fix(auth): correction du bug qui fait que le contenu du json qui ne s…

…'affiche pas + authentification à chaque refresh (#1065) * fix: fix * fix: json * fix: json * fix: auth * fix: auth * fix: auth * fix: auth * fix: auth * version * fix: code * fix: code * fix: enfin ? * fix: enfin ? * fix: enfin ? * fix: enfin ? * fix: enfin ? * fix: enfin ? * fix: enfin ? * fix: enfin ? * fix: enfin ? * fix: bug * fix: bug * fix: bug * fix: bug * fix: bug * fix: bug * fix: bug * fix: bug * fix: bug * fix: bug * fix: bug * fix: bug * fix: bug * fix: merge * fix: merge * fix: merge * fix: merge * fix: merge * fix: docker v * fix: ommmmmmg * fix: ommmmmmg * fix: ommmmmmg * fix: ommmmmmg * fix: ommmmmmg * fix: ommmmmmg * fix: ommmmmmg * fix: token * fix: token * fix: token * fix: token * fix: token * fix: token * fix: token * fix: url * fix: url * fix: url * fix: url * fix: types * fix: types * fix: expected by snapshot * fix: expected by snapshot * fix: expected by snapshot * fix: undici * fix: merge * fix: merge * fix: delete error * fix: delete error * fix: delete error * fix: delete error * Update targets/frontend/src/hoc/UserProvider.js Co-authored-by: Caroline <[email protected]> --------- Co-authored-by: Caroline <[email protected]>
SocialGouv · Oct 23, 2023 · 86f146e · 86f146e
1 parent 0c77583
commit 86f146e
Show file tree

Hide file tree

Showing 30 changed files with 407 additions and 415 deletions.
diff --git a/.kontinuous/env/preprod/values.yaml b/.kontinuous/env/preprod/values.yaml
@@ -17,7 +17,7 @@ www:
   host: cdtn-admin-preprod.dev.fabrique.social.gouv.fr
   env:
     - name: "FRONTEND_HOST"
-      value: https://cdtn-admin-preprod.dev.fabrique.social.gouv.fr
+      value: cdtn-admin-preprod.dev.fabrique.social.gouv.fr
 
 jobs:
   runs:

diff --git a/.kontinuous/env/prod/values.yaml b/.kontinuous/env/prod/values.yaml
@@ -5,7 +5,7 @@ www:
       nginx.ingress.kubernetes.io/whitelist-source-range: 185.24.184.196,185.24.185.196,185.24.186.196,185.24.187.196,185.24.187.254,164.131.160.1,164.131.160.2,164.131.160.3,164.131.160.4,164.131.160.5,164.131.160.6,164.131.160.17,164.131.160.18,164.131.160.19,164.131.160.20,164.131.160.21,164.131.160.22,164.131.160.33,164.131.160.34,164.131.160.35,164.131.160.36,164.131.160.37,164.131.160.38,164.131.160.49,164.131.160.50,164.131.160.51,164.131.160.52,164.131.160.53,164.131.160.54
   env:
     - name: "FRONTEND_HOST"
-      value: https://cdtn-admin.fabrique.social.gouv.fr
+      value: cdtn-admin.fabrique.social.gouv.fr
   resources:
     limits:
       cpu: "200m"
@@ -34,18 +34,18 @@ contributions:
 export:
   resources:
     limits:
-      cpu: '1500m'
-      memory: '4096Mi'
+      cpu: "1500m"
+      memory: "4096Mi"
     requests:
-      cpu: '1000m'
-      memory: '896Mi'
+      cpu: "1000m"
+      memory: "896Mi"
 
 hasura:
   replicas: 2
   resources:
     limits:
-      cpu: '2000m'
-      memory: '4Gi'
+      cpu: "2000m"
+      memory: "4Gi"
     requests:
-      cpu: '1000m'
-      memory: '1Gi'
+      cpu: "1000m"
+      memory: "1Gi"
diff --git a/.node-version b/.node-version
@@ -1 +1 @@
-20
+20.3.1
diff --git a/targets/frontend/next.config.js b/targets/frontend/next.config.js
@@ -1,9 +1,3 @@
-// Use the hidden-source-map option when you don't want the source maps to be
-// publicly available on the servers, only to the error reporting
-const withSourceMaps = require("@zeit/next-source-maps")();
-
-const basePath = "";
-
 const securityHeaders = [
   {
     key: "X-Frame-Options",
@@ -14,7 +8,6 @@ const securityHeaders = [
 ];
 
 module.exports = {
-  basePath,
   async headers() {
     return [
       {
@@ -25,6 +18,9 @@ module.exports = {
     ];
   },
   poweredByHeader: false,
+  httpAgentOptions: {
+    keepAlive: false,
+  },
   webpack: (config, { isServer, dev }) => {
     config.module.rules.push({
       exclude: /node_modules/,

