move cookies to session + config.

2024-07-24 14:40:50 +12:00 · 2021-03-17 14:09:10 +01:00
parent d06a5a2ac7
commit 4abe0a5dba
4 changed files with 66 additions and 34 deletions
--- a/internal/session/auth.go
+++ b/internal/session/auth.go
@ -4,12 +4,45 @@ import (
 	"fmt"
 	"net/http"
 	"strings"
+	"time"

 	"demodesk/neko/internal/types"
 )

+func (manager *SessionManagerCtx) CookieSetToken(w http.ResponseWriter, token string) {
+	sameSite := http.SameSiteDefaultMode
+	if manager.config.CookieSecure {
+		sameSite = http.SameSiteNoneMode
+	}
+
+	http.SetCookie(w, &http.Cookie{
+		Name:     manager.config.CookieName,
+		Value:    token,
+		Expires:  manager.config.CookieExpiration,
+		Secure:   manager.config.CookieSecure,
+		SameSite: sameSite,
+		HttpOnly: true,
+	})
+}
+
+func (manager *SessionManagerCtx) CookieClearToken(w http.ResponseWriter) {
+	sameSite := http.SameSiteDefaultMode
+	if manager.config.CookieSecure {
+		sameSite = http.SameSiteNoneMode
+	}
+
+	http.SetCookie(w, &http.Cookie{
+		Name:     manager.config.CookieName,
+		Value:    "",
+		Expires:  time.Unix(0, 0),
+		Secure:   manager.config.CookieSecure,
+		SameSite: sameSite,
+		HttpOnly: true,
+	})
+}
+
 func (manager *SessionManagerCtx) Authenticate(r *http.Request) (types.Session, error) {
-	token, ok := getToken(r)
+	token, ok := manager.getToken(r)
 	if !ok {
 		return nil, fmt.Errorf("no authentication provided")
 	}
@ -26,7 +59,7 @@ func (manager *SessionManagerCtx) Authenticate(r *http.Request) (types.Session,
 	return session, nil
 }

-func getToken(r *http.Request) (string, bool) {
+func (manager *SessionManagerCtx) getToken(r *http.Request) (string, bool) {
 	// get from Header
 	reqToken := r.Header.Get("Authorization")
 	splitToken := strings.Split(reqToken, "Bearer ")
@ -35,7 +68,7 @@ func getToken(r *http.Request) (string, bool) {
 	}

 	// get from Cookie
-	cookie, err := r.Cookie("NEKO_SESSION")
+	cookie, err := r.Cookie(manager.config.CookieName)
 	if err == nil {
 		return cookie.Value, true
 	}