From 75c1a00a0915f49fa6b5a5d40b72b53e7dbecfd8 Mon Sep 17 00:00:00 2001
From: Mike Crute <mike@crute.us>
Date: Tue, 16 Nov 2021 22:18:39 -0800
Subject: Allow JS access to auth token for display

---
 app/middleware/auth.go | 1 -
 templates/index.tpl    | 8 ++++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/app/middleware/auth.go b/app/middleware/auth.go
index 0a20a9e..b8bf7f9 100644
--- a/app/middleware/auth.go
+++ b/app/middleware/auth.go
@@ -217,7 +217,6 @@ func (m *AuthenticationMiddleware) HandleCompleteLogin(c echo.Context) error {
 		Path:     "/",
 		MaxAge:   int(m.CookieDuration.Seconds()),
 		Secure:   true,
-		HttpOnly: true,
 		SameSite: http.SameSiteStrictMode,
 	})
 
diff --git a/templates/index.tpl b/templates/index.tpl
index cbc7a72..2a5e853 100644
--- a/templates/index.tpl
+++ b/templates/index.tpl
@@ -174,9 +174,13 @@
                 return document.cookie.match(new RegExp(name + "=\"?([^;\"]*)\"?;?"))[1];
             }
 
+            function parseJWTExpires(token) {
+                return new Date(JSON.parse(atob(token.split(".")[1]))["exp"] * 1000);
+            }
+
             function populateAPIKey() {
-                document.querySelector("#api-key textarea").innerText = getCookie("session");
-                document.querySelector("#session-expires").innerText = getCookie("session-expires");
+                document.querySelector("#api-key textarea").innerText = "Bearer " + getCookie("github-token");
+                document.querySelector("#session-expires").innerText = parseJWTExpires(getCookie("github-token"));
             }
 
             window.addEventListener('load', populateAPIKey);
-- 
cgit v1.2.3