diff --git a/targets/frontend/package.json b/targets/frontend/package.json
@@ -36,7 +36,6 @@
     "@tiptap/react": "^2.1.10",
     "@tiptap/starter-kit": "^2.0.3",
     "@urql/exchange-auth": "^0.1.6",
-    "@zeit/next-source-maps": "0.0.4-canary.1",
     "ace-builds": "^1.4.12",
     "argon2": "^0.30.3",
     "cookie": "^0.4.1",
@@ -46,12 +45,12 @@
     "diff": "^5.0.0",
     "formidable": "^2.0.0",
     "graphql": "^16.0.0",
-    "http-proxy-middleware": "3.0.0-beta.1",
+    "http-proxy-middleware": "2.0.1",
     "isomorphic-unfetch": "^3.1.0",
     "jsonwebtoken": "^8.5.1",
     "memoizee": "^0.4.15",
     "micromark": "^2.11.4",
-    "next": "13.2.4",
+    "next": "13.5.6",
     "next-urql": "^3.2.1",
     "nodemailer": "^6.6.5",
     "p-limit": "^4.0.0",
@@ -85,6 +84,7 @@
     "@testing-library/jest-dom": "^5.16.5",
     "@testing-library/react": "^14.0.0",
     "@testing-library/user-event": "^14.5.1",
+    "@types/cookie": "^0.5.2",
     "@types/formidable": "^2.0.5",
     "@types/jest": "^27.4.0",
     "@types/jsonwebtoken": "^9.0.3",

diff --git a/targets/frontend/src/components/editor/CodeEditor.js b/targets/frontend/src/components/editor/CodeEditor.js
@@ -7,20 +7,24 @@ import "ace-builds/src-noconflict/theme-github";
 
 export default function CodeEditor({ onChange, value }) {
   return (
-    <AceEditor
-      mode="json"
-      theme="github"
-      name="EditJsonContent"
-      setOptions={{
-        useWorker: false,
-        wrap: true,
-      }}
-      editorProps={{ $blockScrolling: true }}
-      onChange={onChange}
-      value={value}
-      width="100%"
-      height="calc(100vh - 355px)"
-    />
+    <>
+      {window && (
+        <AceEditor
+          mode="json"
+          theme="github"
+          name="EditJsonContent"
+          setOptions={{
+            useWorker: false,
+            wrap: true,
+          }}
+          editorProps={{ $blockScrolling: true }}
+          onChange={onChange}
+          value={value}
+          width="100%"
+          height="calc(100vh - 355px)"
+        />
+      )}
+    </>
   );
 }
 

diff --git a/targets/frontend/src/config.ts b/targets/frontend/src/config.ts
@@ -2,7 +2,3 @@ export const ACCOUNT_MAIL_SENDER = "[email protected]";
 export const JWT_TOKEN_EXPIRES = 15; // 15 min
 export const REFRESH_TOKEN_EXPIRES = 43200; // 30 days in minutes
 export const ACTIVATION_TOKEN_EXPIRES = 10080; // 7 days in minutes
-export const HASURA_GRAPHQL_JWT_SECRET =
-  process.env.HASURA_GRAPHQL_JWT_SECRET ??
-  '{"type":"HS256","key":"a_pretty_long_secret_key_that_should_be_at_least_32_char"}';
-export const BASE_URL = process.env.FRONTEND_HOST || `http://localhost:3000`;
diff --git a/targets/frontend/src/hoc/CustomUrqlClient.js b/targets/frontend/src/hoc/CustomUrqlClient.js
@@ -1,5 +1,4 @@
 import { withUrqlClient } from "next-urql";
-import { BASE_URL } from "../config";
 import {
   customAuthExchange,
   customErrorExchange,
@@ -9,13 +8,11 @@ import { cacheExchange, dedupExchange, fetchExchange } from "urql";
 export const withCustomUrqlClient = (Component) =>
   withUrqlClient(
     (ssrExchange, ctx) => {
-      const url = ctx?.req ? `${BASE_URL}/api/graphql` : `/api/graphql`;
-      console.log(
-        "[ withUrqlClient ]",
-        ctx ? (ctx?.req ? "server" : "client") : "no ctx",
-        ctx?.pathname,
-        url
-      );
+      const baseUrl = process.env.FRONTEND_HOST
+        ? `https://www.${process.env.FRONTEND_HOST}`
+        : `http://localhost:3000`;
+      const isServer = ctx && ctx.req;
+      const url = isServer ? `${baseUrl}/api/graphql` : "/api/graphql";
       return {
         exchanges: [
           process.env.NODE_ENV !== "production"

diff --git a/targets/frontend/src/hoc/UserProvider.js b/targets/frontend/src/hoc/UserProvider.js
@@ -20,7 +20,6 @@ export function withUserProvider(WrappedComponent) {
 
