chore (cleanup): cleanup session management

2025-12-28 19:22:31 +01:00 · 2024-09-10 23:00:34 +10:00 · 2024-09-10 23:00:34 +10:00 · d53ac30497
commit d53ac30497
parent 9baf4b0f74
3 changed files with 20 additions and 31 deletions
--- a/public/assets/boot/ctrl_boot_frontoffice.js
+++ b/public/assets/boot/ctrl_boot_frontoffice.js
@ -15,7 +15,6 @@ export default async function main() {
            setup_blue_death_screen(),
            setup_history(),
            setup_polyfill(),
-            setup_iframe(),
        ]);

        await Promise.all([ // procedure with dependency on config
@ -107,22 +106,3 @@ async function setup_polyfill() {
        await loadJS(import.meta.url, "../lib/polyfill.js");
    }
 }
-
-// In safari and duck duck go browser, cross domain iframe cannot inject cookies,
-// see https://support.apple.com/en-au/guide/safari/sfri40732/mac
-// hopefully one day, they provide support for partitioned cookie and we can remove this code
-// but until that happens we had to find a way to inject authorisation within ../lib/ajax.js
-async function setup_iframe() {
-    if (window.self === window.top) return;
-
-    window.addEventListener("pagechange", async() => {
-        if (location.hash === "") return; // happy path
-
-        const token = new URLSearchParams(location.hash.replace(new RegExp("^#"), "?")).get("bearer");
-        if (token) window.BEARER_TOKEN = token;
-
-        if (location.pathname === toHref("/logout")) {
-            delete window.BEARER_TOKEN;
-        }
-    });
-}
--- a/public/assets/model/session.js
+++ b/public/assets/model/session.js
@ -2,15 +2,6 @@ import rxjs from "../lib/rx.js";
 import ajax from "../lib/ajax.js";
 import { forwardURLParams } from "../lib/path.js";

-export function createSession(authenticationRequest) {
-    return ajax({
-        method: "POST",
-        url: withShare("./api/session"),
-        body: authenticationRequest,
-        responseType: "json",
-    });
-}
-
 export function getSession() {
    return ajax({
        url: withShare("api/session"),
@ -21,11 +12,30 @@ export function getSession() {
    );
 }

+export function createSession(authenticationRequest) {
+    return ajax({
+        method: "POST",
+        url: withShare("api/session"),
+        body: authenticationRequest,
+        responseType: "json",
+    }).pipe(rxjs.tap(({ responseHeaders }) => {
+        if (responseHeaders.bearer) window.BEARER_TOKEN = responseHeaders.bearer; // see ctrl_boot_frontoffice.js -> setup_iframe
+    }));
+}
+
 export function deleteSession() {
    return ajax({
        url: withShare("api/session"),
        method: "DELETE"
-    });
+    }).pipe(rxjs.tap(() => {
+        delete window.BEARER_TOKEN;
+    }));
 }

+window.addEventListener("pagechange", async() => {
+    if (location.hash === "") return; // happy path
+    const token = new URLSearchParams(location.hash.replace(new RegExp("^#"), "?")).get("bearer");
+    if (token) window.BEARER_TOKEN = token;
+});
+
 const withShare = (url) => forwardURLParams(url, ["share"]);
--- a/public/assets/pages/connectpage/ctrl_form.js
+++ b/public/assets/pages/connectpage/ctrl_form.js
@ -199,7 +199,6 @@ export default async function(render) {
                rxjs.tap(() => toggleLoader(true)),
                rxjs.mergeMap(() => createSession(formData)),
                rxjs.tap(({ responseJSON, responseHeaders }) => {
-                    if (responseHeaders.bearer) window.BEARER_TOKEN = responseHeaders.bearer; // see ctrl_boot_frontoffice.js -> setup_iframe
                    let redirectURL = toHref("/files/");
                    const GET = getURLParams();
                    if (GET["next"]) redirectURL = GET["next"];