Skip to content

Fix/auth service logout function naming #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SatanLittleHelper merged 2 commits into from
Sep 22, 2025
Merged

Fix/auth service logout function naming #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ac2f82e
fix/auth-service-logout-function-naming: integrate HttpOnly cookies a…
SatanLittleHelper Sep 19, 2025
a12652c
ix/auth-service-logout-function-naming: implement RxJS-based authoriz…
SatanLittleHelper Sep 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions .cursor/rules/project-structure.mdc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -390,6 +390,7 @@ app → pages → widgets → features → entities → shared
- **Standalone Components** - No NgModules
- **Zoneless Change Detection** - Experimental Angular feature
- **Signals** - Primary state management
- **HttpOnly Cookies** - Secure token storage with Fetch API

### Styling
- **SCSS** with modular architecture
Expand All @@ -403,6 +404,12 @@ app → pages → widgets → features → entities → shared
- **Prettier** + **Stylelint** for code formatting
- **Husky** + **lint-staged** for pre-commit hooks

### Security & Authentication
- **HttpOnly Cookies** - Secure token storage preventing XSS attacks
- **Fetch API** - Modern HTTP client with better cookie support
- **CORS Credentials** - Automatic inclusion of cookies in requests
- **Token Refresh** - Automatic token renewal via HttpOnly cookies

## Component Structure Pattern

Every component follows this structure:
Expand Down Expand Up @@ -450,6 +457,46 @@ import { SomeService } from '@/shared/services/some';
import { SomeComponent } from '@/pages/some-page';
```

## HTTP Client Configuration

### HttpOnly Cookies & Fetch API

The application uses HttpOnly cookies for secure token storage with Fetch API for optimal compatibility:

```typescript
// app.config.ts
provideHttpClient(
withInterceptors([credentialsInterceptor, authInterceptor]),
withFetch() // Critical for HttpOnly cookies support
)
```

#### Why withFetch() is Required:

1. **HttpOnly Cookie Support**: Fetch API has better support for HttpOnly cookies than XMLHttpRequest
2. **CORS Credentials**: Automatic handling of `credentials: 'include'` for cross-origin requests
3. **Modern Standard**: Fetch API is the modern standard for HTTP requests
4. **Security**: Better integration with secure cookie policies

#### Credentials Interceptor:

```typescript
// credentials.interceptor.ts
export const credentialsInterceptor: HttpInterceptorFn = (req, next) => {
const modifiedReq = req.clone({
withCredentials: true, // Automatically includes HttpOnly cookies
});
return next(modifiedReq);
};
```

#### Key Benefits:

- **XSS Protection**: Tokens stored in HttpOnly cookies are inaccessible to JavaScript
- **Automatic Inclusion**: Cookies automatically sent with every request
- **Server-Side Control**: Token lifecycle managed entirely by the server
- **No Client Storage**: No need for localStorage or sessionStorage for tokens

## Routing Standards

### Route Naming Convention
Expand Down
Loading