TRA-4157 fix ws auth (#669)

* Update socket_routes.go, user_controller.go, and 2 more files... * Update user_controller.go * Switch to http-only cookies for more security
2025-09-25 04:17:25 +00:00 · 2022-01-20 14:10:25 +02:00
parent 6bab381280
commit 676e50b0b1
4 changed files with 50 additions and 37 deletions
--- a/ui/src/helpers/api.js
+++ b/ui/src/helpers/api.js
@@ -22,8 +22,6 @@ export default class Api {
    }

    constructor() {
-        this.token = localStorage.getItem("token");
-
        this.client = this.getAxiosClient();
        this.source = null;
    }
@@ -143,7 +141,6 @@ export default class Api {

        try {
            const response = await this.client.post(`/user/register`, form);
-            this.persistToken(response.data.token);
            return response;
        } catch (e) {
            if (e.response.status === 400) {
@@ -164,32 +161,18 @@ export default class Api {
        form.append('password', password);

        const response = await this.client.post(`/user/login`, form);
-        if (response.status >= 200 && response.status < 300) {
-            this.persistToken(response.data.token);
-        }

        return response;
    }

-    persistToken = (token) => {
-        this.token = token;
-        this.client = this.getAxiosClient();
-        localStorage.setItem('token', token);
-    }
-
    logout = async () => {
        await this.client.post(`/user/logout`);
-        this.persistToken(null);
    }

    getAxiosClient = () => {
        const headers = {
            Accept: "application/json"
        }
-
-        if (this.token) {
-            headers['x-session-token'] = `${this.token}`; // we use `x-session-token` instead of `Authorization` because the latter is reserved by kubectl proxy, making mizu view not work
-        }
        return axios.create({
            baseURL: apiURL,
            timeout: 31000,