Avoid cookie parameters (unreliable for Scala.js). Fix some session i…

…d issues.
OndrejSpanel · Oct 31, 2019 · df36c58 · df36c58
1 parent 35e20bd
commit df36c58
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 6 deletions.
diff --git a/backend/src/main/scala/com/github/opengrabeso/mixtio/requests/UdashApp.scala b/backend/src/main/scala/com/github/opengrabeso/mixtio/requests/UdashApp.scala
@@ -20,7 +20,7 @@ object UdashApp  extends DefineRequest("/app") {
         <script> // no secrets should be inserted here, this is readable by any end-user
           var currentUserId = '{auth.userId}';
           var currentAuthCode = getCookie('authCode');
-          var sessionId = `app-session-{System.currentTimeMillis().toString}`; // time when the session was created on the server
+          var sessionId = `{auth.sessionId}`; // time when the session was created on the server
           var mapBoxToken = `{auth.mapboxToken}`;
           appMain()
         </script>

diff --git a/backend/src/main/scala/com/github/opengrabeso/mixtio/rest/RestAPIServer.scala b/backend/src/main/scala/com/github/opengrabeso/mixtio/rest/RestAPIServer.scala
@@ -36,11 +36,12 @@ object RestAPIServer extends RestAPI with RestAPIUtils {
   }
 
   def userAPI(userId: String, authCode: String, session: String): UserRestAPI = {
-    println(s"Try userAPI for user $userId, session $session")
+    val logging = false
+    if (logging) println(s"Try userAPI for user $userId, session $session")
     val auth = Storage.load[StravaAuthResult](sessionFileName(session, userId, "auth"))
     auth.map { a =>
       if (a.code == authCode) {
-        println(s"Get userAPI for user $userId, session $session, auth.session ${a.sessionId}")
+        if (logging) println(s"Get userAPI for user $userId, session $session, auth.session ${a.sessionId}")
         new UserRestAPIServer(a)
       } else {
         throw HttpErrorException(401, "Provided auth code '$authCode' does not match the one stored on the server")

diff --git a/...d/src/main/scala/com/github/opengrabeso/mixtio/frontend/services/UserContextService.scala b/...d/src/main/scala/com/github/opengrabeso/mixtio/frontend/services/UserContextService.scala
@@ -56,7 +56,7 @@ class UserContextService(rpc: rest.RestAPI)(implicit ec: ExecutionContext) {
   private var userData: Option[UserContextData] = None
 
   def login(userId: String, authCode: String): UserContext = {
-    val sessionId = "api-session-" + System.currentTimeMillis().toString
+    val sessionId = facade.UdashApp.sessionId
     println(s"Login user $userId session $sessionId")
     val ctx = new UserContextData(userId, sessionId, authCode, rpc)
     userData = Some(ctx)
@@ -76,7 +76,7 @@ class UserContextService(rpc: rest.RestAPI)(implicit ec: ExecutionContext) {
   }
 
   def api: Option[rest.UserRestAPI] = userData.map { data =>
-    println(s"Call userAPI user ${data.context.userId} session ${data.sessionId}")
+    //println(s"Call userAPI user ${data.context.userId} session ${data.sessionId}")
     rpc.userAPI(data.context.userId, data.context.authCode, data.sessionId)
   }
 }
diff --git a/shared-js/src/main/scala/com/github/opengrabeso/mixtio/rest/RestAPI.scala b/shared-js/src/main/scala/com/github/opengrabeso/mixtio/rest/RestAPI.scala
@@ -13,7 +13,7 @@ trait RestAPI {
   def identity(@Path in: String): Future[String]
 
   @Prefix("user")
-  def userAPI(@Path userId: String, @Cookie authCode: String, @Cookie sessionId: String): UserRestAPI
+  def userAPI(@Path userId: String, @Path authCode: String, @Path sessionId: String): UserRestAPI
 
   @GET
   def now: Future[ZonedDateTime]