yoinkkk/ExcaliDash
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix csrf token hardset, remove cookie from localstorage

Browse Source
This commit is contained in:
Zimeng Xiong
2026-02-10 13:16:04 -08:00
parent 1117dc584e
commit bb028ef2db
23 changed files with 412 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/server/socket.ts
+8 -1
View File
@@ -2,6 +2,7 @@ import jwt from "jsonwebtoken";
import { Server } from "socket.io";
import { PrismaClient } from "../generated/client";
import { AuthModeService } from "../auth/authMode";
import { ACCESS_TOKEN_COOKIE_NAME, parseCookieHeader } from "../auth/cookies";
interface User {
id: string;
@@ -87,7 +88,13 @@ export const registerSocketHandlers = ({
io.use(async (socket, next) => {
try {
const token = socket.handshake.auth?.token as string | undefined;
const tokenFromAuth = socket.handshake.auth?.token as string | undefined;
const tokenFromCookie = (() => {
const cookies = parseCookieHeader(socket.handshake.headers.cookie);
const value = cookies[ACCESS_TOKEN_COOKIE_NAME];
return typeof value === "string" && value.trim().length > 0 ? value : undefined;
})();
const token = tokenFromAuth || tokenFromCookie;
const userId = await getSocketAuthUserId(token);
if (!userId) {