diff --git a/app/src/features/toolbar/hooks/useGithubAuth.ts b/app/src/features/toolbar/hooks/useGithubAuth.ts index 0bdcc82..c64d305 100644 --- a/app/src/features/toolbar/hooks/useGithubAuth.ts +++ b/app/src/features/toolbar/hooks/useGithubAuth.ts @@ -8,7 +8,7 @@ export function useGithubAuth(): [ AuthenticatedUser | null, () => Promise ] { - const [sessionId, setSessionId] = useCookie('session'); + const [sessionId, setSessionId] = useCookie('fp_session'); const [githubUser, setGithubUser] = useState(null); const { githubCode, saveGithubCode, clearGithubCode } = useLocalSession(); const [searchParams, setSearchParams] = useSearchParams(); diff --git a/src/middleware/cors.rs b/src/middleware/cors.rs index 65132b4..c52f60e 100644 --- a/src/middleware/cors.rs +++ b/src/middleware/cors.rs @@ -1,11 +1,11 @@ -use std::env; - use dotenvy::dotenv; use regex::Regex; +use reqwest::header::ACCESS_CONTROL_ALLOW_ORIGIN; use rocket::fairing::{Fairing, Info, Kind}; use rocket::http::hyper::header; use rocket::http::{Header, HeaderMap}; use rocket::{Request, Response}; +use std::env; // Build an open cors module so this server can be used accross many locations on the web. pub struct Cors; @@ -46,24 +46,25 @@ impl Fairing for Cors { // Build an Access-Control-Allow-Origin policy Response header. async fn on_response<'r>(&self, request: &'r Request<'_>, response: &mut Response<'r>) { if let Some(origin) = get_allowed_origin(request.headers()) { - response.set_header(Header::new("Access-Control-Allow-Origin", origin)); + response.set_header(Header::new(ACCESS_CONTROL_ALLOW_ORIGIN.as_str(), origin)); } response.set_header(Header::new( - "Access-Control-Allow-Methods", + header::ACCESS_CONTROL_ALLOW_METHODS.as_str(), "POST, PATCH, PUT, DELETE, HEAD, OPTIONS, GET", )); response.set_header(Header::new( - "Access-Control-Allow-Headers", + header::ACCESS_CONTROL_ALLOW_HEADERS.as_str(), "*, Access-Control-Request-Headers, Content-Type", )); - response.set_header(Header::new("Access-Control-Allow-Credentials", "true")); + response.set_header(Header::new( + header::ACCESS_CONTROL_ALLOW_CREDENTIALS.as_str(), + "true", + )); } } #[cfg(test)] mod tests { - use rocket::http::hyper::header; - use super::*; #[test] diff --git a/src/middleware/session_auth.rs b/src/middleware/session_auth.rs index 4f4f0ee..9caf84c 100644 --- a/src/middleware/session_auth.rs +++ b/src/middleware/session_auth.rs @@ -6,7 +6,7 @@ use rocket::Request; use std::time::SystemTime; use uuid::Uuid; -pub const SESSION_COOKIE_NAME: &str = "session"; +pub const SESSION_COOKIE_NAME: &str = "fp_session"; pub struct SessionAuth { pub user: models::User, diff --git a/src/middleware/token_auth.rs b/src/middleware/token_auth.rs index d9a5431..a15654b 100644 --- a/src/middleware/token_auth.rs +++ b/src/middleware/token_auth.rs @@ -1,12 +1,11 @@ use crate::db::api_token::PlainToken; use crate::db::Database; use crate::models; +use rocket::http::hyper::header; use rocket::http::Status; use rocket::request::{FromRequest, Outcome}; use rocket::Request; -pub const SESSION_COOKIE_NAME: &str = "session"; - pub struct TokenAuth { pub token: models::ApiToken, } @@ -36,7 +35,7 @@ impl<'r> FromRequest<'r> for TokenAuth { } }; - if let Some(auth_header) = request.headers().get_one("Authorization") { + if let Some(auth_header) = request.headers().get_one(header::AUTHORIZATION.as_str()) { if auth_header.starts_with("Bearer ") { let token = auth_header.trim_start_matches("Bearer "); if let Ok(token) = db.get_token(PlainToken::from(token.to_string())) {