Handle cookies in auth codepath

2026-03-22 09:27:49 -04:00 · 2026-03-21 23:47:04 +01:00 · 2026-03-21 23:47:04 +01:00 · e6f8a223df
commit e6f8a223df
parent 0c890e7d49
2 changed files with 14 additions and 4 deletions
--- a/auth/main.go
+++ b/auth/main.go
@ -171,14 +171,25 @@ func (h *Handler) TokenToJwt(next echo.HandlerFunc) echo.HandlerFunc {
 			jwt = &token
 		} else {
 			auth := c.Request().Header.Get("Authorization")
+			var token string

-			if auth == "" || !strings.HasPrefix(auth, "Bearer ") {
+			if auth == "" {
+				cookie, _ := c.Request().Cookie("X-Bearer")
+				if cookie != nil {
+					token = cookie.Value
+				}
+			} else if strings.HasPrefix(auth, "Bearer ") {
+				token = auth[len("Bearer "):]
+			} else if auth != "" {
+				return echo.NewHTTPError(http.StatusUnauthorized, "Invalid bearer format.")
+			}
+
+			if token == "" {
 				jwt = h.createGuestJwt()
 				if jwt == nil {
 					return echo.NewHTTPError(http.StatusUnauthorized, "Guests not allowed.")
 				}
 			} else {
-				token := auth[len("Bearer "):]
 				// this is only used to check if it is a session token or a jwt
 				_, err := base64.RawURLEncoding.DecodeString(token)
 				if err != nil {
--- a/front/src/providers/settings.ts
+++ b/front/src/providers/settings.ts
@ -3,7 +3,7 @@ import { createMMKV, useMMKVString } from "react-native-mmkv";
 import type { ZodType, z } from "zod/v4";
 import { getServerData } from "~/utils";

-export const storage = createMMKV();
+export const storage = createMMKV({ id: "kyoo-v5" });

 function toBase64(utf8: string) {
 	if (typeof window !== "undefined") return window.btoa(utf8);
@ -35,7 +35,6 @@ export const setCookie = (

 export const readCookie = <T extends ZodType>(key: string, parser: T) => {
 	const cookies = getServerData("cookies");
-	console.log("cookies", cookies);
 	const decodedCookie = decodeURIComponent(cookies);
 	const ca = decodedCookie.split(";");