Fixes: Unexpected token parsing sessions cookie (#905)

2019-03-02 14:58:56 -08:00 · 2019-03-02 14:58:56 -08:00 · fa38ab60eb
commit fa38ab60eb
parent e3b105d1c0
6 changed files with 27 additions and 20 deletions
--- a/.flowconfig
+++ b/.flowconfig
@ -4,6 +4,7 @@
 .*/shared/.*

 [ignore]
+.*/node_modules/tiny-cookie/flow/.*
 .*/node_modules/styled-components/.*
 .*/node_modules/polished/.*
 .*/node_modules/react-side-effect/.*
--- a/app/stores/AuthStore.js
+++ b/app/stores/AuthStore.js
@ -1,7 +1,7 @@
 // @flow
 import { observable, action, computed, autorun, runInAction } from 'mobx';
 import invariant from 'invariant';
-import Cookie from 'js-cookie';
+import { getCookie, setCookie, removeCookie } from 'tiny-cookie';
 import { client } from 'utils/ApiClient';
 import { stripSubdomain } from 'shared/utils/domains';
 import RootStore from 'stores/RootStore';
@ -31,7 +31,7 @@ export default class AuthStore {
    this.rootStore = rootStore;
    this.user = data.user;
    this.team = data.team;
-    this.token = Cookie.get('accessToken');
+    this.token = getCookie('accessToken');

    if (this.token) setImmediate(() => this.fetch());

@ -138,15 +138,15 @@ export default class AuthStore {
    this.token = null;

    // remove authentication token itself
-    Cookie.remove('accessToken', { path: '/' });
+    removeCookie('accessToken', { path: '/' });

    // remove session record on apex cookie
    const team = this.team;
    if (team) {
-      const sessions = Cookie.getJSON('sessions') || {};
+      const sessions = JSON.parse(getCookie('sessions') || '{}');
      delete sessions[team.id];

-      Cookie.set('sessions', JSON.stringify(sessions), {
+      setCookie('sessions', JSON.stringify(sessions), {
        domain: stripSubdomain(window.location.hostname),
      });
      this.team = null;
--- a/package.json
+++ b/package.json
@ -105,7 +105,6 @@
    "imports-loader": "0.6.5",
    "invariant": "^2.2.2",
    "isomorphic-fetch": "2.2.1",
-    "js-cookie": "^2.2.0",
    "js-search": "^1.4.2",
    "json-loader": "0.5.4",
    "jsonwebtoken": "7.0.1",
@ -163,6 +162,7 @@
    "styled-components-breakpoint": "^2.1.1",
    "styled-components-grid": "^2.2.1",
    "styled-normalize": "^8.0.4",
+    "tiny-cookie": "^2.3.1",
    "tmp": "0.0.33",
    "uglifyjs-webpack-plugin": "1.2.5",
    "url-loader": "^0.6.2",
--- a/server/middlewares/authentication.js
+++ b/server/middlewares/authentication.js
@ -115,15 +115,19 @@ export default function auth(options?: { required?: boolean } = {}) {
      // to the teams subdomain if subdomains are enabled
      if (process.env.SUBDOMAINS_ENABLED === 'true' && team.subdomain) {
        // get any existing sessions (teams signed in) and add this team
-        const existing = JSON.parse(ctx.cookies.get('sessions') || '{}');
-        const sessions = JSON.stringify({
-          ...existing,
-          [team.id]: {
-            name: encodeURIComponent(team.name),
-            logoUrl: team.logoUrl,
-            url: encodeURIComponent(team.url),
-          },
-        });
+        const existing = JSON.parse(
+          decodeURIComponent(ctx.cookies.get('sessions') || '') || '{}'
+        );
+        const sessions = encodeURIComponent(
+          JSON.stringify({
+            ...existing,
+            [team.id]: {
+              name: team.name,
+              logoUrl: team.logoUrl,
+              url: team.url,
+            },
+          })
+        );
        ctx.cookies.set('sessions', sessions, {
          httpOnly: false,
          expires,
--- a/server/utils/renderpage.js
+++ b/server/utils/renderpage.js
@ -15,7 +15,9 @@ const sheet = new ServerStyleSheet();
 export default function renderpage(ctx: Object, children: React.Node) {
  let sessions = {};
  try {
-    sessions = JSON.parse(ctx.cookies.get('sessions') || '{}');
+    sessions = JSON.parse(
+      decodeURIComponent(ctx.cookies.get('sessions') || '') || '{}'
+    );
  } catch (err) {
    console.error(`Sessions cookie could not be parsed: ${err}`);
  }
--- a/yarn.lock
+++ b/yarn.lock
@ -5468,10 +5468,6 @@ js-beautify@^1.6.11:
    mkdirp "~0.5.0"
    nopt "~3.0.1"

-js-cookie@^2.2.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/js-cookie/-/js-cookie-2.2.0.tgz#1b2c279a6eece380a12168b92485265b35b1effb"
-
 js-search@^1.4.2:
  version "1.4.2"
  resolved "https://registry.yarnpkg.com/js-search/-/js-search-1.4.2.tgz#59a91e117d6badb20bf0d7643ba7577d5a81d7e2"
@ -9637,6 +9633,10 @@ timers-ext@0.1, timers-ext@^0.1.2:
    es5-ext "~0.10.14"
    next-tick "1"

+tiny-cookie@^2.3.1:
+  version "2.3.1"
+  resolved "https://registry.yarnpkg.com/tiny-cookie/-/tiny-cookie-2.3.1.tgz#f0ea9fa194f2aed631dcd5e69ac0d6587be928c8"
+
 tiny-emitter@^2.0.0:
  version "2.0.2"
  resolved "https://registry.yarnpkg.com/tiny-emitter/-/tiny-emitter-2.0.2.tgz#82d27468aca5ade8e5fd1e6d22b57dd43ebdfb7c"