update: change auth mechanism to be unified for all sites

2025-12-17 14:24:29 +01:00 · 2022-06-15 17:58:12 +03:00
parent f5eee8691e
commit cc566df768
4 changed files with 23 additions and 24 deletions
--- a/api/functions/get-login-url/get-login-url.js
+++ b/api/functions/get-login-url/get-login-url.js
@@ -13,9 +13,8 @@ const { JWT_SECRET } = require('../../utils/consts');
 const getLoginUrl = async (req, res) => {
    try {
        const data = await LnurlAuthService.generateAuthUrl();
-        const maxAge = 1000 * 60 * 3; //2 mins

-        const jwt = await new jose.SignJWT({ hash: data.secretHash })
+        const session_token = await new jose.SignJWT({ hash: data.secretHash })
            .setProtectedHeader({ alg: 'HS256' })
            .setIssuedAt()
            .setExpirationTime('5min')
@@ -23,13 +22,7 @@ const getLoginUrl = async (req, res) => {

        return res
            .status(200)
-            .cookie('login_session', jwt, {
-                maxAge,
-                secure: true,
-                httpOnly: true,
-                sameSite: "none",
-            })
-            .json(data);
+            .json({ ...data, session_token });
    } catch (error) {
        console.log(error);
        res.status(500).send("Unexpected error happened, please try again")