Closed jum-s closed 6 years ago
should be good to go
Sorry, I was sick last week.
After deploying this branch to staging
, a private browser window is immediately presented with a connect.sid
cookie for the whole .allmende.io
domain before attemping to call /auth
. Also the server log contains a warning:
2017-11-11T00:53:43.444683132Z app[web.1]: -----
2017-11-11T00:53:45.551343979Z app[web.1]: Warning: connect.session() MemoryStore is not
2017-11-11T00:53:45.551373090Z app[web.1]: designed for a production environment, as it will leak
2017-11-11T00:53:45.551376178Z app[web.1]: memory, and will not scale past a single process.
The use of a cookie name of cookie.sid
and a domain scope of allmende.io
for it breaks again the login at https://hack.allmende.io due to a name and scope collision.
I dont think refusing this PR the best, nothing is wrong here, the branch works.. not perfectly but it does. To answer your questions:
7327bb3
, are you talking about the cookie path ? that should be for /data
?
This PR integrates the last features required by 416 user api and 425 oauth It opens endpoint with valid authentication process. As a third party user, i can now access my own information through
/user
endpoint which fetch user store. It also improve several api service:/users/:id
,/secretPage
)