server/auth/logout.js +++ b/server/auth/logout.js @@ -3,9 +3,10 @@ const tokenDestroy = require('../utilities/token-destroy'); //auth/logout const route = (req, res) => { //stored in the cookie - console.log(req.cookies.refreshToken) tokenDestroy(req.cookies.refreshToken); + res.clearCookie('refreshToken'); + return res.status(200).end(); }; diff --git a/server/auth/token.js b/server/auth/token.js index ad6df3a..bf65f06 100644 --- a/server/auth/token.js +++ b/server/auth/token.js @@ -4,16 +4,14 @@ const tokenRefresh = require('../utilities/token-refresh'); //auth/token module.exports = async (req, res) => { - console.log(req.cookies); - return tokenRefresh(req.cookies.refreshToken || '', (err, accessToken, refreshToken) => { if (err) { return res.status(err).end(); } //set the cookie - res.cookie('refreshToken', refreshToken, { httpOnly: true, secure: true, sameSite: 'none', maxAge: 60 * 60 * 24 * 30 }); //30 days + res.cookie('refreshToken', refreshToken, { path: '/', httpOnly: true, secure: true, sameSite: 'none', maxAge: 60 * 60 * 24 * 30 * 1000 }); //30 days - return res.status(200).send(accessToken); + return res.status(200).send({ accessToken }); }); }; \ No newline at end of file diff --git a/server/server.js b/server/server.js index 8a5cf58..6d1bd61 100644 --- a/server/server.js +++ b/server/server.js @@ -13,9 +13,9 @@ app.use(express.json()); app.use(cors({ credentials: true, - // origin: `${process.env.WEB_PROTOCOL}://${process.env.WEB_ADDRESS}`, - origin: true, - methods: ['HEAD', 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'TRACE', 'OPTIONS'] + origin: [`${process.env.WEB_PROTOCOL}://${process.env.WEB_ADDRESS}`], + allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'], + exposedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'], })); app.use(cookieParser()); diff --git a/server/utilities/token-generate-refresh.js b/server/utilities/token-generate-refresh.js index 85cf6cc..49acbca 100644 --- a/server/utilities/token-generate-refresh.js +++ b/server/utilities/token-generate-refresh.js @@ -13,7 +13,7 @@ module.exports = (index, email, username, type, admin, mod) => { }; //these are strings - const accessToken = jwt.sign(content, process.env.SECRET_ACCESS, { expiresIn: '1s', issuer: 'auth' }); + const accessToken = jwt.sign(content, process.env.SECRET_ACCESS, { expiresIn: '10m', issuer: 'auth' }); const refreshToken = jwt.sign(content, process.env.SECRET_REFRESH, { expiresIn: '30d', issuer: 'auth' }); tokens.create({ token: refreshToken, email: email });