From 235d47caff85907600a5db05dc05cd969ee96e39 Mon Sep 17 00:00:00 2001 From: Brandon Bayer Date: Sat, 2 Oct 2021 12:15:33 -0400 Subject: [PATCH] also move publicData to local storage and use cookiePrefix --- nextjs/packages/next/data-client/auth.ts | 17 +++++++++++++---- nextjs/packages/next/data-client/constants.ts | 4 +++- nextjs/packages/next/data-client/rpc.ts | 3 ++- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/nextjs/packages/next/data-client/auth.ts b/nextjs/packages/next/data-client/auth.ts index 83d0d5482c..dac2684b8e 100644 --- a/nextjs/packages/next/data-client/auth.ts +++ b/nextjs/packages/next/data-client/auth.ts @@ -3,8 +3,9 @@ import BadBehavior from 'bad-behavior' import { COOKIE_CSRF_TOKEN, COOKIE_PUBLIC_DATA_TOKEN, - LOCALSTORAGE_ANTICSRF, + LOCALSTORAGE_CSRF_TOKEN, LOCALSTORAGE_PREFIX, + LOCALSTORAGE_PUBLIC_DATA_TOKEN, } from './constants' import { deleteCookie, @@ -81,6 +82,7 @@ class PublicDataStore { clear() { deleteCookie(COOKIE_PUBLIC_DATA_TOKEN()) + localStorage.removeItem(LOCALSTORAGE_PUBLIC_DATA_TOKEN()) this.updateState(emptyPublicData) } @@ -95,7 +97,14 @@ class PublicDataStore { } private getToken() { - return readCookie(COOKIE_PUBLIC_DATA_TOKEN()) + const cookieValue = readCookie(COOKIE_PUBLIC_DATA_TOKEN()) + if (cookieValue) { + localStorage.setItem(LOCALSTORAGE_PUBLIC_DATA_TOKEN(), cookieValue) + deleteCookie(COOKIE_PUBLIC_DATA_TOKEN()) + return cookieValue + } else { + return localStorage.getItem(LOCALSTORAGE_PUBLIC_DATA_TOKEN()) + } } } export const getPublicDataStore = (): PublicDataStore => { @@ -108,11 +117,11 @@ export const getPublicDataStore = (): PublicDataStore => { export const getAntiCSRFToken = () => { const cookieValue = readCookie(COOKIE_CSRF_TOKEN()) if (cookieValue) { - localStorage.setItem(LOCALSTORAGE_ANTICSRF, cookieValue) + localStorage.setItem(LOCALSTORAGE_CSRF_TOKEN(), cookieValue) deleteCookie(COOKIE_CSRF_TOKEN()) return cookieValue } else { - return localStorage.getItem(LOCALSTORAGE_ANTICSRF) + return localStorage.getItem(LOCALSTORAGE_CSRF_TOKEN()) } } diff --git a/nextjs/packages/next/data-client/constants.ts b/nextjs/packages/next/data-client/constants.ts index 7efd89a236..acbe0a3c17 100644 --- a/nextjs/packages/next/data-client/constants.ts +++ b/nextjs/packages/next/data-client/constants.ts @@ -29,4 +29,6 @@ export const HEADER_SESSION_REVOKED = 'session-revoked' export const HEADER_CSRF_ERROR = 'csrf-error' export const LOCALSTORAGE_PREFIX = '_blitz-' -export const LOCALSTORAGE_ANTICSRF = `${LOCALSTORAGE_PREFIX}anticsrf` +export const LOCALSTORAGE_CSRF_TOKEN = () => `${prefix()}_sAntiCsrfToken` +export const LOCALSTORAGE_PUBLIC_DATA_TOKEN = () => + `${prefix()}_sPublicDataToken` diff --git a/nextjs/packages/next/data-client/rpc.ts b/nextjs/packages/next/data-client/rpc.ts index 1483fbf4f2..ec4e0c9bf6 100644 --- a/nextjs/packages/next/data-client/rpc.ts +++ b/nextjs/packages/next/data-client/rpc.ts @@ -192,7 +192,8 @@ export function buildRpcClient({ json: payload.error, meta: payload.meta?.error, }) as any - // We don't clear the publicDataStore for anonymous users + // We don't clear the publicDataStore for anonymous users, + // because there is not sensitive data if ( error.name === 'AuthenticationError' && getPublicDataStore().getData().userId