adolforeyna/EMI-Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): return JSON 401 for API sessions and harden cross-site cookies

Browse Source
This commit is contained in:
Adolfo Reyna
2026-02-21 21:55:01 -05:00
parent a8ddae4b1e
commit 83727957ab
5 changed files with 72 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
index.js
View File

@@ -240,7 +240,7 @@ const webPushEmail = process.env.WEB_PUSH_EMAIL;
webPush.setVapidDetails('mailto:' + webPushEmail, publicVapidKey, privateVapidKey);
const { cookiesOptions } = require('./config/cookiesOptions');
const { getCookiesOptions } = require('./config/cookiesOptions');
const { client_logger } = require('./utils/analyticsLogger.js');
const { getSessionId, getUserId, getProfileId } = require('./utils/sessionUtils.js');
@@ -410,7 +410,7 @@ DB.getDB.then((DB) => {
return res.status(403).json({ status: "Profile does not belong to the logged-in user" });
}
// Update active profile cookie
res.cookie('profile_id', profile._id, cookiesOptions);
res.cookie('profile_id', profile._id, getCookiesOptions(req));
return res.json({ status: "ok", profile });
} catch (error) {
console.error("Error changing profile:", error);