Skip to content

Commit d368796

Browse files
bdmendesbdmendes
committed
Set jwt key names in .env
1 parent 498cf8b commit d368796

File tree

5 files changed

+28
-31
lines changed

5 files changed

+28
-31
lines changed

.env

+4-1
Original file line numberDiff line numberDiff line change
@@ -1 +1,4 @@
1-
PUBLIC_API_URL=http://localhost:8080
1+
PUBLIC_API_URL=http://localhost:8080
2+
PUBLIC_JWT_ACCESS_KEY=access_token
3+
PUBLIC_JWT_REFRESH_KEY=refresh_token
4+
PUBLIC_COOKIE_MAX_AGE=604800

src/hooks.server.ts

+6-5
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
1-
import { appendCookieHeader, JWT_ACCESS_KEY, JWT_REFRESH_KEY } from '$lib/auth';
1+
import { appendCookieHeader } from '$lib/auth';
2+
import { PUBLIC_JWT_ACCESS_KEY, PUBLIC_JWT_REFRESH_KEY } from '$env/static/public';
23
import type { Handle } from '@sveltejs/kit';
34

45
async function _handleAuthentication(apiResponse: Response): Promise<Response> {
@@ -9,14 +10,14 @@ async function _handleAuthentication(apiResponse: Response): Promise<Response> {
910
const serverResponse = new Response(apiResponse.clone().body, apiResponse);
1011
const json = await apiResponse.json();
1112

12-
const accessToken = json[JWT_ACCESS_KEY];
13+
const accessToken = json[PUBLIC_JWT_ACCESS_KEY];
1314
if (accessToken) {
14-
appendCookieHeader(serverResponse, JWT_ACCESS_KEY, accessToken);
15+
appendCookieHeader(serverResponse, PUBLIC_JWT_ACCESS_KEY, accessToken);
1516
}
1617

17-
const refreshToken = json[JWT_REFRESH_KEY];
18+
const refreshToken = json[PUBLIC_JWT_REFRESH_KEY];
1819
if (refreshToken) {
19-
appendCookieHeader(serverResponse, JWT_REFRESH_KEY, refreshToken);
20+
appendCookieHeader(serverResponse, PUBLIC_JWT_REFRESH_KEY, refreshToken);
2021
}
2122

2223
return serverResponse;

src/lib/auth.ts

+2-5
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,8 @@
1-
export const JWT_ACCESS_KEY = 'access_token';
2-
export const JWT_REFRESH_KEY = 'refresh_token';
3-
4-
const COOKIE_MAX_AGE = 60 * 60 * 24 * 7; // 7 days
1+
import { PUBLIC_COOKIE_MAX_AGE } from '$env/static/public';
52

63
export async function appendCookieHeader(response: Response, name: string, value: string) {
74
response.headers.append(
85
'Set-Cookie',
9-
`${name}=${value}; HttpOnly; Max-Age=${COOKIE_MAX_AGE}; Path=/; SameSite=Strict`
6+
`${name}=${value}; HttpOnly; Max-Age=${PUBLIC_COOKIE_MAX_AGE}; Path=/; SameSite=Strict`
107
);
118
}

src/routes/api/[...endpoint]/proxy.ts

+11-15
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
1-
import { PUBLIC_API_URL } from '$env/static/public';
1+
import { PUBLIC_API_URL, PUBLIC_JWT_REFRESH_KEY, PUBLIC_JWT_ACCESS_KEY } from '$env/static/public';
22
import type { Cookies } from '@sveltejs/kit';
3-
import { JWT_REFRESH_KEY, JWT_ACCESS_KEY, appendCookieHeader } from '$lib/auth';
3+
import { appendCookieHeader } from '$lib/auth';
44

5-
async function _fetchAdapter(
5+
async function _fetchApi(
66
relativeUrl: URL | string,
77
method: string,
88
body?: string | null,
@@ -15,19 +15,15 @@ async function _fetchAdapter(
1515
}
1616

