OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
354 Commits 179 Branches 1,654 Tags 486 MiB
fe462ae706
Commit Graph

18 Commits

Author SHA1 Message Date
Fabien O'Carroll
2a90d84e9a Added flag for disabling sign cookies 
no-issue
 2019-10-11 18:00:19 +07:00
Fabien O'Carroll
e6c8f77d4e Removed cookie based caching 
no-issue

This was just a temporary stopgap. The correct solution is to cache in the backend
 2019-10-09 10:46:55 +07:00
Fabien O'Carroll
d02bab7ea8 Made sure we throw an error for invalid session 
no-issue
 2019-10-02 18:19:39 +07:00
Fabien O'Carroll
957a0df658 Ensured falsy values not returned from cache cookie 
no-issue
 2019-09-30 12:10:29 +07:00
Fabien O'Carroll
ab4493db5f Ensured falsy values are not set as cookies 
no-issue
 2019-09-30 12:10:29 +07:00
Fabien O'Carroll
016422ce06 Updated members-ssr to use token from query string 
no-issue

This changes the exchangeTokenForSession method to read the token from a
`token` query string, rather than from the request body.

This also includes a refactor to change MembersSSR into a class, and
document all methods with JsDoc type annotations which can be
interpreted by the typescript compiler
 2019-09-16 13:58:05 +08:00
Fabien O'Carroll
458bcf41fa Stored cached member data in separate cookie 
no-issue

This allows for simple trusted caching. We can still use the primary
cookie to determine whether or not a session exists, the cached cookie
can safely be deleted or ignored. This is an "progressive enhancement"
on top of the existing solution.
 2019-09-09 15:51:20 +08:00
Fabien O'Carroll
198e525d59 Fixed getMemberIdentiyTokenFromSession 
no-issue

This did not have the cookieConfig passed, so could not correctly parse request
 2019-09-06 14:30:27 +08:00
Fabien O'Carroll
75a6ccf669 Updated members-ssr to work with members-api 
no-issue

This updaes the ssr package to work with the new magic link signin method
 2019-09-03 15:35:04 +08:00
Fabien O'Carroll
21123d4061 Fixed getMemberDataFromSession usage of membersApi 
no-issue

Since we allow the membersApi to be a thunk - we must wrap all
references to it in a call to get
 2019-07-17 18:05:38 +08:00
Fabien O'Carroll
942187f48e Added support for passing thunk for membersApi 
no-issue

This is to allow support for consumers to dynamically update their
membersApi instance, for example when configuration changes, and not
have to replace the instance of members-ssr
 2019-07-17 15:06:20 +08:00
Fabien O'Carroll
7e5733998e Removed request stream consumption unless required 
no-issue

This is to avoid the getMemberDataFromCookie helper consuming the
request stream before other handlers can read from it.
 2019-05-06 12:23:27 +02:00
Fabien O'Carroll
632fdce8b1 Added deleteSession method 
no-issue

This will be used for logout
 2019-04-16 12:22:55 +02:00
Fabien O'Carroll
8ae95f6d32 Updated to return Promise.reject rather than throw 
no-issue

This is cleaner IMO
 2019-04-16 12:22:55 +02:00
Fabien O'Carroll
eaf163cb9c Updated to use membersApi iss as expected aud 
no-issue

This is because we now use specific URLs for audiences claims, e.g. for
members running locally the audience would be:

    - http://localhost:2368/ghost/api/v2/members/
 2019-04-16 12:22:55 +02:00
Fabien O'Carroll
02468bfe0c Fixed cookie verification handling 
no-issue

turns out the get method fails if the cookie is missing, rather than returning null
 2019-04-16 12:22:55 +02:00
Fabien O'Carroll
2e40e253d6 Implemented MVP 2019-04-16 12:22:55 +02:00
Fabien O'Carroll
803b09664c Ran slimer new members-ssr 2019-04-16 12:22:55 +02:00