Strip out JWT usage and use cookies to track the currently logged in user

2018-07-14 22:42:58 -07:00 · 2018-07-14 22:42:58 -07:00 · 6336e5191f
commit 6336e5191f
parent a7fae86e58
9 changed files with 44 additions and 144 deletions
--- a/resources/assets/scripts/helpers/axios.js
+++ b/resources/assets/scripts/helpers/axios.js
@ -1,5 +1,3 @@
-import User from './../models/user';
-
 /**
 * We'll load the axios HTTP library which allows us to easily issue requests
 * to our Laravel back-end. This library automatically handles sending the
@ -9,7 +7,6 @@ import User from './../models/user';
 let axios = require('axios');
 axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
 axios.defaults.headers.common['Accept'] = 'application/json';
-axios.defaults.headers.common['Authorization'] = `Bearer ${User.getToken()}`;

 if (typeof phpdebugbar !== 'undefined') {
    axios.interceptors.response.use(function (response) {
--- a/resources/assets/scripts/models/user.js
+++ b/resources/assets/scripts/models/user.js
@ -1,40 +1,4 @@
-import isString from 'lodash/isString';
-import jwtDecode from 'jwt-decode';
-
 export default class User {
-    /**
-     * Get a new user model from the JWT.
-     *
-     * @return {User | null}
-     */
-    static fromToken(token) {
-        if (!isString(token)) {
-            token = this.getToken();
-        }
-
-        if (!isString(token) || token.length < 1) {
-            return null;
-        }
-
-        try {
-            const data = jwtDecode(token);
-            if (data.user) {
-                return new User(data.user);
-            }
-        } catch (ex) {}
-
-        return null;
-    }
-
-    /**
-     * Return the JWT for the authenticated user.
-     *
-     * @returns {string | null}
-     */
-    static getToken() {
-        return localStorage.getItem('token');
-    }
-
    /**
     * Create a new user model.
     *
@ -46,14 +10,14 @@ export default class User {
     * @param {String} language
     */
    constructor({
-        admin,
+        root_admin,
        username,
        email,
        first_name,
        last_name,
        language,
    }) {
-        this.admin = admin;
+        this.admin = root_admin;
        this.username = username;
        this.email = email;
        this.name = `${first_name} ${last_name}`;
@ -61,11 +25,4 @@ export default class User {
        this.last_name = last_name;
        this.language = language;
    }
-
-    /**
-     * Returns the JWT belonging to the current user.
-     */
-    getJWT() {
-        return jwtDecode(User.getToken());
-    }
 }
--- a/resources/assets/scripts/router.js
+++ b/resources/assets/scripts/router.js
@ -10,6 +10,7 @@ import Login from './components/auth/Login';
 import Dashboard from './components/dashboard/Dashboard';
 import Account from './components/dashboard/Account';
 import ResetPassword from './components/auth/ResetPassword';
+import User from './models/user';

 const routes = [
    { name: 'login', path: '/auth/login', component: Login },
@ -52,17 +53,10 @@ router.beforeEach((to, from, next) => {

    const user = store.getters['auth/getUser'];

-    // If user is trying to access any of the non-authentication endpoints ensure that they have
-    // a valid, non-expired JWT.
-    if (!to.path.startsWith('/auth')) {
-        // Check if the JWT has expired. Don't use the exp field, but rather that issued at time
-        // so that we can adjust how long we want to wait for expiration on both server-side and
-        // client side without having to wait for older tokens to pass their expiration time if
-        // we lower it.
-        if (user === null || compareDate(addHours(dateParse(user.getJWT().iat * 1000), 12), new Date()) < 0) {
-            store.commit('auth/logout');
-            return window.location = route('auth.logout');
-        }
+    // Check that if we're accessing a non-auth route that a user exists on the page.
+    if (!to.path.startsWith('/auth') && !(user instanceof User)) {
+        store.commit('auth/logout');
+        return window.location = route('auth.logout');
    }

    // Continue on through the pipeline.
--- a/resources/assets/scripts/store/modules/auth.js
+++ b/resources/assets/scripts/store/modules/auth.js
@ -5,7 +5,7 @@ const route = require('./../../../../../vendor/tightenco/ziggy/src/js/route').de
 export default {
    namespaced: true,
    state: {
-        user: User.fromToken(),
+        user: typeof window.PterodactylUser === 'object' ? new User(window.PterodactylUser) : null,
    },
    getters: {
        /**
@ -41,7 +41,7 @@ export default {
                        }

                        if (response.data.complete) {
-                            commit('login', {jwt: response.data.jwt});
+                            commit('login', response.data.user);
                            return resolve({
                                complete: true,
                                intended: response.data.intended,
@ -86,12 +86,10 @@ export default {
        setEmail: function (state, email) {
            state.user.email = email;
        },
-        login: function (state, {jwt}) {
-            localStorage.setItem('token', jwt);
-            state.user = User.fromToken(jwt);
+        login: function (state, data) {
+            state.user = new User(data);
        },
        logout: function (state) {
-            localStorage.removeItem('token');
            state.user = null;
        },
    },
--- a/resources/themes/pterodactyl/templates/wrapper.blade.php
+++ b/resources/themes/pterodactyl/templates/wrapper.blade.php
@ -9,6 +9,14 @@
            <meta name="csrf-token" content="{{ csrf_token() }}">
        @show

+        @section('user-data')
+            @if(!is_null(Auth::user()))
+                <script>
+                    window.PterodactylUser = {!! json_encode(Auth::user()->toVueObject()) !!}
+                </script>
+            @endif
+        @show
+
        @section('assets')
            {!! $asset->css('main.css') !!}
        @show