- authentication is now handled securely through cookies

- removed unnecessary localstorage for auth

Author: Florin Mateescu

apps/express/src/auth/index.ts

@@ -7,7 +7,6 @@ import payload from 'payload';
 import cors from 'cors';
 import { createTransport } from 'nodemailer';
 import bodyParser from 'body-parser';
-import { register, registerPath, verifyAccount, verifyPath } from './auth';
 import { useInfrastructure } from './utils/use-infrastructure';
 import dotenv from 'dotenv';
 import path from 'path';
@@ -68,8 +67,7 @@ const start = async () => {
   /**
    * Extra custom routes
    */
-  app.post(registerPath, register);
-  app.post(verifyPath, verifyAccount);
+
   /**
    * End extra custom routes
    */

apps/express/src/auth/register.ts

@@ -88,38 +88,23 @@ const collection: CollectionConfig = {
     update: accessAdminOrMeOnly,
     delete: () => false,
     unlock: accessAdminOnly,
-    create: accessAdminOnly,
+    create: () => true,
   },
   fields: [
     {
       name: 'email',
       type: 'email',
       required: true,
-      access: {
-        read: () => true,
-        update: () => false,
-        create: fieldAccessAdminOnly,
-      },
     },
     {
       name: 'firstName',
       type: 'text',
       required: true,
-      access: {
-        read: () => true,
-        update: fieldAccessMeOnly,
-        create: fieldAccessAdminOrMeOnly,
-      },
     },
     {
       name: 'lastName',
       type: 'text',
       required: true,
-      access: {
-        read: () => true,
-        update: fieldAccessMeOnly,
-        create: fieldAccessAdminOrMeOnly,
-      },
     },
     {
       name: 'username',
@@ -131,31 +116,6 @@ const collection: CollectionConfig = {
         create: () => true,
       },
     },
-    {
-      name: 'verified',
-      type: 'checkbox',
-      defaultValue: false,
-      required: true,
-      admin: {
-        hidden: true,
-      },
-      access: {
-        read: () => true,
-        update: () => false,
-        create: () => false,
-      },
-    },
-    {
-      name: '_verified',
-      type: 'checkbox',
-      defaultValue: false,
-      required: true,
-      access: {
-        read: () => true,
-        update: () => false,
-        create: () => false,
-      },
-    },
     {
       name: 'roles',
       saveToJWT: true,

apps/express/src/main.ts

@@ -6,5 +6,5 @@
     "types": ["node"]
   },
   "exclude": ["jest.config.ts", "src/**/*.spec.ts", "src/**/*.test.ts"],
-  "include": ["src/**/*.ts"]
+  "include": ["src/**/*.ts", "src/**/*.tsx"]
 }

apps/express/src/payloadcms/collections/UsersCollection.ts

@@ -13,7 +13,7 @@ import { PLATFORM_ID, inject } from '@angular/core';
 
 export const httpErrorHandlingInterceptor: HttpInterceptorFn = (
   request: HttpRequest<unknown>,
-  next: HttpHandlerFn,
+  next: HttpHandlerFn
 ) => {
   const platformId = inject(PLATFORM_ID);
   const isBrowser: boolean = isPlatformBrowser(platformId);
@@ -25,11 +25,6 @@ export const httpErrorHandlingInterceptor: HttpInterceptorFn = (
       .pipe(
         catchError((response: HttpErrorResponse) => {
           let error = response.error;
-          // handle very strange behavior when token is expiring while
-          // redirecting from server dashboard to frontend domain
-          if (response.status === 0) {
-            return of();
-          }
 
           switch (response.status) {
             case 400: {
@@ -82,14 +77,14 @@ export const httpErrorHandlingInterceptor: HttpInterceptorFn = (
                       : ['Something went wrong.'],
                   },
                   url: response.url === null ? undefined : response.url,
-                }),
+                })
               );
             }
             default: {
               return throwError(() => error);
             }
           }
-        }),
+        })
       )
       .pipe(
         map((data: any) => {
@@ -105,7 +100,7 @@ export const httpErrorHandlingInterceptor: HttpInterceptorFn = (
           } else {
             return data;
           }
-        }),
+        })
       );
   }
 };

apps/express/tsconfig.app.json

@@ -14,10 +14,5 @@ export class ApiEndpointsService {
     return join([this.base, path], '/');
   }
 
-  public routes = {
-    auth: {
-      register: this.join('auth/register'),
-      verify: (token: string) => `${this.join('auth/verify')}/${token}`,
-    },
-  };
+  public routes = {};
 }

libs/angular/src/spa/config/interceptors/authorization.interceptor.ts

@@ -28,6 +28,8 @@ export class PayloadApiEndpointsService {
       logout: this.create(this.usersSlug, 'logout'),
       forgotPassword: this.create(this.usersSlug, 'forgot-password'),
       resetPassword: this.create(this.usersSlug, 'reset-password'),
+      register: this.create(this.usersSlug),
+      verify: (token: string) => this.create(this.usersSlug, `verify/${token}`),
       refresh: this.create(this.usersSlug, 'refresh-token'),
     },
     user: {