diff options
| author |  vnugent <public@vaughnnugent.com> | 2024-01-13 22:46:49 -0500 |
|---|---|---|
| committer | vnugent <public@vaughnnugent.com> | 2024-01-13 22:46:49 -0500 |
| commit | b6bd8c9305f08b64a78ec5f2c56b0fbaa12163db (patch) | |
| tree | df7328b1d1e0059f2f7f599a6c4c7e7f465a9a06 /lib/vnlib.browser | |
| parent | bbec3d87a356cd6401ba16e47554780a1ecd8ced (diff) | |
some request security updates
Diffstat (limited to 'lib/vnlib.browser')
| -rw-r--r-- | lib/vnlib.browser/src/axios/index.ts | 4 | ||||
| -rw-r--r-- | lib/vnlib.browser/src/session/internal.ts | 4 | ||||
| -rw-r--r-- | lib/vnlib.browser/src/session/types.ts | 2 |
3 files changed, 5 insertions, 5 deletions
diff --git a/lib/vnlib.browser/src/axios/index.ts b/lib/vnlib.browser/src/axios/index.ts index 644011e..2780102 100644 --- a/lib/vnlib.browser/src/axios/index.ts +++ b/lib/vnlib.browser/src/axios/index.ts @@ -1,4 +1,4 @@ -// Copyright (c) 2023 Vaughn Nugent +// Copyright (c) 2024 Vaughn Nugent // // Permission is hereby granted, free of charge, to any person obtaining a copy of // this software and associated documentation files (the "Software"), to deal in @@ -37,7 +37,7 @@ const configureAxiosInternal = (instance: Axios, session: ISession, tokenHeader: // See if the current session is logged in if (tokenHeaderValue && loggedIn.value) { // Get an otp for the request - config.headers[tokenHeaderValue] = await generateOneTimeToken() + config.headers[tokenHeaderValue] = await generateOneTimeToken(config.url!); } // Return the config return config diff --git a/lib/vnlib.browser/src/session/internal.ts b/lib/vnlib.browser/src/session/internal.ts index d7856c3..71e1cfa 100644 --- a/lib/vnlib.browser/src/session/internal.ts +++ b/lib/vnlib.browser/src/session/internal.ts @@ -162,7 +162,7 @@ const createUtil = (utilState: Ref<SessionConfig>, sessionStorage: Ref<IStateSto token.value = ArrayBuffToBase64(decrypted) } - const generateOneTimeToken = async (): Promise<string | null> => { + const generateOneTimeToken = async (path: string): Promise<string | null> => { //we need to get the shared key from storage and decode it, it may be null if not set const sharedKey = token.value ? Base64ToUint8Array(token.value) : null @@ -176,7 +176,7 @@ const createUtil = (utilState: Ref<SessionConfig>, sessionStorage: Ref<IStateSto //Get the alg from the config const alg = get(sigAlg); - const jwt = new SignJWT({ 'nonce': nonce }) + const jwt = new SignJWT({ 'nonce': nonce, path }) //Set alg jwt.setProtectedHeader({ alg }) //Iat is the only required claim at the current time utc diff --git a/lib/vnlib.browser/src/session/types.ts b/lib/vnlib.browser/src/session/types.ts index bbb5de6..ebb5aa7 100644 --- a/lib/vnlib.browser/src/session/types.ts +++ b/lib/vnlib.browser/src/session/types.ts @@ -77,7 +77,7 @@ export interface ISession { * Computes a one time key for a fetch request security header * It is a signed jwt token that is valid for a short period of time */ - generateOneTimeToken(): Promise<string | null>; + generateOneTimeToken(path: string): Promise<string | null>; /** * Clears the session login status and removes all client side |