diff --git a/internal/api/router.go b/internal/api/router.go index df00e79e..0198e8d0 100644 --- a/internal/api/router.go +++ b/internal/api/router.go @@ -70,7 +70,10 @@ func (api *ApiManagerCtx) Authenticate(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { session, err := api.sessions.Authenticate(r) if err != nil { - api.sessions.CookieClearToken(w, r) + if api.sessions.CookieEnabled() { + api.sessions.CookieClearToken(w, r) + } + utils.HttpUnauthorized(w, err) return } diff --git a/internal/api/session.go b/internal/api/session.go index 60c7b4ce..aa1f0a31 100644 --- a/internal/api/session.go +++ b/internal/api/session.go @@ -15,6 +15,7 @@ type SessionLoginPayload struct { type SessionDataPayload struct { ID string `json:"id"` + Token string `json:"token,omitempty"` Profile types.MemberProfile `json:"profile"` State types.SessionState `json:"state"` } @@ -31,13 +32,19 @@ func (api *ApiManagerCtx) Login(w http.ResponseWriter, r *http.Request) { return } - api.sessions.CookieSetToken(w, token) - - utils.HttpSuccess(w, SessionDataPayload{ + sessionData := SessionDataPayload{ ID: session.ID(), Profile: session.Profile(), State: session.State(), - }) + } + + if api.sessions.CookieEnabled() { + api.sessions.CookieSetToken(w, token) + } else { + sessionData.Token = token + } + + utils.HttpSuccess(w, sessionData) } func (api *ApiManagerCtx) Logout(w http.ResponseWriter, r *http.Request) { @@ -49,7 +56,9 @@ func (api *ApiManagerCtx) Logout(w http.ResponseWriter, r *http.Request) { return } - api.sessions.CookieClearToken(w, r) + if api.sessions.CookieEnabled() { + api.sessions.CookieClearToken(w, r) + } utils.HttpSuccess(w, true) } diff --git a/internal/config/session.go b/internal/config/session.go index 5cc946c9..a990b3cb 100644 --- a/internal/config/session.go +++ b/internal/config/session.go @@ -11,6 +11,7 @@ type Session struct { ImplicitHosting bool APIToken string + CookieEnabled bool CookieName string CookieExpiration time.Time CookieSecure bool @@ -28,6 +29,11 @@ func (Session) Init(cmd *cobra.Command) error { } // cookie + cmd.PersistentFlags().Bool("session.cookie.enabled", true, "whether cookies authentication should be enabled") + if err := viper.BindPFlag("session.cookie.enabled", cmd.PersistentFlags().Lookup("session.cookie.enabled")); err != nil { + return err + } + cmd.PersistentFlags().String("session.cookie.name", "NEKO_SESSION", "name of the cookie that holds token") if err := viper.BindPFlag("session.cookie.name", cmd.PersistentFlags().Lookup("session.cookie.name")); err != nil { return err @@ -50,6 +56,7 @@ func (s *Session) Set() { s.ImplicitHosting = viper.GetBool("session.implicit_hosting") s.APIToken = viper.GetString("session.api_token") + s.CookieEnabled = viper.GetBool("session.cookie.enabled") s.CookieName = viper.GetString("session.cookie.name") s.CookieExpiration = time.Now().Add(time.Duration(viper.GetInt("session.cookie.expiration")) * time.Hour) s.CookieSecure = viper.GetBool("session.cookie.secure") diff --git a/internal/session/manager.go b/internal/session/manager.go index d53917f9..c632b131 100644 --- a/internal/session/manager.go +++ b/internal/session/manager.go @@ -300,3 +300,7 @@ func (manager *SessionManagerCtx) OnHostChanged(listener func(session types.Sess func (manager *SessionManagerCtx) ImplicitHosting() bool { return manager.config.ImplicitHosting } + +func (manager *SessionManagerCtx) CookieEnabled() bool { + return manager.config.CookieEnabled +} diff --git a/internal/types/session.go b/internal/types/session.go index cb11e82b..1eb1f17e 100644 --- a/internal/types/session.go +++ b/internal/types/session.go @@ -49,6 +49,7 @@ type SessionManager interface { OnHostChanged(listener func(session Session)) ImplicitHosting() bool + CookieEnabled() bool CookieSetToken(w http.ResponseWriter, token string) CookieClearToken(w http.ResponseWriter, r *http.Request)