Fix collaboration

will2hew · Jul 7, 2024 · 8dc0f62 · 8dc0f62
1 parent 73d34f3
commit 8dc0f62
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 37 deletions.
diff --git a/apps/client/src/features/editor/page-editor.tsx b/apps/client/src/features/editor/page-editor.tsx
@@ -74,7 +74,9 @@ export default function PageEditor({ pageId, editable }: PageEditorProps) {
       name: documentName,
       url: collaborationURL,
       document: ydoc,
-      token: token?.accessToken,
+      // This isn't actually used, we use the server-side cookie. Requiring this is a known bug of hocuspocus (#596)
+      // and is scheduled to be fixed in an upcoming release.
+      token: "notoken",
       connect: false,
     });
 

diff --git a/apps/client/src/lib/api-client.ts b/apps/client/src/lib/api-client.ts
@@ -7,28 +7,6 @@ const api: AxiosInstance = axios.create({
   withCredentials: true,
 });
 
-api.interceptors.request.use(
-  (config) => {
-    const tokenData = Cookies.get("authTokens");
-
-    let accessToken: string;
-    try {
-      accessToken = tokenData && JSON.parse(tokenData)?.accessToken;
-    } catch (err) {
-      console.log("invalid authTokens:", err.message);
-      Cookies.remove("authTokens");
-    }
-
-    if (accessToken) {
-      config.headers.Authorization = `Bearer ${accessToken}`;
-    }
-    return config;
-  },
-  (error) => {
-    return Promise.reject(error);
-  }
-);
-
 api.interceptors.response.use(
   (response) => {
     return response.data;
@@ -52,7 +30,6 @@ api.interceptors.response.use(
               .includes("workspace not found")
           ) {
             console.log("workspace not found");
-            Cookies.remove("authTokens");
 
             if (window.location.pathname != Routes.AUTH.SETUP) {
               window.location.href = Routes.AUTH.SETUP;
@@ -67,7 +44,7 @@ api.interceptors.response.use(
       }
     }
     return Promise.reject(error);
-  }
+  },
 );
 
 function redirectToLogin() {

diff --git a/apps/server/package.json b/apps/server/package.json
@@ -57,6 +57,7 @@
     "bytes": "^3.1.2",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.1",
+    "cookie": "^0.6.0",
     "fix-esm": "^1.0.1",
     "fs-extra": "^11.2.0",
     "kysely": "^0.27.3",
@@ -85,6 +86,7 @@
     "@nestjs/testing": "^10.3.9",
     "@types/bcrypt": "^5.0.2",
     "@types/bytes": "^3.1.4",
+    "@types/cookie": "^0.6.0",
     "@types/debounce": "^1.2.4",
     "@types/fs-extra": "^11.0.4",
     "@types/jest": "^29.5.12",

diff --git a/apps/server/src/collaboration/extensions/authentication.extension.ts b/apps/server/src/collaboration/extensions/authentication.extension.ts
@@ -12,6 +12,8 @@ import { SpaceMemberRepo } from '@docmost/db/repos/space/space-member.repo';
 import { findHighestUserSpaceRole } from '@docmost/db/repos/space/utils';
 import { SpaceRole } from '../../common/helpers/types/permission';
 import { getPageId } from '../collaboration.util';
+import * as Cookies from 'cookie';
+import { JwtPayload } from 'src/core/auth/dto/jwt-payload';
 
 @Injectable()
 export class AuthenticationExtension implements Extension {
@@ -25,17 +27,25 @@ export class AuthenticationExtension implements Extension {
   ) {}
 
   async onAuthenticate(data: onAuthenticatePayload) {
-    const { documentName, token } = data;
-    const pageId = getPageId(documentName);
+    const cookies = Cookies.parse(data.requestHeaders['cookie'] ?? '');
+    const token = cookies['token'];
+
+    if (!token) {
+      throw new UnauthorizedException('No token provided');
+    }
 
-    let jwtPayload = null;
+    let jwtPayload: JwtPayload;
 
     try {
       jwtPayload = await this.tokenService.verifyJwt(token);
     } catch (error) {
-      throw new UnauthorizedException('Could not verify jwt token');
+      throw new UnauthorizedException('Invalid JWT token');
     }
 
+    const { documentName } = data;
+
+    const pageId = getPageId(documentName);
+
     const userId = jwtPayload.sub;
     const workspaceId = jwtPayload.workspaceId;
 

diff --git a/apps/server/src/core/auth/strategies/jwt.strategy.ts b/apps/server/src/core/auth/strategies/jwt.strategy.ts
@@ -19,15 +19,10 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
     private workspaceRepo: WorkspaceRepo,
     private readonly environmentService: EnvironmentService,
   ) {
-    function extractFromCookie(req: FastifyRequest): string | undefined {
-      return req.cookies['token'];
-    }
-
     super({
-      jwtFromRequest: ExtractJwt.fromExtractors([
-        extractFromCookie,
-        ExtractJwt.fromAuthHeaderAsBearerToken(),
-      ]),
+      jwtFromRequest: (req: FastifyRequest) => {
+        return req.cookies['token'];
+      },
       ignoreExpiration: false,
       secretOrKey: environmentService.getAppSecret(),
       passReqToCallback: true,

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml