From c40617aaa1e040f43254feeaf39109e9c5a7302b Mon Sep 17 00:00:00 2001
From: razzanYoni <13521087@mahasiswa.itb.ac.id>
Date: Fri, 17 Nov 2023 12:28:46 +0700
Subject: [PATCH] fix : auth

---
 src/clients/php-client.ts                 | 3 +--
 src/controllers/auth-controller.ts        | 6 +++---
 src/cores/app.ts                          | 1 -
 src/middlewares/verify-token.ts           | 2 +-
 src/routers/subscription-router.ts        | 2 +-
 src/utils/file-processing.ts              | 1 -
 src/utils/token.ts                        | 2 +-
 src/validation/subscription-validation.ts | 6 +++---
 8 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/src/clients/php-client.ts b/src/clients/php-client.ts
index 29d193b..6f34e9e 100644
--- a/src/clients/php-client.ts
+++ b/src/clients/php-client.ts
@@ -49,8 +49,7 @@ const phpRequest = async (
 }
 
 const phpResponseDataParser = (data : string) : object => {
-    console.log(data)
-    return JSON.parse("{}");
+    return JSON.parse(data);
 }
 
 export default phpClient;
\ No newline at end of file
diff --git a/src/controllers/auth-controller.ts b/src/controllers/auth-controller.ts
index 1dc437d..c0cb9d9 100644
--- a/src/controllers/auth-controller.ts
+++ b/src/controllers/auth-controller.ts
@@ -24,6 +24,7 @@ const login = async (
   next: NextFunction,
 ): Promise<void> => {
   try {
+    console.log(req.body)
     const accessTokenAndFingerPrint = await AuthService.login(req.body);
     setFingerprintCookie(res, accessTokenAndFingerPrint.fingerprint);
     generateResponse(res, StatusCodes.OK, {accessToken: accessTokenAndFingerPrint.accessToken});
@@ -36,11 +37,10 @@ const setFingerprintCookie = (
   res: Response,
   fingerprint: string,
 ): void => {
-  res.cookie("__Secure-fingerprint", fingerprint, {
+  res.cookie("Secure-fingerprint", fingerprint, {
+    maxAge: 60 * 15 * 1000, // 15 minutes max age (same as access token expiry)
     httpOnly: true,
     secure: true,
-    sameSite: "strict",
-    maxAge: 60 * 15, // 15 minutes max age (same as access token expiry)
   });
 };
 
diff --git a/src/cores/app.ts b/src/cores/app.ts
index 9c3aeec..4a39460 100644
--- a/src/cores/app.ts
+++ b/src/cores/app.ts
@@ -3,7 +3,6 @@ import cookieParser from "cookie-parser";
 import cors from "cors";
 import dotenv from "dotenv";
 import apiRouter from "../routers/api";
-import path from "path";
 
 dotenv.config();
 
diff --git a/src/middlewares/verify-token.ts b/src/middlewares/verify-token.ts
index 137a4a2..68d69e3 100644
--- a/src/middlewares/verify-token.ts
+++ b/src/middlewares/verify-token.ts
@@ -36,7 +36,7 @@ const verifyToken = async (req: Request, res: Response, next: NextFunction) => {
       throw new StandardError(ErrorType.ACCESS_TOKEN_MISSING);
     }
 
-    const fingerprint = req.cookies["__Secure-fingerprint"];
+    const fingerprint = req.cookies["Secure-fingerprint"];
 
     if (!fingerprint) {
       throw new StandardError(ErrorType.FINGERPRINT_MISSING);
diff --git a/src/routers/subscription-router.ts b/src/routers/subscription-router.ts
index f90dc46..0cee04f 100644
--- a/src/routers/subscription-router.ts
+++ b/src/routers/subscription-router.ts
@@ -13,7 +13,7 @@ subscriptionRouter.post(
 );
 
 subscriptionRouter.get(
-    "/api/subscriptions",
+    "/api/subscription",
     verifyToken,
     SubscriptionController.searchSubscription,
     handleStandardError,
diff --git a/src/utils/file-processing.ts b/src/utils/file-processing.ts
index 6730d37..a459c42 100644
--- a/src/utils/file-processing.ts
+++ b/src/utils/file-processing.ts
@@ -1,4 +1,3 @@
-// TODO : save file to local storage
 import fs from "fs";
 
 const saveFile = async (file : Express.Multer.File, path : string) => {
diff --git a/src/utils/token.ts b/src/utils/token.ts
index 14e892d..3aee8b7 100644
--- a/src/utils/token.ts
+++ b/src/utils/token.ts
@@ -31,7 +31,7 @@ const generateAccessTokenAndFingerprint = async (data: {
         process.env.JWT_SHARED_SECRET as string,
         {
           algorithm: "HS256", // Only use HS256 to generate JWTs
-          expiresIn: "15m", // Valid for 15 minutes
+          expiresIn: "24h", // The token expires after 1 hour
           notBefore: "0ms", // The token is valid right away
           issuer: "Tonality REST Service",
         },
diff --git a/src/validation/subscription-validation.ts b/src/validation/subscription-validation.ts
index 17902d6..20302f5 100644
--- a/src/validation/subscription-validation.ts
+++ b/src/validation/subscription-validation.ts
@@ -7,9 +7,9 @@ const updateSubscriptionSchema = z.object({
 });
 
 const searchSubscriptionSchema = z.object({
-    status: z.string().min(1).max(255),
-    searchInput: z.optional(z.string().min(1).max(255)),
-    orderBy: z.optional(z.string().min(1).max(255)),
+    status: z.optional(z.string().min(1).max(255)),
+    searchInput: z.optional(z.string()),
+    orderBy: z.optional(z.string()),
     page: z.number().int().min(1),
     size: z.number().int().min(1),
 });
-- 
GitLab