Hashed user ID cookie improvements (#20232)

filiptronicek · web-flow · commit abb191fce00a · 2024-09-18T21:57:04.000-04:00
* refetch JWT cookie 20s after load

* set cookie on login

* make the cookie trigger at the right place
diff --git a/components/dashboard/src/user-context.tsx b/components/dashboard/src/user-context.tsx
@@ -18,6 +18,17 @@ const UserContext = createContext<{
     setUser: () => null,
 });
 
+const refetchCookie = async () => {
+    await fetch("/api/auth/jwt-cookie", {
+        credentials: "include",
+    })
+        .then((resp) => resp.text())
+        .then((text) => console.log(`Completed JWT Cookie refresh: ${text}`))
+        .catch((err) => {
+            console.log("Failed to update jwt-cookie", err);
+        });
+};
+
 const UserContextProvider: React.FC = ({ children }) => {
     const [user, setUser] = useState<User>();
 
@@ -46,16 +57,9 @@ const UserContextProvider: React.FC = ({ children }) => {
             const frequencyMs = 1000 * 60 * 5; // 5 mins
             if (!_gp.jwttimer) {
                 // Store the timer on the window, to avoid queuing up multiple
-                _gp.jwtTimer = setInterval(() => {
-                    fetch("/api/auth/jwt-cookie", {
-                        credentials: "include",
-                    })
-                        .then((resp) => resp.text())
-                        .then((text) => console.log(`Completed JWT Cookie refresh: ${text}`))
-                        .catch((err) => {
-                            console.log("Failed to update jwt-cookie", err);
-                        });
-                }, frequencyMs);
+                _gp.jwtTimer = setInterval(refetchCookie, frequencyMs);
+
+                setTimeout(refetchCookie, 20_000);
             }
         },
         [user, client],
diff --git a/components/server/src/auth/login-completion-handler.ts b/components/server/src/auth/login-completion-handler.ts
@@ -103,6 +103,7 @@ export class LoginCompletionHandler {
         // (default case) If we got redirected here onto the base domain of the Gitpod installation, we can just issue the cookie right away.
         const cookie = await this.session.createJWTSessionCookie(user.id);
         response.cookie(cookie.name, cookie.value, cookie.opts);
+        this.session.setHashedUserIdCookie(request, response);
         reportJWTCookieIssued();
 
         log.info(logContext, `User is logged in successfully. Redirect to: ${returnTo}`);
diff --git a/components/server/src/session-handler.ts b/components/server/src/session-handler.ts
@@ -241,7 +241,7 @@ export class SessionHandler {
         });
     }
 
-    private setHashedUserIdCookie(req: express.Request, res: express.Response): void {
+    public setHashedUserIdCookie(req: express.Request, res: express.Response): void {
         const user = req.user as User;
         if (!user) return;
 

Original file line number	Diff line number	Diff line change
`@@ -241,7 +241,7 @@ export class SessionHandler {`
`241`	`241`	`});`
`242`	`242`	`}`
`243`	`243`
`244`		`- private setHashedUserIdCookie(req: express.Request, res: express.Response): void {`
	`244`	`+ public setHashedUserIdCookie(req: express.Request, res: express.Response): void {`
`245`	`245`	`const user = req.user as User;`
`246`	`246`	`if (!user) return;`
`247`	`247`