MCPcopy
hub / github.com/advplyr/audiobookshelf / paramsToCookies

Method paramsToCookies

server/Auth.js:218–249  ·  view source on GitHub ↗

* Stores the client's choice of login callback method in temporary cookies. * * The `authMethod` parameter specifies the authentication strategy and can have the following values: * - 'local': Standard authentication, * - 'api': Authentication for API use * - 'openid': OpenID authenti

(req, res, authMethod = 'local')

Source from the content-addressed store, hash-verified

216 * @returns {Object|null} - Returns error object if validation fails, null if successful
217 */
218 paramsToCookies(req, res, authMethod = 'local') {
219 const TWO_MINUTES = 120000 // 2 minutes in milliseconds
220 const callback = req.query.redirect_uri || req.query.callback
221
222 // Additional handling for non-API based authMethod
223 if (!this.isAuthMethodAPIBased(authMethod)) {
224 // Store 'auth_state' if present in the request
225 if (req.query.state) {
226 res.cookie('auth_state', req.query.state, { maxAge: TWO_MINUTES, httpOnly: true })
227 }
228
229 // Validate and store the callback URL
230 if (!callback) {
231 res.status(400).send({ message: 'No callback parameter' })
232 return { error: 'No callback parameter' }
233 }
234
235 // Security: Validate callback URL is same-origin only
236 if (!this.oidcAuthStrategy.isValidWebCallbackUrl(callback, req)) {
237 Logger.warn(`[Auth] Rejected invalid callback URL: ${callback}`)
238 res.status(400).send({ message: 'Invalid callback URL - must be same-origin' })
239 return { error: 'Invalid callback URL - must be same-origin' }
240 }
241
242 res.cookie('auth_cb', callback, { maxAge: TWO_MINUTES, httpOnly: true })
243 }
244
245 // Store the authentication method for long
246 Logger.debug(`[Auth] paramsToCookies: setting auth_method cookie to ${authMethod}`)
247 res.cookie('auth_method', authMethod, { maxAge: 1000 * 60 * 60 * 24 * 365 * 10, httpOnly: true })
248 return null
249 }
250
251 /**
252 * Informs the client in the right mode about a successfull login and the token

Callers 1

initAuthRoutesMethod · 0.95

Calls 4

isAuthMethodAPIBasedMethod · 0.95
isValidWebCallbackUrlMethod · 0.80
warnMethod · 0.65
debugMethod · 0.65

Tested by

no test coverage detected