51 lines
1.4 KiB
Markdown
51 lines
1.4 KiB
Markdown
# @teres/auth-gateway
|
|
|
|
Minimal Node session service to share auth token via Cookie or API.
|
|
|
|
## Run
|
|
|
|
```sh
|
|
pnpm -F @teres/auth-gateway dev
|
|
```
|
|
|
|
Default port: `7000`. Configure via env:
|
|
|
|
- `PORT=7000`
|
|
- `ALLOWED_ORIGINS=http://localhost:5173,http://localhost:6006`
|
|
- `COOKIE_NAME=sid`
|
|
- `COOKIE_DOMAIN=` (optional)
|
|
- `COOKIE_SECURE=false` (set `true` in HTTPS)
|
|
- `COOKIE_SAMESITE=lax` (`lax|strict|none`)
|
|
- `EXPOSE_TOKEN=true` (set `false` to hide token in GET response)
|
|
|
|
## Endpoints
|
|
|
|
- `GET /health` → `{ ok: true }`
|
|
- `POST /auth/session` → set token; accepts JSON `{ token }` or `Authorization: Bearer <token>`
|
|
- `GET /auth/session` → read session; returns `{ exists, updatedAt, token? }`
|
|
- `DELETE /auth/session` → clear session and cookie
|
|
|
|
## Frontend usage
|
|
|
|
After login in host app:
|
|
|
|
```ts
|
|
await fetch("http://localhost:7000/auth/session", {
|
|
method: "POST",
|
|
headers: { "Content-Type": "application/json" },
|
|
body: JSON.stringify({ token }),
|
|
credentials: "include",
|
|
});
|
|
```
|
|
|
|
In iframe app (ragflow) to read the token (if `EXPOSE_TOKEN=true`):
|
|
|
|
```ts
|
|
const res = await fetch("http://localhost:7000/auth/session", {
|
|
credentials: "include",
|
|
});
|
|
const data = await res.json();
|
|
const token = data.token; // may be undefined if EXPOSE_TOKEN=false
|
|
```
|
|
|
|
Alternatively, keep `EXPOSE_TOKEN=false` and use a backend that reads the cookie server-side. Or pass the token via your `iframe-bridge`/Penpal channel. |