     static async getInitialProps(ctx) {
       const token = await auth(ctx);
-      console.log("[ withUserProvider ] ctx", ctx ? true : false);
       const componentProps =
         WrappedComponent.getInitialProps &&
         (await WrappedComponent.getInitialProps(ctx));

diff --git a/targets/frontend/src/lib/auth/cookie.ts b/targets/frontend/src/lib/auth/cookie.ts
@@ -0,0 +1,56 @@
+import cookie from "cookie";
+import { REFRESH_TOKEN_EXPIRES } from "src/config";
+
+export function setJwtCookie(
+  res: any,
+  refresh_token?: string,
+  jwt_token?: string
+) {
+  const cookies = [];
+  try {
+    if (refresh_token) {
+      cookies.push(
+        cookie.serialize("refresh_token", refresh_token, {
+          httpOnly: true,
+          maxAge: REFRESH_TOKEN_EXPIRES * 60, // maxAge in second
+          path: "/",
+          sameSite: "strict",
+          secure: process.env.NODE_ENV === "production",
+        })
+      );
+    }
+    if (jwt_token) {
+      cookies.push(
+        cookie.serialize("jwt", jwt_token, {
+          httpOnly: true,
+          path: "/",
+          sameSite: "strict",
+          secure: process.env.NODE_ENV === "production",
+        })
+      );
+    }
+    if (cookies.length > 0) res.setHeader("Set-Cookie", cookies);
+  } catch (err) {
+    console.error("[setJwtCookie]", err);
+  }
+}
+
+export function removeJwtCookie(res: any) {
+  const cookies = [
+    cookie.serialize("refresh_token", "", {
+      httpOnly: true,
+      maxAge: -1,
+      path: "/",
+      sameSite: "strict",
+      secure: process.env.NODE_ENV === "production",
+    }),
+    cookie.serialize("jwt", "", {
+      httpOnly: true,
+      maxAge: -1,
+      path: "/",
+      sameSite: "strict",
+      secure: process.env.NODE_ENV === "production",
+    }),
+  ];
+  res.setHeader("Set-Cookie", cookies);
+}
diff --git a/targets/frontend/src/lib/auth/exchanges.js b/targets/frontend/src/lib/auth/exchanges.js
@@ -1,6 +1,6 @@
 import { errorExchange, makeOperation } from "@urql/core";
 import { authExchange } from "@urql/exchange-auth";
-import { auth, getToken, isTokenExpired, setToken } from "src/lib/auth/token";
+import { auth } from "src/lib/auth/token";
 
 import { request } from "../request";
 
@@ -35,24 +35,6 @@ export function customAuthExchange(ctx) {
     },
 
     getAuth: async ({ authState }) => {
-      // for initial launch, fetch the auth state from storage (local storage, async storage etc)
-      if (!authState) {
-        const token = getToken() || (await auth(ctx));
-        if (token) {
-          return { token: token.jwt_token };
-        }
-        return null;
-      }
-
-      /**
-       * the following code gets executed when an auth error has occurred
-       * we should refresh the token if possible and return a new auth state
-       * If refresh fails, we should log out
-       **/
-
-      // if your refresh logic is in graphQL, you must use this mutate function to call it
-      // if your refresh logic is a separate RESTful endpoint, use fetch or similar
-      setToken(null);
       const result = await auth(ctx);
       if (result?.jwt_token) {
         // return the new tokens
@@ -64,7 +46,7 @@ export function customAuthExchange(ctx) {
 
     willAuthError: ({ authState }) => {
       // e.g. check for expiration, existence of auth etc
-      if (!authState || isTokenExpired()) return true;
+      if (!authState) return true;
       return false;
     },
   });

diff --git a/targets/frontend/src/lib/auth/jwt.js b/targets/frontend/src/lib/auth/jwt.js
@@ -1,12 +1,13 @@
 import jwt, { verify } from "jsonwebtoken";
 
-import { HASURA_GRAPHQL_JWT_SECRET } from "../../config";
-
 import { JWT_TOKEN_EXPIRES } from "../../config";
 
 let jwtSecret;
 try {
-  jwtSecret = JSON.parse(HASURA_GRAPHQL_JWT_SECRET);
+  jwtSecret = JSON.parse(
+    process.env.HASURA_GRAPHQL_JWT_SECRET ??
+      '{"type":"HS256","key":"a_pretty_long_secret_key_that_should_be_at_least_32_char"}'
+  );
 } catch (error) {
   console.error("[JWT], HASURA_GRAPHQL_JWT_SECRET is not a valid json");
 }

diff --git a/targets/frontend/src/lib/auth/setJwtCookie.js b/targets/frontend/src/lib/auth/setJwtCookie.js