From 15e515720f8c5551815c8d8883d62b3e200d095e Mon Sep 17 00:00:00 2001 From: Nate Kelley Date: Thu, 23 Jan 2025 16:33:33 -0700 Subject: [PATCH 1/2] add secure middleware checks --- web/src/app/app/_components/Lists/FavoriteStar.tsx | 4 +++- .../_ThreadListContainer/_ThreadItemsContainer.tsx | 5 ++--- web/src/components/layout/AppSplitter/AppSplitter.tsx | 6 +++--- web/src/components/layout/AppSplitter/helper.ts | 10 ++++++++++ web/src/middleware.ts | 6 +++++- 5 files changed, 23 insertions(+), 8 deletions(-) diff --git a/web/src/app/app/_components/Lists/FavoriteStar.tsx b/web/src/app/app/_components/Lists/FavoriteStar.tsx index 97fd3043e..23747047f 100644 --- a/web/src/app/app/_components/Lists/FavoriteStar.tsx +++ b/web/src/app/app/_components/Lists/FavoriteStar.tsx @@ -68,7 +68,9 @@ export const FavoriteStar: React.FC<{ classNames={{ icon: '!text-inherit !mt-[-2px]' }} - className={cx(className, 'flex', styles.icon, iconStyle, { 'is-favorited': isFavorited })} + className={cx(className, 'flex', styles.icon, iconStyle, { + 'is-favorited opacity-100': isFavorited + })} onClick={onFavoriteClick} type="text" icon={} diff --git a/web/src/app/app/metrics/_ThreadListContainer/_ThreadItemsContainer.tsx b/web/src/app/app/metrics/_ThreadListContainer/_ThreadItemsContainer.tsx index 0954bd013..34d00d7da 100644 --- a/web/src/app/app/metrics/_ThreadListContainer/_ThreadItemsContainer.tsx +++ b/web/src/app/app/metrics/_ThreadListContainer/_ThreadItemsContainer.tsx @@ -241,14 +241,13 @@ const TitleCell = React.memo<{ title: string; status: BusterVerificationStatus; {title} -
+
diff --git a/web/src/components/layout/AppSplitter/AppSplitter.tsx b/web/src/components/layout/AppSplitter/AppSplitter.tsx index 87a09c79c..b4ad3dd3e 100644 --- a/web/src/components/layout/AppSplitter/AppSplitter.tsx +++ b/web/src/components/layout/AppSplitter/AppSplitter.tsx @@ -3,7 +3,7 @@ import { useMemoizedFn } from 'ahooks'; import React, { useEffect, useMemo, useState, forwardRef, useImperativeHandle } from 'react'; import SplitPane, { Pane } from './SplitPane'; -import { createAutoSaveId } from './helper'; +import { createAutoSaveId, setAppSplitterCookie } from './helper'; import Cookies from 'js-cookie'; import { createStyles } from 'antd-style'; @@ -101,7 +101,7 @@ export const AppSplitter = forwardRef< setSizes(sizes); const key = createAutoSaveId(autoSaveId); const sizesString = preserveSide === 'left' ? [sizes[0], 'auto'] : ['auto', sizes[1]]; - Cookies.set(key, JSON.stringify(sizesString), { expires: 365 }); + setAppSplitterCookie(key, sizesString); }); const onPreserveSide = useMemoizedFn(() => { @@ -130,7 +130,7 @@ export const AppSplitter = forwardRef< const key = createAutoSaveId(autoSaveId); const sizesString = preserveSide === 'left' ? [newSizes[0], 'auto'] : ['auto', newSizes[1]]; - Cookies.set(key, JSON.stringify(sizesString), { expires: 365 }); + setAppSplitterCookie(key, sizesString); } } })); diff --git a/web/src/components/layout/AppSplitter/helper.ts b/web/src/components/layout/AppSplitter/helper.ts index 86f688f30..116a637c4 100644 --- a/web/src/components/layout/AppSplitter/helper.ts +++ b/web/src/components/layout/AppSplitter/helper.ts @@ -1 +1,11 @@ export const createAutoSaveId = (id: string) => `app-splitter-${id}`; + +import Cookies from 'js-cookie'; + +export const setAppSplitterCookie = (key: string, value: any) => { + Cookies.set(key, JSON.stringify(value), { + expires: 365, + secure: true, + sameSite: 'strict' + }); +}; diff --git a/web/src/middleware.ts b/web/src/middleware.ts index 93e364cec..da2ea8aa6 100644 --- a/web/src/middleware.ts +++ b/web/src/middleware.ts @@ -9,7 +9,11 @@ export async function middleware(request: NextRequest) { const performUserCheck = !isPublicPage(request); supabaseResponse.headers.set('x-next-pathname', request.nextUrl.pathname); - supabaseResponse.cookies.set('x-next-pathname', request.nextUrl.pathname); + supabaseResponse.cookies.set('x-next-pathname', request.nextUrl.pathname, { + secure: true, + httpOnly: true, + sameSite: 'lax' + }); if (performUserCheck && !user && !request.nextUrl.pathname.includes('/test/')) { return NextResponse.redirect( From 02d0f9f2c40343a257ad90c89d0dd0f6358b891d Mon Sep 17 00:00:00 2001 From: Nate Kelley Date: Thu, 23 Jan 2025 16:37:44 -0700 Subject: [PATCH 2/2] Update supabase server to secure and http only --- web/src/context/Supabase/server.ts | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/web/src/context/Supabase/server.ts b/web/src/context/Supabase/server.ts index 956aaf96a..409d53e31 100644 --- a/web/src/context/Supabase/server.ts +++ b/web/src/context/Supabase/server.ts @@ -1,4 +1,4 @@ -import { createServerClient, type CookieOptions } from '@supabase/ssr'; +import { createServerClient } from '@supabase/ssr'; import { cookies } from 'next/headers'; export async function createClient() { @@ -8,6 +8,14 @@ export async function createClient() { process.env.NEXT_PUBLIC_SUPABASE_URL!, process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!, { + cookieOptions: { + secure: true, + httpOnly: true + }, + auth: { + autoRefreshToken: true, + persistSession: true + }, cookies: { getAll() { return cookieStore.getAll();