diff --git a/account/jwt.go b/account/jwt.go index a2e7c22..b92d0e2 100644 --- a/account/jwt.go +++ b/account/jwt.go @@ -8,6 +8,8 @@ import ( "strconv" "time" + "git.lumeweb.com/LumeWeb/portal/config" + "github.com/samber/lo" "go.sia.tech/jape" @@ -101,21 +103,14 @@ func JWTVerifyToken(token string, domain string, privateKey ed25519.PrivateKey, return claim, err } -func SetAuthCookie(jc jape.Context, jwt string, apiName string) { - if len(apiName) == 0 { - panic("apiName is required") - } +func SetAuthCookie(jc jape.Context, c *config.Manager, jwt string) { - for name, api := range apiRegistry.GetAllAPIs() { + for _, api := range apiRegistry.GetAllAPIs() { routeableApi, ok := api.(router.RoutableAPI) if !ok { continue } - if apiName != name { - continue - } - http.SetCookie(jc.ResponseWriter, &http.Cookie{ Name: routeableApi.AuthTokenName(), Value: jwt, @@ -123,25 +118,18 @@ func SetAuthCookie(jc jape.Context, jwt string, apiName string) { Secure: true, HttpOnly: true, Path: "/", + Domain: c.Config().Core.Domain, }) } } -func EchoAuthCookie(jc jape.Context, apiName string) { - if len(apiName) == 0 { - panic("apiName is required") - } - - for name, api := range apiRegistry.GetAllAPIs() { +func EchoAuthCookie(jc jape.Context, config *config.Manager) { + for _, api := range apiRegistry.GetAllAPIs() { routeableApi, ok := api.(router.RoutableAPI) if !ok { continue } - if apiName != name { - continue - } - cookies := lo.Filter(jc.Request.Cookies(), func(item *http.Cookie, _ int) bool { return item.Name == routeableApi.AuthTokenName() }) @@ -169,25 +157,18 @@ func EchoAuthCookie(jc jape.Context, apiName string) { Secure: true, HttpOnly: true, Path: "/", + Domain: config.Config().Core.Domain, }) } } -func ClearAuthCookie(jc jape.Context, apiName string) { - if len(apiName) == 0 { - panic("apiName is required") - } - - for name, api := range apiRegistry.GetAllAPIs() { +func ClearAuthCookie(jc jape.Context, config *config.Manager) { + for _, api := range apiRegistry.GetAllAPIs() { routeableApi, ok := api.(router.RoutableAPI) if !ok { continue } - if apiName != name { - continue - } - jc.ResponseWriter.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") jc.ResponseWriter.Header().Set("Pragma", "no-cache") jc.ResponseWriter.Header().Set("Expires", "0") @@ -200,8 +181,7 @@ func ClearAuthCookie(jc jape.Context, apiName string) { Secure: true, HttpOnly: true, Path: "/", - // Domain: "." + routeableApi.Domain(), + Domain: config.Config().Core.Domain, }) - } } diff --git a/api/account/account.go b/api/account/account.go index edca173..dbc7cec 100644 --- a/api/account/account.go +++ b/api/account/account.go @@ -120,7 +120,7 @@ func (a AccountAPI) login(jc jape.Context) { return } - account.SetAuthCookie(jc, jwt, a.Name()) + account.SetAuthCookie(jc, a.config, jwt) account.SendJWT(jc, jwt) jc.Encode(&LoginResponse{ @@ -215,7 +215,7 @@ func (a AccountAPI) otpValidate(jc jape.Context) { return } - account.SetAuthCookie(jc, jwt, "") + account.SetAuthCookie(jc, a.config, jwt) account.SendJWT(jc, jwt) jc.Encode(&LoginResponse{ @@ -288,7 +288,7 @@ func (a AccountAPI) passwordResetConfirm(jc jape.Context) { func (a AccountAPI) ping(jc jape.Context) { token := middleware.GetAuthTokenFromContext(jc.Request.Context()) - account.EchoAuthCookie(jc, a.Name()) + account.EchoAuthCookie(jc, a.config) jc.Encode(&PongResponse{ Ping: "pong", Token: token, @@ -310,7 +310,7 @@ func (a AccountAPI) accountInfo(jc jape.Context) { } func (a AccountAPI) logout(c jape.Context) { - account.ClearAuthCookie(c, a.Name()) + account.ClearAuthCookie(c, a.config) } func (a AccountAPI) uploadLimit(c jape.Context) { diff --git a/api/s5/s5.go b/api/s5/s5.go index f73a931..f4896da 100644 --- a/api/s5/s5.go +++ b/api/s5/s5.go @@ -660,7 +660,7 @@ func (s *S5API) accountRegister(jc jape.Context) { return } - account.SetAuthCookie(jc, jwt, s.Name()) + account.SetAuthCookie(jc, s.config, jwt) } func (s *S5API) accountLoginChallenge(jc jape.Context) { @@ -762,7 +762,7 @@ func (s *S5API) accountLogin(jc jape.Context) { return } - account.SetAuthCookie(jc, jwt, s.Name()) + account.SetAuthCookie(jc, s.config, jwt) } func (s *S5API) accountInfo(jc jape.Context) {