🔥 Remove unused auth-data cookie asignation

2025-09-30 09:49:58 +02:00 · 2025-09-30 09:49:58 +02:00 · 14d53c224f
parent a1b8eb7074
commit 14d53c224f
2 changed files with 10 additions and 52 deletions
--- a/backend/src/app/config.clj
+++ b/backend/src/app/config.clj
@ -146,7 +146,6 @@
    [:quotes-team-access-requests-per-team {:optional true} ::sm/int]
    [:quotes-team-access-requests-per-requester {:optional true} ::sm/int]

-    [:auth-data-cookie-domain {:optional true} :string]
    [:auth-token-cookie-name {:optional true} :string]
    [:auth-token-cookie-max-age {:optional true} ::ct/duration]

--- a/backend/src/app/http/session.clj
+++ b/backend/src/app/http/session.clj
@ -11,7 +11,6 @@
   [app.common.logging :as l]
   [app.common.schema :as sm]
   [app.common.time :as ct]
-   [app.common.uri :as u]
   [app.config :as cf]
   [app.db :as db]
   [app.db.sql :as sql]
@ -148,9 +147,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

 (declare ^:private assign-auth-token-cookie)
-(declare ^:private assign-auth-data-cookie)
 (declare ^:private clear-auth-token-cookie)
-(declare ^:private clear-auth-data-cookie)
 (declare ^:private gen-token)

 (defn create-fn
@ -164,10 +161,9 @@
                   :user-agent uagent}
          token   (gen-token cfg params)
          session (write! manager token params)]
-      (l/trace :hint "create" :profile-id (str profile-id))
+      (l/trc :hint "create" :profile-id (str profile-id))
      (-> response
-          (assign-auth-token-cookie session)
-          (assign-auth-data-cookie session)))))
+          (assign-auth-token-cookie session)))))

 (defn delete-fn
  [{:keys [::manager]}]
@ -175,13 +171,12 @@
  (fn [request response]
    (let [cname   (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
          cookie  (yreq/get-cookie request cname)]
-      (l/trace :hint "delete" :profile-id (:profile-id request))
+      (l/trc :hint "delete" :profile-id (:profile-id request))
      (some->> (:value cookie) (delete! manager))
      (-> response
          (assoc :status 204)
          (assoc :body nil)
-          (clear-auth-token-cookie)
-          (clear-auth-data-cookie)))))
+          (clear-auth-token-cookie)))))

 (defn- gen-token
  [cfg {:keys [profile-id created-at]}]
@ -222,7 +217,7 @@
                  (-> (assoc ::token-claims claims)
                      (assoc ::token token))))
              (catch Throwable cause
-                (l/trace :hint "exception on decoding malformed token" :cause cause)
+                (l/trc :hint "exception on decoding malformed token" :cause cause)
                request)))]

    (fn [request]
@ -242,8 +237,7 @@
      (if (renew-session? session)
        (let [session (update! manager session)]
          (-> response
-              (assign-auth-token-cookie session)
-              (assign-auth-data-cookie session)))
+              (assign-auth-token-cookie session)))
        response))))

 (def soft-auth
@ -276,46 +270,11 @@
                    :secure secure?}]
    (update response :cookies assoc name cookie)))

-(defn- assign-auth-data-cookie
-  [response {profile-id :profile-id updated-at :updated-at}]
-  (let [max-age    (cf/get :auth-token-cookie-max-age default-cookie-max-age)
-        domain     (cf/get :auth-data-cookie-domain)
-        cname      default-auth-data-cookie-name
-
-        created-at updated-at
-        renewal    (ct/plus created-at default-renewal-max-age)
-        expires    (ct/plus created-at max-age)
-
-        comment    (str "Renewal at: " (ct/format-inst renewal :rfc1123))
-        secure?    (contains? cf/flags :secure-session-cookies)
-        strict?    (contains? cf/flags :strict-session-cookies)
-        cors?      (contains? cf/flags :cors)
-
-        cookie     {:domain domain
-                    :expires expires
-                    :path "/"
-                    :comment comment
-                    :value (u/map->query-string {:profile-id profile-id})
-                    :same-site (if cors? :none (if strict? :strict :lax))
-                    :secure secure?}]
-
-    (cond-> response
-      (string? domain)
-      (update :cookies assoc cname cookie))))
-
 (defn- clear-auth-token-cookie
  [response]
  (let [cname (cf/get :auth-token-cookie-name default-auth-token-cookie-name)]
    (update response :cookies assoc cname {:path "/" :value "" :max-age 0})))

-(defn- clear-auth-data-cookie
-  [response]
-  (let [cname  default-auth-data-cookie-name
-        domain (cf/get :auth-data-cookie-domain)]
-    (cond-> response
-      (string? domain)
-      (update :cookies assoc cname {:domain domain :path "/" :value "" :max-age 0}))))
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; TASK: SESSION GC
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -342,13 +301,13 @@
  (let [threshold (ct/minus (ct/now) max-age)
        result    (-> (db/exec-one! conn [sql:delete-expired threshold threshold])
                      (db/get-update-count))]
-    (l/debug :task "gc"
-             :hint "clean http sessions"
-             :deleted result)
+    (l/dbg :task "gc"
+           :hint "clean http sessions"
+           :deleted result)
    result))

 (defmethod ig/init-key ::tasks/gc
  [_ {:keys [::tasks/max-age] :as cfg}]
-  (l/debug :hint "initializing session gc task" :max-age max-age)
+  (l/dbg :hint "initializing session gc task" :max-age max-age)
  (fn [_]
    (db/tx-run! cfg collect-expired-tasks)))