security updates

Riolku · Riolku · commit ecd91a690827 · 2021-09-17T11:33:20.000-04:00
diff --git a/backend/cryptbox.ini b/backend/cryptbox.ini
@@ -0,0 +1,12 @@
+# uwsgi configuration file
+
+[uwsgi]
+socket = /tmp/cryptbox.sock
+chown-socket = keenan:www-data
+chmod-socket = 660
+vacuum = true
+
+uid = keenan
+chdir = /home/keenan/workspace/cryptbox/backend
+module = main:app
+master = true
diff --git a/backend/cryptbox/jwtutils/jwtutils.py b/backend/cryptbox/jwtutils/jwtutils.py
@@ -9,4 +9,4 @@ def verify_jwt(tkn, key):
     raise InvalidJWT()
 
 def make_jwt(payload, key):
-  return jwt.encode(payload, key, algorithm = "HS256").decode("utf-8")
+  return jwt.encode(payload, key, algorithm = "HS256")
diff --git a/backend/main.py b/backend/main.py
@@ -30,7 +30,7 @@ def check_login():
 
 @app.after_request
 def add_cookie(response):
-  if g.user:
+  if g.user and g.token:
     response.set_cookie("token", g.token, samesite = "None", secure = True)
   return response
 
@@ -52,7 +52,7 @@ def catch_404(e):
   print(e)
   return {"status": "error", "code": 404}
 
-@app.errorhandler(Exception)
+#@app.errorhandler(Exception)
 def catch_error(e):
   print(e)
   return {"status": "error", "code": 500, "details": str(e)}
diff --git a/frontend/package-lock.json b/frontend/package-lock.json
