Revert "Refactor/dedupe cookie/session logic" (#4425)

Revert "Refactor/dedupe cookie/session logic (#4420)" This reverts commit 354cc30.
transloadit · Apr 24, 2023 · 0e7b16a · 0e7b16a
1 parent 354cc30
commit 0e7b16a
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 20 deletions.
diff --git a/packages/@uppy/companion/src/server/helpers/jwt.js b/packages/@uppy/companion/src/server/helpers/jwt.js
@@ -48,11 +48,9 @@ module.exports.verifyEncryptedToken = (token, secret) => {
   }
 }
 
-const getCookieName = (authProvider) => `uppyAuthToken--${authProvider}`
-
-function getCookieOptions (companionOptions) {
+const addToCookies = (res, token, companionOptions, authProvider, prefix) => {
   const cookieOptions = {
-    maxAge: 1000 * EXPIRY,
+    maxAge: 1000 * EXPIRY, // would expire after one day (24 hrs)
     httpOnly: true,
   }
 
@@ -66,12 +64,10 @@ function getCookieOptions (companionOptions) {
   if (companionOptions.cookieDomain) {
     cookieOptions.domain = companionOptions.cookieDomain
   }
-
-  return cookieOptions
+  // send signed token to client.
+  res.cookie(`${prefix}--${authProvider}`, token, cookieOptions)
 }
 
-module.exports.getCookieOptions = getCookieOptions
-
 /**
  *
  * @param {object} res
@@ -80,10 +76,7 @@ module.exports.getCookieOptions = getCookieOptions
  * @param {string} authProvider
  */
 module.exports.addToCookies = (res, token, companionOptions, authProvider) => {
-  const cookieOptions = getCookieOptions(companionOptions)
-
-  // send signed token to client.
-  res.cookie(getCookieName(authProvider), token, cookieOptions)
+  addToCookies(res, token, companionOptions, authProvider, 'uppyAuthToken')
 }
 
 /**
@@ -93,10 +86,14 @@ module.exports.addToCookies = (res, token, companionOptions, authProvider) => {
  * @param {string} authProvider
  */
 module.exports.removeFromCookies = (res, companionOptions, authProvider) => {
-  // https://expressjs.com/en/api.html
-  // Web browsers and other compliant clients will only clear the cookie if the given options is
-  // identical to those given to res.cookie(), excluding expires and maxAge.
-  const cookieOptions = getCookieOptions(companionOptions)
+  const cookieOptions = {
+    maxAge: 1000 * EXPIRY, // would expire after one day (24 hrs)
+    httpOnly: true,
+  }
+
+  if (companionOptions.cookieDomain) {
+    cookieOptions.domain = companionOptions.cookieDomain
+  }
 
-  res.clearCookie(getCookieName(authProvider), cookieOptions)
+  res.clearCookie(`uppyAuthToken--${authProvider}`, cookieOptions)
 }
diff --git a/packages/@uppy/companion/src/standalone/index.js b/packages/@uppy/companion/src/standalone/index.js
@@ -11,7 +11,6 @@ const logger = require('../server/logger')
 const redis = require('../server/redis')
 const companion = require('../companion')
 const { getCompanionOptions, generateSecret, buildHelpfulStartupMessage } = require('./helper')
-const { getCookieOptions } = require('../server/helpers/jwt')
 
 /**
  * Configures an Express app for running Companion standalone
@@ -117,7 +116,12 @@ module.exports = function server (inputCompanionOptions) {
     sessionOptions.store = new RedisStore({ client: redisClient, prefix: process.env.COMPANION_REDIS_EXPRESS_SESSION_PREFIX || 'sess:' })
   }
 
-  sessionOptions.cookie = getCookieOptions(companionOptions)
+  if (process.env.COMPANION_COOKIE_DOMAIN) {
+    sessionOptions.cookie = {
+      domain: process.env.COMPANION_COOKIE_DOMAIN,
+      maxAge: 24 * 60 * 60 * 1000, // 1 day
+    }
+  }
 
   // Session is used for grant redirects, so that we don't need to expose secret tokens in URLs
   // See https://github.com/transloadit/uppy/pull/1668

diff --git a/packages/@uppy/companion/test/__tests__/preauth.js b/packages/@uppy/companion/test/__tests__/preauth.js
@@ -10,7 +10,6 @@ jest.mock('../../src/server/helpers/jwt', () => {
     },
     addToCookies: () => {},
     removeFromCookies: () => {},
-    getCookieOptions: () => {},
   }
 })