From bf93e29f4c81360c9ccfdb7a14fd3576117ef67a Mon Sep 17 00:00:00 2001
From: Dessalines <dessalines@users.noreply.github.com>
Date: Sat, 18 Sep 2021 17:59:28 -0400
Subject: [PATCH] Adding JWT secure flag. (#426)

- Couldn't add samesite due to isomorphic library.
- Couldn't add httponly, because the js needs it for calls.
- Fixes #389
---
 src/shared/env.ts                  | 2 ++
 src/shared/services/UserService.ts | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/shared/env.ts b/src/shared/env.ts
index 505b5c1..43b9ce0 100644
--- a/src/shared/env.ts
+++ b/src/shared/env.ts
@@ -37,9 +37,11 @@ export const httpBaseInternal = `http://${host}`; // Don't use secure here
 export const httpBase = `http${secure}://${host}`;
 export const wsUri = `ws${secure}://${wsHost}/api/v3/ws`;
 export const pictrsUri = `${httpBase}/pictrs/image`;
+export const isHttps = secure.endsWith("s");
 
 console.log(`httpbase: ${httpBase}`);
 console.log(`wsUri: ${wsUri}`);
+console.log(`isHttps: ${isHttps}`);
 
 // This is for html tags, don't include port
 const httpExternalUri = `http${secure}://${externalHost.split(":")[0]}`;
diff --git a/src/shared/services/UserService.ts b/src/shared/services/UserService.ts
index a0268c6..c9351ef 100644
--- a/src/shared/services/UserService.ts
+++ b/src/shared/services/UserService.ts
@@ -3,6 +3,7 @@ import IsomorphicCookie from "isomorphic-cookie";
 import jwt_decode from "jwt-decode";
 import { LoginResponse, MyUserInfo } from "lemmy-js-client";
 import { BehaviorSubject, Subject } from "rxjs";
+import { isHttps } from "../env";
 
 interface Claims {
   sub: number;
@@ -31,17 +32,18 @@ export class UserService {
   public login(res: LoginResponse) {
     let expires = new Date();
     expires.setDate(expires.getDate() + 365);
-    IsomorphicCookie.save("jwt", res.jwt, { expires, secure: false });
+    IsomorphicCookie.save("jwt", res.jwt, { expires, secure: isHttps });
     console.log("jwt cookie set");
     this.setClaims(res.jwt);
   }
 
   public logout() {
-    IsomorphicCookie.remove("jwt");
     this.claims = undefined;
     this.myUserInfo = undefined;
     // setTheme();
     this.jwtSub.next("");
+    IsomorphicCookie.remove("jwt"); // TODO is sometimes unreliable for some reason
+    document.cookie = "jwt=; Max-Age=0; path=/; domain=" + location.host;
     console.log("Logged out.");
   }
 
-- 
2.44.1