admin: Enhance the security of the Entry Token cookie

ThrRip · Nov 9, 2023 · 6130a73 · 6130a73
1 parent bd33363
commit 6130a73
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 1 deletion.
diff --git a/app.config.ts b/app.config.ts
@@ -1,5 +1,6 @@
 export default defineAppConfig({
   appHomeBase: 'https://mzg.fan/',
+  appAdminBasePath: '/admin',
 
   backendBase: 'https://api.mzg.fan/v1',
   backendProjectId: '649758e1eb1fa584a04d',

diff --git a/packages/admin/ecosystem.config.js b/packages/admin/ecosystem.config.js
@@ -8,6 +8,7 @@ module.exports = {
       max_memory_restart: '200M',
       env: {
         'NITRO_PORT': 22321,
+        'NUXT_APP_SECURE_CONTEXT': true,
         'NUXT_BACKEND_API_KEY': ''
       }
     }

diff --git a/packages/admin/middleware/entry.global.ts b/packages/admin/middleware/entry.global.ts
@@ -4,7 +4,12 @@ export default defineNuxtRouteMiddleware(async (to) => {
   if (process.client) { return }
 
   const entryTokenQuery = to.query.entrytoken
-  const entryTokenCookie = useCookie('admin_entry_token')
+  const entryTokenCookie = useCookie('admin_entry_token', {
+    maxAge: 2592000,
+    path: useAppConfig().appAdminBasePath,
+    sameSite: 'strict',
+    secure: useRuntimeConfig().appSecureContext
+  })
   let entryToken = entryTokenQuery ?? entryTokenCookie.value
   if (!String(entryToken).match(/[A-Za-z0-9]{32}/)) { entryToken = null }
 

diff --git a/packages/admin/nuxt.config.ts b/packages/admin/nuxt.config.ts
@@ -41,6 +41,7 @@ export default defineNuxtConfig({
   },
 
   runtimeConfig: {
+    appSecureContext: true,
     backendApiKey: ''
   }
 })