1717
async function _refreshAccessToken(cookies: Cookies): Promise<string | null> {
18-
const refreshToken = cookies.get(JWT_REFRESH_KEY);
19-
const response = await _fetchAdapter(
20-
'auth/refresh',
21-
'POST',
22-
JSON.stringify({ token: refreshToken })
23-
);
18+
const refreshToken = cookies.get(PUBLIC_JWT_REFRESH_KEY);
19+
const response = await _fetchApi('auth/refresh', 'POST', JSON.stringify({ token: refreshToken }));
2420

2521
if (!response.ok) {
2622
return null;
2723
}
2824

2925
const json = await response.json();
30-
return json[JWT_ACCESS_KEY];
26+
return json[PUBLIC_JWT_ACCESS_KEY];
3127
}
3228

3329
export async function fetchWithAuth(
@@ -37,16 +33,16 @@ export async function fetchWithAuth(
3733
headers?: HeadersInit,
3834
body?: string | null
3935
): Promise<Response> {
40-
const jwt = cookies.get(JWT_ACCESS_KEY);
36+
const jwt = cookies.get(PUBLIC_JWT_ACCESS_KEY);
4137

4238
if (!jwt) {
43-
return _fetchAdapter(relativeUrl, method, body, new Headers(headers));
39+
return _fetchApi(relativeUrl, method, body, new Headers(headers));
4440
}
4541

4642
const authHeaders = new Headers(headers);
4743
authHeaders.append('Authorization', `Bearer ${jwt}`);
4844

49-
const response = await _fetchAdapter(relativeUrl, method, body, authHeaders);
45+
const response = await _fetchApi(relativeUrl, method, body, authHeaders);
5046

5147
const unauthorized = response.status >= 401 && response.status <= 403;
5248
if (unauthorized) {
@@ -58,11 +54,11 @@ export async function fetchWithAuth(
5854
const newAuthHeaders = new Headers(headers);
5955
newAuthHeaders.set('Authorization', `Bearer ${accessToken}`);
6056

61-
const newResponse = await _fetchAdapter(relativeUrl, method, body, newAuthHeaders);
57+
const newResponse = await _fetchApi(relativeUrl, method, body, newAuthHeaders);
6258

6359
if (newResponse.ok) {
6460
const newResponseWithCookies = new Response(newResponse.clone().body, newResponse);
65-
appendCookieHeader(newResponseWithCookies, JWT_ACCESS_KEY, accessToken);
61+
appendCookieHeader(newResponseWithCookies, PUBLIC_JWT_ACCESS_KEY, accessToken);
6662
return newResponseWithCookies;
6763
}
6864
}

src/routes/api/auth/logout/+server.ts

+5-5
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
1-
import { JWT_ACCESS_KEY, JWT_REFRESH_KEY } from '$lib/auth';
1+
import { PUBLIC_JWT_ACCESS_KEY, PUBLIC_JWT_REFRESH_KEY } from '$env/static/public';
22
import type { RequestHandler } from '@sveltejs/kit';
33

44
export const POST: RequestHandler = async (event) => {
5-
const accessToken = event.cookies.get(JWT_ACCESS_KEY);
6-
const refreshToken = event.cookies.get(JWT_REFRESH_KEY);
5+
const accessToken = event.cookies.get(PUBLIC_JWT_ACCESS_KEY);
6+
const refreshToken = event.cookies.get(PUBLIC_JWT_REFRESH_KEY);
77
if (!accessToken || !refreshToken) {
88
return new Response(
99
JSON.stringify({
@@ -23,11 +23,11 @@ export const POST: RequestHandler = async (event) => {
2323
);
2424
response.headers.append(
2525
'Set-Cookie',
26-
`${JWT_ACCESS_KEY}=; HttpOnly; Max-Age=0; Path=/; SameSite=Strict`
26+
`${PUBLIC_JWT_ACCESS_KEY}=; HttpOnly; Max-Age=0; Path=/; SameSite=Strict`
2727
);
2828
response.headers.append(
2929
'Set-Cookie',
30-
`${JWT_REFRESH_KEY}=; HttpOnly; Max-Age=0; Path=/; SameSite=Strict`
30+
`${PUBLIC_JWT_REFRESH_KEY}=; HttpOnly; Max-Age=0; Path=/; SameSite=Strict`
3131
);
3232
return response;
3333
};

0 commit comments

Comments
 (0)