refactor: change cookie approach to broadcast cookies across all protocols based on the root domain, so they can be shared.
This commit is contained in:
parent
a289828c6f
commit
3e3f539a8b
GPG Key ID:
C997C339BE476FF2
|
|
@ -8,6 +8,8 @@ import (
|
|||
"strconv"
|
||||
"time"
|
||||
|
||||
"git.lumeweb.com/LumeWeb/portal/config"
|
||||
|
||||
"github.com/samber/lo"
|
||||
|
||||
"go.sia.tech/jape"
|
||||
|
|
@ -101,21 +103,14 @@ func JWTVerifyToken(token string, domain string, privateKey ed25519.PrivateKey,
|
|||
return claim, err
|
||||
}
|
||||
|
||||
func SetAuthCookie(jc jape.Context, jwt string, apiName string) {
|
||||
if len(apiName) == 0 {
|
||||
panic("apiName is required")
|
||||
}
|
||||
func SetAuthCookie(jc jape.Context, c *config.Manager, jwt string) {
|
||||
|
||||
for name, api := range apiRegistry.GetAllAPIs() {
|
||||
for _, api := range apiRegistry.GetAllAPIs() {
|
||||
routeableApi, ok := api.(router.RoutableAPI)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
|
||||
if apiName != name {
|
||||
continue
|
||||
}
|
||||
|
||||
http.SetCookie(jc.ResponseWriter, &http.Cookie{
|
||||
Name: routeableApi.AuthTokenName(),
|
||||
Value: jwt,
|
||||
|
|
@ -123,25 +118,18 @@ func SetAuthCookie(jc jape.Context, jwt string, apiName string) {
|
|||
Secure: true,
|
||||
HttpOnly: true,
|
||||
Path: "/",
|
||||
Domain: c.Config().Core.Domain,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func EchoAuthCookie(jc jape.Context, apiName string) {
|
||||
if len(apiName) == 0 {
|
||||
panic("apiName is required")
|
||||
}
|
||||
|
||||
for name, api := range apiRegistry.GetAllAPIs() {
|
||||
func EchoAuthCookie(jc jape.Context, config *config.Manager) {
|
||||
for _, api := range apiRegistry.GetAllAPIs() {
|
||||
routeableApi, ok := api.(router.RoutableAPI)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
|
||||
if apiName != name {
|
||||
continue
|
||||
}
|
||||
|
||||
cookies := lo.Filter(jc.Request.Cookies(), func(item *http.Cookie, _ int) bool {
|
||||
return item.Name == routeableApi.AuthTokenName()
|
||||
})
|
||||
|
|
@ -169,25 +157,18 @@ func EchoAuthCookie(jc jape.Context, apiName string) {
|
|||
Secure: true,
|
||||
HttpOnly: true,
|
||||
Path: "/",
|
||||
Domain: config.Config().Core.Domain,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func ClearAuthCookie(jc jape.Context, apiName string) {
|
||||
if len(apiName) == 0 {
|
||||
panic("apiName is required")
|
||||
}
|
||||
|
||||
for name, api := range apiRegistry.GetAllAPIs() {
|
||||
func ClearAuthCookie(jc jape.Context, config *config.Manager) {
|
||||
for _, api := range apiRegistry.GetAllAPIs() {
|
||||
routeableApi, ok := api.(router.RoutableAPI)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
|
||||
if apiName != name {
|
||||
continue
|
||||
}
|
||||
|
||||
jc.ResponseWriter.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
|
||||
jc.ResponseWriter.Header().Set("Pragma", "no-cache")
|
||||
jc.ResponseWriter.Header().Set("Expires", "0")
|
||||
|
|
@ -200,8 +181,7 @@ func ClearAuthCookie(jc jape.Context, apiName string) {
|
|||
Secure: true,
|
||||
HttpOnly: true,
|
||||
Path: "/",
|
||||
// Domain: "." + routeableApi.Domain(),
|
||||
Domain: config.Config().Core.Domain,
|
||||
})
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -120,7 +120,7 @@ func (a AccountAPI) login(jc jape.Context) {
|
|||
return
|
||||
}
|
||||
|
||||
account.SetAuthCookie(jc, jwt, a.Name())
|
||||
account.SetAuthCookie(jc, a.config, jwt)
|
||||
account.SendJWT(jc, jwt)
|
||||
|
||||
jc.Encode(&LoginResponse{
|
||||
|
|
@ -215,7 +215,7 @@ func (a AccountAPI) otpValidate(jc jape.Context) {
|
|||
return
|
||||
}
|
||||
|
||||
account.SetAuthCookie(jc, jwt, "")
|
||||
account.SetAuthCookie(jc, a.config, jwt)
|
||||
account.SendJWT(jc, jwt)
|
||||
|
||||
jc.Encode(&LoginResponse{
|
||||
|
|
@ -288,7 +288,7 @@ func (a AccountAPI) passwordResetConfirm(jc jape.Context) {
|
|||
|
||||
func (a AccountAPI) ping(jc jape.Context) {
|
||||
token := middleware.GetAuthTokenFromContext(jc.Request.Context())
|
||||
account.EchoAuthCookie(jc, a.Name())
|
||||
account.EchoAuthCookie(jc, a.config)
|
||||
jc.Encode(&PongResponse{
|
||||
Ping: "pong",
|
||||
Token: token,
|
||||
|
|
@ -310,7 +310,7 @@ func (a AccountAPI) accountInfo(jc jape.Context) {
|
|||
}
|
||||
|
||||
func (a AccountAPI) logout(c jape.Context) {
|
||||
account.ClearAuthCookie(c, a.Name())
|
||||
account.ClearAuthCookie(c, a.config)
|
||||
}
|
||||
|
||||
func (a AccountAPI) uploadLimit(c jape.Context) {
|
||||
|
|
|
|||
|
|
@ -660,7 +660,7 @@ func (s *S5API) accountRegister(jc jape.Context) {
|
|||
return
|
||||
}
|
||||
|
||||
account.SetAuthCookie(jc, jwt, s.Name())
|
||||
account.SetAuthCookie(jc, s.config, jwt)
|
||||
}
|
||||
|
||||
func (s *S5API) accountLoginChallenge(jc jape.Context) {
|
||||
|
|
@ -762,7 +762,7 @@ func (s *S5API) accountLogin(jc jape.Context) {
|
|||
return
|
||||
}
|
||||
|
||||
account.SetAuthCookie(jc, jwt, s.Name())
|
||||
account.SetAuthCookie(jc, s.config, jwt)
|
||||
}
|
||||
|
||||
func (s *S5API) accountInfo(jc jape.Context) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue