Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Destroy session + introduce http config #7336

Merged
merged 16 commits into from
May 19, 2024
Merged

feat: Destroy session + introduce http config #7336

merged 16 commits into from
May 19, 2024

Conversation

olivermrbl
Copy link
Contributor

@olivermrbl olivermrbl commented May 15, 2024
edited

Introduce

  • DELETE /auth/session to destroy session, used for sign outs
  • New http config in projectConfig*

*This PR introduces a breaking change by replacing some existing configs with an auth property in projectConfig.

We will go from

projectConfig: {
  ...,
  jwt_secret: "test",
  cookie_secret: "test",
  auth_cors: "..."
}

to

projectConfig: {
  ...,
  http: {
    jwtSecret: "test",
    cookieSecret: "test",
    authCors: "...",
    storeCors: "...",
    adminCors: "..."
  }
}

Additionally, an additional config jwtExpiresIn is introduced to control the expiry time of the issued JWT tokens. Default is 24 hours.

In the future, we should consider supporting settings per scope and provider, but I don't think this is very important right now.

@vercel Vercel
Copy link

vercel bot commented May 15, 2024
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
medusa-dashboard ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 19, 2024 9:09am
3 Ignored Deployments
Name Status Preview Comments Updated (UTC)
api-reference ⬜️ Ignored (Inspect) May 19, 2024 9:09am
docs-ui ⬜️ Ignored (Inspect) Visit Preview May 19, 2024 9:09am
medusa-docs ⬜️ Ignored (Inspect) Visit Preview May 19, 2024 9:09am

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented May 15, 2024
edited

⚠️ No Changeset found

Latest commit: 71f459a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

sradevski
sradevski reviewed May 15, 2024
View reviewed changes
packages/medusa/src/loaders/index.ts Outdated Show resolved Hide resolved
packages/medusa/src/loaders/config.ts Outdated Show resolved Hide resolved
packages/medusa/src/loaders/config.ts Outdated Show resolved Hide resolved
packages/medusa/src/api-v2/auth/middlewares.ts Outdated Show resolved Hide resolved
@olivermrbl olivermrbl changed the title [wip] destroy session feat: Destroy session + introduce auth config May 15, 2024
@olivermrbl olivermrbl marked this pull request as ready for review May 15, 2024 10:47
@olivermrbl olivermrbl requested a review from a team as a code owner May 15, 2024 10:47
adrien2p
adrien2p previously approved these changes May 15, 2024
View reviewed changes
Copy link
Member

@adrien2p adrien2p left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good to me

packages/core/types/src/common/config-module.ts Outdated Show resolved Hide resolved
packages/core/types/src/common/config-module.ts Outdated Show resolved Hide resolved
@olivermrbl
Copy link
Contributor Author

olivermrbl commented May 16, 2024
edited

Should we change the auth config to http and put everything related to that in there:

http: {
    jwtSecret: "test",
    cookieSecret: "test",
    authCors: "...",
    storeCors: "...",
    authCors: "...",  
    compression: { ... }
  }

cc @srindom

@adrien2p
Copy link
Member

I think it can make sense 👍 jwt is really specific to auth but I am find with defining the config in a kind of layer approach

@carlos-r-l-rodrigues
Copy link
Contributor

I believe http makes sense.

@olivermrbl
Copy link
Contributor Author

Done, let me know what you think :)

carlos-r-l-rodrigues
carlos-r-l-rodrigues approved these changes May 16, 2024
View reviewed changes
Copy link
Contributor

@carlos-r-l-rodrigues carlos-r-l-rodrigues left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

@olivermrbl olivermrbl changed the title feat: Destroy session + introduce auth config feat: Destroy session + introduce http config May 17, 2024
@olivermrbl
Copy link
Contributor Author

@shahednasser, would you be up for helping me ensure the documentation reflects these changes? 🙏

@shahednasser
Copy link
Member

@olivermrbl yes thanks for letting me know!

@olivermrbl
Copy link
Contributor Author

olivermrbl commented May 17, 2024
edited

Btw. I still need to clean up after we decided to make all these changes breaking. Essentially, it means we won't be keeping any of the old secrets and configs that have been moved to http.

@olivermrbl olivermrbl merged commit bf4724b into develop May 19, 2024
17 checks passed
@olivermrbl olivermrbl deleted the feat/sign-out-func branch May 19, 2024 10:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sradevski sradevski sradevski approved these changes

@adrien2p adrien2p adrien2p left review comments

@carlos-r-l-rodrigues carlos-r-l-rodrigues carlos-r-l-rodrigues approved these changes

@fPolic fPolic Awaiting requested review from fPolic fPolic is a code owner automatically assigned from medusajs/engineering

Assignees
No one assigned
Labels
team: medusa type: feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@olivermrbl @adrien2p @carlos-r-l-rodrigues @shahednasser @sradevski