refactor: change cookie approach to broadcast cookies across all protocols based on the root domain, so they can be shared.
This commit is contained in:
parent
a289828c6f
commit
3e3f539a8b
|
@ -8,6 +8,8 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"git.lumeweb.com/LumeWeb/portal/config"
|
||||||
|
|
||||||
"github.com/samber/lo"
|
"github.com/samber/lo"
|
||||||
|
|
||||||
"go.sia.tech/jape"
|
"go.sia.tech/jape"
|
||||||
|
@ -101,21 +103,14 @@ func JWTVerifyToken(token string, domain string, privateKey ed25519.PrivateKey,
|
||||||
return claim, err
|
return claim, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func SetAuthCookie(jc jape.Context, jwt string, apiName string) {
|
func SetAuthCookie(jc jape.Context, c *config.Manager, jwt string) {
|
||||||
if len(apiName) == 0 {
|
|
||||||
panic("apiName is required")
|
|
||||||
}
|
|
||||||
|
|
||||||
for name, api := range apiRegistry.GetAllAPIs() {
|
for _, api := range apiRegistry.GetAllAPIs() {
|
||||||
routeableApi, ok := api.(router.RoutableAPI)
|
routeableApi, ok := api.(router.RoutableAPI)
|
||||||
if !ok {
|
if !ok {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if apiName != name {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
http.SetCookie(jc.ResponseWriter, &http.Cookie{
|
http.SetCookie(jc.ResponseWriter, &http.Cookie{
|
||||||
Name: routeableApi.AuthTokenName(),
|
Name: routeableApi.AuthTokenName(),
|
||||||
Value: jwt,
|
Value: jwt,
|
||||||
|
@ -123,25 +118,18 @@ func SetAuthCookie(jc jape.Context, jwt string, apiName string) {
|
||||||
Secure: true,
|
Secure: true,
|
||||||
HttpOnly: true,
|
HttpOnly: true,
|
||||||
Path: "/",
|
Path: "/",
|
||||||
|
Domain: c.Config().Core.Domain,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func EchoAuthCookie(jc jape.Context, apiName string) {
|
func EchoAuthCookie(jc jape.Context, config *config.Manager) {
|
||||||
if len(apiName) == 0 {
|
for _, api := range apiRegistry.GetAllAPIs() {
|
||||||
panic("apiName is required")
|
|
||||||
}
|
|
||||||
|
|
||||||
for name, api := range apiRegistry.GetAllAPIs() {
|
|
||||||
routeableApi, ok := api.(router.RoutableAPI)
|
routeableApi, ok := api.(router.RoutableAPI)
|
||||||
if !ok {
|
if !ok {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if apiName != name {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
cookies := lo.Filter(jc.Request.Cookies(), func(item *http.Cookie, _ int) bool {
|
cookies := lo.Filter(jc.Request.Cookies(), func(item *http.Cookie, _ int) bool {
|
||||||
return item.Name == routeableApi.AuthTokenName()
|
return item.Name == routeableApi.AuthTokenName()
|
||||||
})
|
})
|
||||||
|
@ -169,25 +157,18 @@ func EchoAuthCookie(jc jape.Context, apiName string) {
|
||||||
Secure: true,
|
Secure: true,
|
||||||
HttpOnly: true,
|
HttpOnly: true,
|
||||||
Path: "/",
|
Path: "/",
|
||||||
|
Domain: config.Config().Core.Domain,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func ClearAuthCookie(jc jape.Context, apiName string) {
|
func ClearAuthCookie(jc jape.Context, config *config.Manager) {
|
||||||
if len(apiName) == 0 {
|
for _, api := range apiRegistry.GetAllAPIs() {
|
||||||
panic("apiName is required")
|
|
||||||
}
|
|
||||||
|
|
||||||
for name, api := range apiRegistry.GetAllAPIs() {
|
|
||||||
routeableApi, ok := api.(router.RoutableAPI)
|
routeableApi, ok := api.(router.RoutableAPI)
|
||||||
if !ok {
|
if !ok {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if apiName != name {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
jc.ResponseWriter.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
|
jc.ResponseWriter.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
|
||||||
jc.ResponseWriter.Header().Set("Pragma", "no-cache")
|
jc.ResponseWriter.Header().Set("Pragma", "no-cache")
|
||||||
jc.ResponseWriter.Header().Set("Expires", "0")
|
jc.ResponseWriter.Header().Set("Expires", "0")
|
||||||
|
@ -200,8 +181,7 @@ func ClearAuthCookie(jc jape.Context, apiName string) {
|
||||||
Secure: true,
|
Secure: true,
|
||||||
HttpOnly: true,
|
HttpOnly: true,
|
||||||
Path: "/",
|
Path: "/",
|
||||||
// Domain: "." + routeableApi.Domain(),
|
Domain: config.Config().Core.Domain,
|
||||||
})
|
})
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -120,7 +120,7 @@ func (a AccountAPI) login(jc jape.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
account.SetAuthCookie(jc, jwt, a.Name())
|
account.SetAuthCookie(jc, a.config, jwt)
|
||||||
account.SendJWT(jc, jwt)
|
account.SendJWT(jc, jwt)
|
||||||
|
|
||||||
jc.Encode(&LoginResponse{
|
jc.Encode(&LoginResponse{
|
||||||
|
@ -215,7 +215,7 @@ func (a AccountAPI) otpValidate(jc jape.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
account.SetAuthCookie(jc, jwt, "")
|
account.SetAuthCookie(jc, a.config, jwt)
|
||||||
account.SendJWT(jc, jwt)
|
account.SendJWT(jc, jwt)
|
||||||
|
|
||||||
jc.Encode(&LoginResponse{
|
jc.Encode(&LoginResponse{
|
||||||
|
@ -288,7 +288,7 @@ func (a AccountAPI) passwordResetConfirm(jc jape.Context) {
|
||||||
|
|
||||||
func (a AccountAPI) ping(jc jape.Context) {
|
func (a AccountAPI) ping(jc jape.Context) {
|
||||||
token := middleware.GetAuthTokenFromContext(jc.Request.Context())
|
token := middleware.GetAuthTokenFromContext(jc.Request.Context())
|
||||||
account.EchoAuthCookie(jc, a.Name())
|
account.EchoAuthCookie(jc, a.config)
|
||||||
jc.Encode(&PongResponse{
|
jc.Encode(&PongResponse{
|
||||||
Ping: "pong",
|
Ping: "pong",
|
||||||
Token: token,
|
Token: token,
|
||||||
|
@ -310,7 +310,7 @@ func (a AccountAPI) accountInfo(jc jape.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a AccountAPI) logout(c jape.Context) {
|
func (a AccountAPI) logout(c jape.Context) {
|
||||||
account.ClearAuthCookie(c, a.Name())
|
account.ClearAuthCookie(c, a.config)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a AccountAPI) uploadLimit(c jape.Context) {
|
func (a AccountAPI) uploadLimit(c jape.Context) {
|
||||||
|
|
|
@ -660,7 +660,7 @@ func (s *S5API) accountRegister(jc jape.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
account.SetAuthCookie(jc, jwt, s.Name())
|
account.SetAuthCookie(jc, s.config, jwt)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *S5API) accountLoginChallenge(jc jape.Context) {
|
func (s *S5API) accountLoginChallenge(jc jape.Context) {
|
||||||
|
@ -762,7 +762,7 @@ func (s *S5API) accountLogin(jc jape.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
account.SetAuthCookie(jc, jwt, s.Name())
|
account.SetAuthCookie(jc, s.config, jwt)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *S5API) accountInfo(jc jape.Context) {
|
func (s *S5API) accountInfo(jc jape.Context) {
|
||||||
|
|
Loading…
Reference in New Issue