Improved JWT security

2025-09-26 23:27:07 -05:00
parent 2cd1cb64a3
commit b0f25a6971
17 changed files with 407 additions and 217 deletions
--- a/src/ui/Mobile/MobileApp.tsx
+++ b/src/ui/Mobile/MobileApp.tsx
@@ -25,46 +25,36 @@ const AppContent: FC = () => {

  useEffect(() => {
    const checkAuth = () => {
-      const jwt = getCookie("jwt");
-      if (jwt) {
-        setAuthLoading(true);
-        getUserInfo()
-          .then((meRes) => {
-            setIsAuthenticated(true);
-            setIsAdmin(!!meRes.is_admin);
-            setUsername(meRes.username || null);
-            
-            // Check if user data is unlocked
-            if (!meRes.data_unlocked) {
-              // Data is locked - user needs to re-authenticate
-              console.warn("User data is locked - re-authentication required");
-              setIsAuthenticated(false);
-              setIsAdmin(false);
-              setUsername(null);
-              document.cookie = "jwt=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;";
-            }
-          })
-          .catch((err) => {
+      // With HttpOnly cookies, we can't check for JWT presence from frontend
+      // Instead, we'll try to get user info and handle the response
+      setAuthLoading(true);
+      getUserInfo()
+        .then((meRes) => {
+          setIsAuthenticated(true);
+          setIsAdmin(!!meRes.is_admin);
+          setUsername(meRes.username || null);
+          
+          // Check if user data is unlocked
+          if (!meRes.data_unlocked) {
+            // Data is locked - user needs to re-authenticate
+            console.warn("User data is locked - re-authentication required");
            setIsAuthenticated(false);
            setIsAdmin(false);
            setUsername(null);
-            
-            // Check if this is a session expiration error
-            const errorCode = err?.response?.data?.code;
-            if (errorCode === "SESSION_EXPIRED") {
-              console.warn("Session expired - please log in again");
-            }
-            
-            document.cookie =
-              "jwt=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;";
-          })
-          .finally(() => setAuthLoading(false));
-      } else {
-        setIsAuthenticated(false);
-        setIsAdmin(false);
-        setUsername(null);
-        setAuthLoading(false);
-      }
+          }
+        })
+        .catch((err) => {
+          setIsAuthenticated(false);
+          setIsAdmin(false);
+          setUsername(null);
+          
+          // Check if this is a session expiration error
+          const errorCode = err?.response?.data?.code;
+          if (errorCode === "SESSION_EXPIRED") {
+            console.warn("Session expired - please log in again");
+          }
+        })
+        .finally(() => setAuthLoading(false));
    };

    checkAuth();