From 5251a637de11f5961a09be02bb2948382aa75d69 Mon Sep 17 00:00:00 2001 From: KoCoder Date: Fri, 4 Oct 2024 09:51:20 +0200 Subject: [PATCH] Wrap Posts route with a private set --- api/src/functions/auth.ts | 28 +++++++++++++++------------- web/src/Routes.tsx | 2 ++ 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/api/src/functions/auth.ts b/api/src/functions/auth.ts index 667c57a..66972d1 100644 --- a/api/src/functions/auth.ts +++ b/api/src/functions/auth.ts @@ -6,6 +6,20 @@ import type { DbAuthHandlerOptions, UserType } from '@redwoodjs/auth-dbauth-api' import { cookieName } from 'src/lib/auth' import { db } from 'src/lib/db' +export const cookie = { + attributes: { + HttpOnly: true, + Path: '/', + SameSite: 'Strict', + Secure: process.env.NODE_ENV !== 'development', + + // If you need to allow other domains (besides the api side) access to + // the dbAuth session cookie: + // Domain: 'example.com', + }, + name: cookieName, +} + export const handler = async ( event: APIGatewayProxyEvent, context: Context @@ -183,19 +197,7 @@ export const handler = async ( // Specifies attributes on the cookie that dbAuth sets in order to remember // who is logged in. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies - cookie: { - attributes: { - HttpOnly: true, - Path: '/', - SameSite: 'Strict', - Secure: process.env.NODE_ENV !== 'development', - - // If you need to allow other domains (besides the api side) access to - // the dbAuth session cookie: - // Domain: 'example.com', - }, - name: cookieName, - }, + cookie, forgotPassword: forgotPasswordOptions, login: loginOptions, diff --git a/web/src/Routes.tsx b/web/src/Routes.tsx index 1424f33..c078f70 100644 --- a/web/src/Routes.tsx +++ b/web/src/Routes.tsx @@ -16,12 +16,14 @@ import { useAuth } from './auth' const Routes = () => { return ( + +