refactor: change cookie approach to broadcast cookies across all protocols based on the root domain, so they can be shared.

This commit is contained in:
Derrick Hammer 2024-03-21 14:54:17 -04:00
parent a289828c6f
commit 3e3f539a8b
Signed by: pcfreak30
GPG Key ID: C997C339BE476FF2
3 changed files with 17 additions and 37 deletions

View File

@ -8,6 +8,8 @@ import (
"strconv"
"time"
"git.lumeweb.com/LumeWeb/portal/config"
"github.com/samber/lo"
"go.sia.tech/jape"
@ -101,21 +103,14 @@ func JWTVerifyToken(token string, domain string, privateKey ed25519.PrivateKey,
return claim, err
}
func SetAuthCookie(jc jape.Context, jwt string, apiName string) {
if len(apiName) == 0 {
panic("apiName is required")
}
func SetAuthCookie(jc jape.Context, c *config.Manager, jwt string) {
for name, api := range apiRegistry.GetAllAPIs() {
for _, api := range apiRegistry.GetAllAPIs() {
routeableApi, ok := api.(router.RoutableAPI)
if !ok {
continue
}
if apiName != name {
continue
}
http.SetCookie(jc.ResponseWriter, &http.Cookie{
Name: routeableApi.AuthTokenName(),
Value: jwt,
@ -123,25 +118,18 @@ func SetAuthCookie(jc jape.Context, jwt string, apiName string) {
Secure: true,
HttpOnly: true,
Path: "/",
Domain: c.Config().Core.Domain,
})
}
}
func EchoAuthCookie(jc jape.Context, apiName string) {
if len(apiName) == 0 {
panic("apiName is required")
}
for name, api := range apiRegistry.GetAllAPIs() {
func EchoAuthCookie(jc jape.Context, config *config.Manager) {
for _, api := range apiRegistry.GetAllAPIs() {
routeableApi, ok := api.(router.RoutableAPI)
if !ok {
continue
}
if apiName != name {
continue
}
cookies := lo.Filter(jc.Request.Cookies(), func(item *http.Cookie, _ int) bool {
return item.Name == routeableApi.AuthTokenName()
})
@ -169,25 +157,18 @@ func EchoAuthCookie(jc jape.Context, apiName string) {
Secure: true,
HttpOnly: true,
Path: "/",
Domain: config.Config().Core.Domain,
})
}
}
func ClearAuthCookie(jc jape.Context, apiName string) {
if len(apiName) == 0 {
panic("apiName is required")
}
for name, api := range apiRegistry.GetAllAPIs() {
func ClearAuthCookie(jc jape.Context, config *config.Manager) {
for _, api := range apiRegistry.GetAllAPIs() {
routeableApi, ok := api.(router.RoutableAPI)
if !ok {
continue
}
if apiName != name {
continue
}
jc.ResponseWriter.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
jc.ResponseWriter.Header().Set("Pragma", "no-cache")
jc.ResponseWriter.Header().Set("Expires", "0")
@ -200,8 +181,7 @@ func ClearAuthCookie(jc jape.Context, apiName string) {
Secure: true,
HttpOnly: true,
Path: "/",
// Domain: "." + routeableApi.Domain(),
Domain: config.Config().Core.Domain,
})
}
}

View File

@ -120,7 +120,7 @@ func (a AccountAPI) login(jc jape.Context) {
return
}
account.SetAuthCookie(jc, jwt, a.Name())
account.SetAuthCookie(jc, a.config, jwt)
account.SendJWT(jc, jwt)
jc.Encode(&LoginResponse{
@ -215,7 +215,7 @@ func (a AccountAPI) otpValidate(jc jape.Context) {
return
}
account.SetAuthCookie(jc, jwt, "")
account.SetAuthCookie(jc, a.config, jwt)
account.SendJWT(jc, jwt)
jc.Encode(&LoginResponse{
@ -288,7 +288,7 @@ func (a AccountAPI) passwordResetConfirm(jc jape.Context) {
func (a AccountAPI) ping(jc jape.Context) {
token := middleware.GetAuthTokenFromContext(jc.Request.Context())
account.EchoAuthCookie(jc, a.Name())
account.EchoAuthCookie(jc, a.config)
jc.Encode(&PongResponse{
Ping: "pong",
Token: token,
@ -310,7 +310,7 @@ func (a AccountAPI) accountInfo(jc jape.Context) {
}
func (a AccountAPI) logout(c jape.Context) {
account.ClearAuthCookie(c, a.Name())
account.ClearAuthCookie(c, a.config)
}
func (a AccountAPI) uploadLimit(c jape.Context) {

View File

@ -660,7 +660,7 @@ func (s *S5API) accountRegister(jc jape.Context) {
return
}
account.SetAuthCookie(jc, jwt, s.Name())
account.SetAuthCookie(jc, s.config, jwt)
}
func (s *S5API) accountLoginChallenge(jc jape.Context) {
@ -762,7 +762,7 @@ func (s *S5API) accountLogin(jc jape.Context) {
return
}
account.SetAuthCookie(jc, jwt, s.Name())
account.SetAuthCookie(jc, s.config, jwt)
}
func (s *S5API) accountInfo(jc jape.Context) {