feat: forward cookies for anti-csrf measures (#133)

See ory/kratos#1458

Author: aeneasr

package-lock.json

@@ -22,7 +22,7 @@
   },
   "homepage": "https://github.com/ory/kratos-selfservice-ui-node#readme",
   "dependencies": {
-    "@ory/kratos-client": "^0.0.0-next.d19a7ce5765d",
+    "@ory/kratos-client": "^0.0.0-next.ffe42eb0cc58",
     "@types/axios": "^0.14.0",
     "@types/cookie-parser": "^1.4.2",
     "@types/express": "^4.17.7",

package.json

@@ -70,7 +70,7 @@ export default (req: Request, res: Response) => {
 
   const ai = authInfo(req as UserRequest)
 
-  kratos.createSelfServiceLogoutUrlForBrowsers(req.cookies['ory_kratos_session']).then(({data}) => {
+  kratos.createSelfServiceLogoutUrlForBrowsers(req.header('Cookie')).then(({data}) => {
     res.render('dashboard', {
       session: ai.claims.session,
       token: ai,

src/routes/dashboard.ts

@@ -42,7 +42,7 @@ export default (
     return;
   }
 
-  return kratos.getSelfServiceLoginFlow(flow)
+  return kratos.getSelfServiceLoginFlow(flow, req.header('cookie'))
     .then(({ status, data: flow, ...response }) => {
       if (status !== 200) {
         return Promise.reject(flow);

src/routes/login.ts

@@ -17,7 +17,7 @@ export default (req: Request, res: Response, next: NextFunction) => {
   }
 
   kratos
-    .getSelfServiceRecoveryFlow(flow)
+    .getSelfServiceRecoveryFlow(flow, req.header('Cookie'))
     .then(({ status, data: flow }) => {
       if (status !== 200) {
         return Promise.reject(flow);

src/routes/recovery.ts

@@ -44,7 +44,7 @@ export default (
     return;
   }
 
-  kratos.getSelfServiceRegistrationFlow(flow)
+  kratos.getSelfServiceRegistrationFlow(flow, req.header('Cookie'))
     .then(({ status, data: flow }) => {
       if (status !== 200) {
         return Promise.reject(flow);

src/routes/registration.ts

@@ -1,6 +1,6 @@
 import { NextFunction, Request, Response } from 'express';
 import config from '../config';
-import { AdminApi, Configuration, PublicApi } from '@ory/kratos-client';
+import { Configuration, PublicApi } from '@ory/kratos-client';
 import { isString, redirectOnSoftError } from '../helpers/sdk';
 
 // Variable config has keys:
@@ -18,8 +18,7 @@ import { isString, redirectOnSoftError } from '../helpers/sdk';
 //   public: 'https://ory-kratos-public.example-org.vpc',
 // },
 
-const kratosPublic = new PublicApi(new Configuration({ basePath: config.kratos.public }));
-const kratosAdmin = new AdminApi(new Configuration({ basePath: config.kratos.admin }));
+const kratos = new PublicApi(new Configuration({ basePath: config.kratos.public }));
 
 const settingsHandler = (req: Request, res: Response, next: NextFunction) => {
   const flow = req.query.flow;
@@ -31,9 +30,11 @@ const settingsHandler = (req: Request, res: Response, next: NextFunction) => {
     return;
   }
 
-  kratosPublic.createSelfServiceLogoutUrlForBrowsers(req.cookies['ory_kratos_session']).then(({ data }) => {
-    kratosAdmin
-      .getSelfServiceSettingsFlow(flow)
+  console.log(req.header('cookie'));
+
+  kratos.createSelfServiceLogoutUrlForBrowsers(req.header('Cookie')).then(({ data }) => {
+    kratos
+      .getSelfServiceSettingsFlow(flow, undefined, req.header('Cookie'))
       .then(({ status, data: flow }) => {
         if (status !== 200) {
           return Promise.reject(flow);

src/routes/settings.ts

@@ -17,7 +17,7 @@ export default (req: Request, res: Response, next: NextFunction) => {
   }
 
   kratos
-    .getSelfServiceVerificationFlow(flow)
+    .getSelfServiceVerificationFlow(flow,req.header('Cookie'))
     .then(({ status, data: flow }) => {
      if (status != 200) {
         return Promise.reject(flow);