[WEB-2729] chore: updated live server auth cookies handling (#5913)

* chore: updated live server auth cookies handling * chore: update token parsing logic * fix: types and better logical seperation between the existing two tokens * fix: better fallback to use request headers for cookies --------- Co-authored-by: Palanikannan M <akashmalinimurugu@gmail.com>
2024-10-30 17:38:29 +05:30 · 2024-10-30 17:38:29 +05:30 · 8ea34b5995
commit 8ea34b5995
parent 403482fa6e
6 changed files with 54 additions and 33 deletions
--- a/live/src/core/hocuspocus-server.ts
+++ b/live/src/core/hocuspocus-server.ts
@ -4,6 +4,10 @@ import { v4 as uuidv4 } from "uuid";
 import { handleAuthentication } from "@/core/lib/authentication.js";
 // extensions
 import { getExtensions } from "@/core/extensions/index.js";
+// editor types
+import { TUserDetails } from "@plane/editor";
+// types
+import { type HocusPocusServerContext } from "@/core/types/common.js";

 export const getHocusPocusServer = async () => {
  const extensions = await getExtensions();
@ -12,20 +16,40 @@ export const getHocusPocusServer = async () => {
    name: serverName,
    onAuthenticate: async ({
      requestHeaders,
+      context,
      // user id used as token for authentication
      token,
    }) => {
-      // request headers
-      const cookie = requestHeaders.cookie?.toString();
+      let cookie: string | undefined = undefined;
+      let userId: string | undefined = undefined;

-      if (!cookie) {
-        throw Error("Credentials not provided");
+      // Extract cookie (fallback to request headers) and userId from token (for scenarios where
+      // the cookies are not passed in the request headers)
+      try {
+        const parsedToken = JSON.parse(token) as TUserDetails;
+        userId = parsedToken.id;
+        cookie = parsedToken.cookie;
+      } catch (error) {
+        // If token parsing fails, fallback to request headers
+        console.error("Token parsing failed, using request headers:", error);
+      } finally {
+        // If cookie is still not found, fallback to request headers
+        if (!cookie) {
+          cookie = requestHeaders.cookie?.toString();
+        }
      }

+      if (!cookie || !userId) {
+        throw new Error("Credentials not provided");
+      }
+
+      // set cookie in context, so it can be used throughout the ws connection
+      (context as HocusPocusServerContext).cookie = cookie;
+
      try {
        await handleAuthentication({
          cookie,
-          token,
+          userId,
        });
      } catch (error) {
        throw Error("Authentication unsuccessful!");