New : JWT Cookie security #106

New : When logout remove cookie
mini-software · Mar 30, 2024 · 5e2b6cd · 5e2b6cd
1 parent 972082b
commit 5e2b6cd
Show file tree

Hide file tree

Showing 21 changed files with 62 additions and 133 deletions.
diff --git a/src/Frontend/src/App.vue b/src/Frontend/src/App.vue
@@ -17,7 +17,9 @@ watch(() => route.name, (newVal) => {
 
 const logout = () => {
   localStorage.removeItem('X-MiniAuth-Token')
+  document.cookie = 'X-MiniAuth-Token=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;'
   window.location.href = '/miniauth/login.html'
+  
 }
 
 const loadingFlag = ref(false)

diff --git a/src/MiniAuth/MiniAuthMiddleware.cs b/src/MiniAuth/MiniAuthMiddleware.cs
@@ -129,7 +129,13 @@ public async Task Invoke(HttpContext context)
                                 var roles = user["roles"] as string[];
                                 var newToken = _jwtManager.GetToken(userName, userName, _options.ExpirationMinuteTime, roles);
                                 context.Response.Headers.Add("X-MiniAuth-Token", newToken);
-                                context.Response.Cookies.Append("X-MiniAuth-Token", newToken);
+                                context.Response.Cookies.Append("X-MiniAuth-Token", newToken, new CookieOptions
+                                {
+                                    Expires = DateTimeOffset.UtcNow.AddMinutes(_options.ExpirationMinuteTime),
+                                    HttpOnly = true,
+                                    Secure = true,
+                                    SameSite = SameSiteMode.Strict
+                                });
 
                                 await OkResult(context, $"{{\"X-MiniAuth-Token\":\"{newToken}\"}}").ConfigureAwait(false);
                                 return;

diff --git a/...MiniAuth/wwwroot/assets/BreadcrumbDefault.vue_vue_type_script_setup_true_lang-xeYfSBYW.js b/...MiniAuth/wwwroot/assets/BreadcrumbDefault.vue_vue_type_script_setup_true_lang-xeYfSBYW.js
diff --git a/src/MiniAuth/wwwroot/assets/EndpointsView-Y1bxbe_m.css b/src/MiniAuth/wwwroot/assets/EndpointsView-Y1bxbe_m.css
@@ -0,0 +1 @@
+.resizable[data-v-5c19e2ea]{height:30px!important;transition:height .3s ease;overflow:hidden}.resizable[data-v-5c19e2ea]:hover{height:130px!important}
diff --git a/src/MiniAuth/wwwroot/assets/EndpointsView-hs1TY_ET.js b/src/MiniAuth/wwwroot/assets/EndpointsView-hs1TY_ET.js
diff --git a/src/MiniAuth/wwwroot/assets/EndpointsView-pt1zu9Ey.js b/src/MiniAuth/wwwroot/assets/EndpointsView-pt1zu9Ey.js
diff --git a/src/MiniAuth/wwwroot/assets/HomeView-GtYJtQ7A.js b/src/MiniAuth/wwwroot/assets/HomeView-GtYJtQ7A.js
diff --git a/src/MiniAuth/wwwroot/assets/ProfileView-2sMRF31L.js b/src/MiniAuth/wwwroot/assets/ProfileView-2sMRF31L.js
diff --git a/src/MiniAuth/wwwroot/assets/RolesView-K2BI6bQO.js b/src/MiniAuth/wwwroot/assets/RolesView-K2BI6bQO.js
diff --git a/src/MiniAuth/wwwroot/assets/RolesView-dPFkXSBA.css b/src/MiniAuth/wwwroot/assets/RolesView-dPFkXSBA.css
@@ -0,0 +1 @@
+input[type=text][data-v-3699460b],input[type=mail][data-v-3699460b]{widows:100%;border:0;border-bottom:2px solid black;outline:0;background-color:#e2e2e2be}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		.resizable[data-v-5c19e2ea]{height:30px!important;transition:height .3s ease;overflow:hidden}.resizable[data-v-5c19e2ea]:hover{height:130px!important}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		input[type=text][data-v-3699460b],input[type=mail][data-v-3699460b]{widows:100%;border:0;border-bottom:2px solid black;outline:0;background-color:#e2e2e2be}