From b6bd8c9305f08b64a78ec5f2c56b0fbaa12163db Mon Sep 17 00:00:00 2001
From: vnugent <public@vaughnnugent.com>
Date: Sat, 13 Jan 2024 22:46:49 -0500
Subject: some request security updates

---
 lib/vnlib.browser/src/axios/index.ts      | 4 ++--
 lib/vnlib.browser/src/session/internal.ts | 4 ++--
 lib/vnlib.browser/src/session/types.ts    | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'lib/vnlib.browser')

diff --git a/lib/vnlib.browser/src/axios/index.ts b/lib/vnlib.browser/src/axios/index.ts
index 644011e..2780102 100644
--- a/lib/vnlib.browser/src/axios/index.ts
+++ b/lib/vnlib.browser/src/axios/index.ts
@@ -1,4 +1,4 @@
-// Copyright (c) 2023 Vaughn Nugent
+// Copyright (c) 2024 Vaughn Nugent
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy of
 // this software and associated documentation files (the "Software"), to deal in
@@ -37,7 +37,7 @@ const configureAxiosInternal = (instance: Axios, session: ISession, tokenHeader:
         // See if the current session is logged in
         if (tokenHeaderValue && loggedIn.value) {
             // Get an otp for the request
-            config.headers[tokenHeaderValue] = await generateOneTimeToken()
+            config.headers[tokenHeaderValue] = await generateOneTimeToken(config.url!);
         }
         // Return the config
         return config
diff --git a/lib/vnlib.browser/src/session/internal.ts b/lib/vnlib.browser/src/session/internal.ts
index d7856c3..71e1cfa 100644
--- a/lib/vnlib.browser/src/session/internal.ts
+++ b/lib/vnlib.browser/src/session/internal.ts
@@ -162,7 +162,7 @@ const createUtil = (utilState: Ref<SessionConfig>, sessionStorage: Ref<IStateSto
         token.value = ArrayBuffToBase64(decrypted)
     }
 
-    const generateOneTimeToken = async (): Promise<string | null> => {
+    const generateOneTimeToken = async (path: string): Promise<string | null> => {
         //we need to get the shared key from storage and decode it, it may be null if not set
         const sharedKey = token.value ? Base64ToUint8Array(token.value) : null
 
@@ -176,7 +176,7 @@ const createUtil = (utilState: Ref<SessionConfig>, sessionStorage: Ref<IStateSto
         //Get the alg from the config
         const alg = get(sigAlg);
 
-        const jwt = new SignJWT({ 'nonce': nonce })
+        const jwt = new SignJWT({ 'nonce': nonce, path })
         //Set alg
         jwt.setProtectedHeader({ alg })
             //Iat is the only required claim at the current time utc
diff --git a/lib/vnlib.browser/src/session/types.ts b/lib/vnlib.browser/src/session/types.ts
index bbb5de6..ebb5aa7 100644
--- a/lib/vnlib.browser/src/session/types.ts
+++ b/lib/vnlib.browser/src/session/types.ts
@@ -77,7 +77,7 @@ export interface ISession {
      * Computes a one time key for a fetch request security header
      * It is a signed jwt token that is valid for a short period of time
      */
-    generateOneTimeToken(): Promise<string | null>;
+    generateOneTimeToken(path: string): Promise<string | null>;
 
     /**
      * Clears the session login status and removes all client side
-- 
cgit