cookie: enabled / disabled.

This commit is contained in:
Miroslav Šedivý 2021-04-24 20:53:37 +02:00
parent 9b1deb4134
commit 04d2fa8863
5 changed files with 30 additions and 6 deletions

View File

@ -70,7 +70,10 @@ func (api *ApiManagerCtx) Authenticate(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session, err := api.sessions.Authenticate(r) session, err := api.sessions.Authenticate(r)
if err != nil { if err != nil {
api.sessions.CookieClearToken(w, r) if api.sessions.CookieEnabled() {
api.sessions.CookieClearToken(w, r)
}
utils.HttpUnauthorized(w, err) utils.HttpUnauthorized(w, err)
return return
} }

View File

@ -15,6 +15,7 @@ type SessionLoginPayload struct {
type SessionDataPayload struct { type SessionDataPayload struct {
ID string `json:"id"` ID string `json:"id"`
Token string `json:"token,omitempty"`
Profile types.MemberProfile `json:"profile"` Profile types.MemberProfile `json:"profile"`
State types.SessionState `json:"state"` State types.SessionState `json:"state"`
} }
@ -31,13 +32,19 @@ func (api *ApiManagerCtx) Login(w http.ResponseWriter, r *http.Request) {
return return
} }
api.sessions.CookieSetToken(w, token) sessionData := SessionDataPayload{
utils.HttpSuccess(w, SessionDataPayload{
ID: session.ID(), ID: session.ID(),
Profile: session.Profile(), Profile: session.Profile(),
State: session.State(), State: session.State(),
}) }
if api.sessions.CookieEnabled() {
api.sessions.CookieSetToken(w, token)
} else {
sessionData.Token = token
}
utils.HttpSuccess(w, sessionData)
} }
func (api *ApiManagerCtx) Logout(w http.ResponseWriter, r *http.Request) { func (api *ApiManagerCtx) Logout(w http.ResponseWriter, r *http.Request) {
@ -49,7 +56,9 @@ func (api *ApiManagerCtx) Logout(w http.ResponseWriter, r *http.Request) {
return return
} }
api.sessions.CookieClearToken(w, r) if api.sessions.CookieEnabled() {
api.sessions.CookieClearToken(w, r)
}
utils.HttpSuccess(w, true) utils.HttpSuccess(w, true)
} }

View File

@ -11,6 +11,7 @@ type Session struct {
ImplicitHosting bool ImplicitHosting bool
APIToken string APIToken string
CookieEnabled bool
CookieName string CookieName string
CookieExpiration time.Time CookieExpiration time.Time
CookieSecure bool CookieSecure bool
@ -28,6 +29,11 @@ func (Session) Init(cmd *cobra.Command) error {
} }
// cookie // cookie
cmd.PersistentFlags().Bool("session.cookie.enabled", true, "whether cookies authentication should be enabled")
if err := viper.BindPFlag("session.cookie.enabled", cmd.PersistentFlags().Lookup("session.cookie.enabled")); err != nil {
return err
}
cmd.PersistentFlags().String("session.cookie.name", "NEKO_SESSION", "name of the cookie that holds token") cmd.PersistentFlags().String("session.cookie.name", "NEKO_SESSION", "name of the cookie that holds token")
if err := viper.BindPFlag("session.cookie.name", cmd.PersistentFlags().Lookup("session.cookie.name")); err != nil { if err := viper.BindPFlag("session.cookie.name", cmd.PersistentFlags().Lookup("session.cookie.name")); err != nil {
return err return err
@ -50,6 +56,7 @@ func (s *Session) Set() {
s.ImplicitHosting = viper.GetBool("session.implicit_hosting") s.ImplicitHosting = viper.GetBool("session.implicit_hosting")
s.APIToken = viper.GetString("session.api_token") s.APIToken = viper.GetString("session.api_token")
s.CookieEnabled = viper.GetBool("session.cookie.enabled")
s.CookieName = viper.GetString("session.cookie.name") s.CookieName = viper.GetString("session.cookie.name")
s.CookieExpiration = time.Now().Add(time.Duration(viper.GetInt("session.cookie.expiration")) * time.Hour) s.CookieExpiration = time.Now().Add(time.Duration(viper.GetInt("session.cookie.expiration")) * time.Hour)
s.CookieSecure = viper.GetBool("session.cookie.secure") s.CookieSecure = viper.GetBool("session.cookie.secure")

View File

@ -300,3 +300,7 @@ func (manager *SessionManagerCtx) OnHostChanged(listener func(session types.Sess
func (manager *SessionManagerCtx) ImplicitHosting() bool { func (manager *SessionManagerCtx) ImplicitHosting() bool {
return manager.config.ImplicitHosting return manager.config.ImplicitHosting
} }
func (manager *SessionManagerCtx) CookieEnabled() bool {
return manager.config.CookieEnabled
}

View File

@ -49,6 +49,7 @@ type SessionManager interface {
OnHostChanged(listener func(session Session)) OnHostChanged(listener func(session Session))
ImplicitHosting() bool ImplicitHosting() bool
CookieEnabled() bool
CookieSetToken(w http.ResponseWriter, token string) CookieSetToken(w http.ResponseWriter, token string)
CookieClearToken(w http.ResponseWriter, r *http.Request) CookieClearToken(w http.ResponseWriter, r *http.Request)