Must run oauth from same subdomain but no longer use query params
This commit is contained in:
bel
@@ -40,23 +40,46 @@ func findAccess(w http.ResponseWriter, r *http.Request) (string, bool) {
|
||||
}
|
||||
|
||||
func findAccessFresh(w http.ResponseWriter, r *http.Request) (string, bool) {
|
||||
access, found := findAccessFreshQueryParam(w, r)
|
||||
if !found {
|
||||
access, found = findAccessFreshCookie(w, r)
|
||||
}
|
||||
if found {
|
||||
setCookie(oauth2.COOKIE, access, "", w)
|
||||
}
|
||||
return access, found
|
||||
}
|
||||
|
||||
func findAccessFreshQueryParam(w http.ResponseWriter, r *http.Request) (string, bool) {
|
||||
q := r.URL.Query()
|
||||
access := q.Get(oauth2.COOKIE)
|
||||
q.Del(oauth2.COOKIE)
|
||||
access := q.Get(oauth2.NEWCOOKIE)
|
||||
q.Del(oauth2.NEWCOOKIE)
|
||||
r.URL.RawQuery = q.Encode()
|
||||
if access == "" {
|
||||
return "", false
|
||||
}
|
||||
cookie := &http.Cookie{
|
||||
Name: oauth2.COOKIE,
|
||||
Value: access,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
Path: "/",
|
||||
}
|
||||
http.SetCookie(w, cookie)
|
||||
return access, true
|
||||
}
|
||||
|
||||
func findAccessFreshCookie(w http.ResponseWriter, r *http.Request) (string, bool) {
|
||||
access, err := r.Cookie(oauth2.NEWCOOKIE)
|
||||
if err == http.ErrNoCookie {
|
||||
return "", false
|
||||
}
|
||||
host := r.Host
|
||||
if r.URL.Host != "" {
|
||||
host = r.URL.Host
|
||||
}
|
||||
host = strings.Split(host, ":")[0]
|
||||
hosts := strings.Split(host, ".")
|
||||
if len(host) > 1 {
|
||||
hosts = hosts[1:]
|
||||
}
|
||||
host = "." + strings.Join(hosts, ".")
|
||||
setCookie(oauth2.NEWCOOKIE, "", host, w)
|
||||
return access.Value, true
|
||||
}
|
||||
|
||||
func findAccessStable(w http.ResponseWriter, r *http.Request) (string, bool) {
|
||||
access, err := r.Cookie(oauth2.COOKIE)
|
||||
if err == http.ErrNoCookie {
|
||||
@@ -116,14 +139,14 @@ func verify(access string, oauth2server *url.URL, scope string, w http.ResponseW
|
||||
return nil
|
||||
}
|
||||
|
||||
func setCookie(access string, w http.ResponseWriter) {
|
||||
func setCookie(key, value, domain string, w http.ResponseWriter) {
|
||||
cookie := &http.Cookie{
|
||||
Name: oauth2.COOKIE,
|
||||
Value: access,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
Path: "/",
|
||||
Name: key,
|
||||
Value: value,
|
||||
Path: "/",
|
||||
Domain: domain,
|
||||
}
|
||||
if access == "" {
|
||||
if value == "" {
|
||||
cookie.Expires = time.Now().Add(-1 * time.Hour)
|
||||
}
|
||||
http.SetCookie(w, cookie)
|
||||
|
||||
Reference in New Issue
Block a user