LumeWeb
/
portal
1
0
Fork 0
Code Issues 5 Pull Requests Packages Projects Releases Wiki Activity

refactor: change cookie approach to broadcast cookies across all protocols based on the root domain, so they can be shared.

This commit is contained in:
Derrick Hammer 2024-03-21 14:54:17 -04:00
parent a289828c6f
commit 3e3f539a8b
Signed by: pcfreak30
GPG Key ID: C997C339BE476FF2
3 changed files with 17 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
account/jwt.go
View File

@ -8,6 +8,8 @@ import (
"strconv" "strconv"
"time" "time"
"git.lumeweb.com/LumeWeb/portal/config"
"github.com/samber/lo" "github.com/samber/lo"
"go.sia.tech/jape" "go.sia.tech/jape"
@ -101,21 +103,14 @@ func JWTVerifyToken(token string, domain string, privateKey ed25519.PrivateKey,
return claim, err return claim, err
} }
func SetAuthCookie(jc jape.Context, jwt string, apiName string) { func SetAuthCookie(jc jape.Context, c *config.Manager, jwt string) {
if len(apiName) == 0 {
panic("apiName is required")
}
for name, api := range apiRegistry.GetAllAPIs() { for _, api := range apiRegistry.GetAllAPIs() {
routeableApi, ok := api.(router.RoutableAPI) routeableApi, ok := api.(router.RoutableAPI)
if !ok { if !ok {
continue continue
} }
if apiName != name {
continue
}
http.SetCookie(jc.ResponseWriter, &http.Cookie{ http.SetCookie(jc.ResponseWriter, &http.Cookie{
Name: routeableApi.AuthTokenName(), Name: routeableApi.AuthTokenName(),
Value: jwt, Value: jwt,
@ -123,25 +118,18 @@ func SetAuthCookie(jc jape.Context, jwt string, apiName string) {
Secure: true, Secure: true,
HttpOnly: true, HttpOnly: true,
Path: "/", Path: "/",
Domain: c.Config().Core.Domain,
}) })
} }
} }
func EchoAuthCookie(jc jape.Context, apiName string) { func EchoAuthCookie(jc jape.Context, config *config.Manager) {
if len(apiName) == 0 { for _, api := range apiRegistry.GetAllAPIs() {
panic("apiName is required")
}
for name, api := range apiRegistry.GetAllAPIs() {
routeableApi, ok := api.(router.RoutableAPI) routeableApi, ok := api.(router.RoutableAPI)
if !ok { if !ok {
continue continue
} }
if apiName != name {
continue
}
cookies := lo.Filter(jc.Request.Cookies(), func(item *http.Cookie, _ int) bool { cookies := lo.Filter(jc.Request.Cookies(), func(item *http.Cookie, _ int) bool {
return item.Name == routeableApi.AuthTokenName() return item.Name == routeableApi.AuthTokenName()
}) })
@ -169,25 +157,18 @@ func EchoAuthCookie(jc jape.Context, apiName string) {
Secure: true, Secure: true,
HttpOnly: true, HttpOnly: true,
Path: "/", Path: "/",
Domain: config.Config().Core.Domain,
}) })
} }
} }
func ClearAuthCookie(jc jape.Context, apiName string) { func ClearAuthCookie(jc jape.Context, config *config.Manager) {
if len(apiName) == 0 { for _, api := range apiRegistry.GetAllAPIs() {
panic("apiName is required")
}
for name, api := range apiRegistry.GetAllAPIs() {
routeableApi, ok := api.(router.RoutableAPI) routeableApi, ok := api.(router.RoutableAPI)
if !ok { if !ok {
continue continue
} }
if apiName != name {
continue
}
jc.ResponseWriter.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") jc.ResponseWriter.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
jc.ResponseWriter.Header().Set("Pragma", "no-cache") jc.ResponseWriter.Header().Set("Pragma", "no-cache")
jc.ResponseWriter.Header().Set("Expires", "0") jc.ResponseWriter.Header().Set("Expires", "0")
@ -200,8 +181,7 @@ func ClearAuthCookie(jc jape.Context, apiName string) {
Secure: true, Secure: true,
HttpOnly: true, HttpOnly: true,
Path: "/", Path: "/",
// Domain: "." + routeableApi.Domain(), Domain: config.Config().Core.Domain,
}) })
} }
} }

8
api/account/account.go
View File

@ -120,7 +120,7 @@ func (a AccountAPI) login(jc jape.Context) {
return return
} }
account.SetAuthCookie(jc, jwt, a.Name()) account.SetAuthCookie(jc, a.config, jwt)
account.SendJWT(jc, jwt) account.SendJWT(jc, jwt)
jc.Encode(&LoginResponse{ jc.Encode(&LoginResponse{
@ -215,7 +215,7 @@ func (a AccountAPI) otpValidate(jc jape.Context) {
return return
} }
account.SetAuthCookie(jc, jwt, "") account.SetAuthCookie(jc, a.config, jwt)
account.SendJWT(jc, jwt) account.SendJWT(jc, jwt)
jc.Encode(&LoginResponse{ jc.Encode(&LoginResponse{
@ -288,7 +288,7 @@ func (a AccountAPI) passwordResetConfirm(jc jape.Context) {
func (a AccountAPI) ping(jc jape.Context) { func (a AccountAPI) ping(jc jape.Context) {
token := middleware.GetAuthTokenFromContext(jc.Request.Context()) token := middleware.GetAuthTokenFromContext(jc.Request.Context())
account.EchoAuthCookie(jc, a.Name()) account.EchoAuthCookie(jc, a.config)
jc.Encode(&PongResponse{ jc.Encode(&PongResponse{
Ping: "pong", Ping: "pong",
Token: token, Token: token,
@ -310,7 +310,7 @@ func (a AccountAPI) accountInfo(jc jape.Context) {
} }
func (a AccountAPI) logout(c jape.Context) { func (a AccountAPI) logout(c jape.Context) {
account.ClearAuthCookie(c, a.Name()) account.ClearAuthCookie(c, a.config)
} }
func (a AccountAPI) uploadLimit(c jape.Context) { func (a AccountAPI) uploadLimit(c jape.Context) {

4
api/s5/s5.go
View File

@ -660,7 +660,7 @@ func (s *S5API) accountRegister(jc jape.Context) {
return return
} }
account.SetAuthCookie(jc, jwt, s.Name()) account.SetAuthCookie(jc, s.config, jwt)
} }
func (s *S5API) accountLoginChallenge(jc jape.Context) { func (s *S5API) accountLoginChallenge(jc jape.Context) {
@ -762,7 +762,7 @@ func (s *S5API) accountLogin(jc jape.Context) {
return return
} }
account.SetAuthCookie(jc, jwt, s.Name()) account.SetAuthCookie(jc, s.config, jwt)
} }
func (s *S5API) accountInfo(jc jape.Context) { func (s *S5API) accountInfo(jc jape.Context) {