From 6130a7379003d4aa1d347524aafa1345f1d06b2c Mon Sep 17 00:00:00 2001 From: ThrRip Date: Fri, 10 Nov 2023 06:13:03 +0800 Subject: [PATCH] admin: Enhance the security of the Entry Token cookie --- app.config.ts | 1 + packages/admin/ecosystem.config.js | 1 + packages/admin/middleware/entry.global.ts | 7 ++++++- packages/admin/nuxt.config.ts | 1 + 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/app.config.ts b/app.config.ts index 24d13b4..3dbd874 100644 --- a/app.config.ts +++ b/app.config.ts @@ -1,5 +1,6 @@ export default defineAppConfig({ appHomeBase: 'https://mzg.fan/', + appAdminBasePath: '/admin', backendBase: 'https://api.mzg.fan/v1', backendProjectId: '649758e1eb1fa584a04d', diff --git a/packages/admin/ecosystem.config.js b/packages/admin/ecosystem.config.js index 7a25f3e..5c45b4f 100644 --- a/packages/admin/ecosystem.config.js +++ b/packages/admin/ecosystem.config.js @@ -8,6 +8,7 @@ module.exports = { max_memory_restart: '200M', env: { 'NITRO_PORT': 22321, + 'NUXT_APP_SECURE_CONTEXT': true, 'NUXT_BACKEND_API_KEY': '' } } diff --git a/packages/admin/middleware/entry.global.ts b/packages/admin/middleware/entry.global.ts index ffbf84c..284dbcb 100644 --- a/packages/admin/middleware/entry.global.ts +++ b/packages/admin/middleware/entry.global.ts @@ -4,7 +4,12 @@ export default defineNuxtRouteMiddleware(async (to) => { if (process.client) { return } const entryTokenQuery = to.query.entrytoken - const entryTokenCookie = useCookie('admin_entry_token') + const entryTokenCookie = useCookie('admin_entry_token', { + maxAge: 2592000, + path: useAppConfig().appAdminBasePath, + sameSite: 'strict', + secure: useRuntimeConfig().appSecureContext + }) let entryToken = entryTokenQuery ?? entryTokenCookie.value if (!String(entryToken).match(/[A-Za-z0-9]{32}/)) { entryToken = null } diff --git a/packages/admin/nuxt.config.ts b/packages/admin/nuxt.config.ts index 49e8040..65e1191 100644 --- a/packages/admin/nuxt.config.ts +++ b/packages/admin/nuxt.config.ts @@ -41,6 +41,7 @@ export default defineNuxtConfig({ }, runtimeConfig: { + appSecureContext: true, backendApiKey: '' } })