iridium/neko
2
2
Fork 0
mirror of https://github.com/m1k1o/neko.git synced 2024-07-24 14:40:50 +12:00
Code Issues Packages Projects Releases Wiki Activity
6b638db825
neko/internal/api/session.go
Miroslav Šedivý fa16b28ac0 set secure cookies by default.
2021-03-01 18:52:05 +01:00

105 lines
2.2 KiB
Go
Raw Blame History

package api
import (
"net/http"
"os"
"time"
"demodesk/neko/internal/http/auth"
"demodesk/neko/internal/types"
"demodesk/neko/internal/utils"
)
var CookieExpirationDate = time.Now().Add(365 * 24 * time.Hour)
var UnsecureCookies = os.Getenv("DISABLE_SECURE_COOKIES") == "true"
type SessionLoginPayload struct {
ID string `json:"id"`
Secret string `json:"secret"`
}
type SessionWhoamiPayload struct {
ID string `json:"id"`
Profile types.MemberProfile `json:"profile"`
State types.MemberState `json:"state"`
}
func (api *ApiManagerCtx) Login(w http.ResponseWriter, r *http.Request) {
data := &SessionLoginPayload{}
if !utils.HttpJsonRequest(w, r, data) {
return
}
session, err := api.sessions.Authenticate(data.ID, data.Secret)
if err != nil {
utils.HttpUnauthorized(w, err)
return
}
sameSite := http.SameSiteNoneMode
if UnsecureCookies {
sameSite = http.SameSiteDefaultMode
}
http.SetCookie(w, &http.Cookie{
Name: "neko-id",
Value: session.ID(),
Expires: CookieExpirationDate,
Secure: !UnsecureCookies,
SameSite: sameSite,
HttpOnly: false,
})
http.SetCookie(w, &http.Cookie{
Name: "neko-secret",
Value: data.Secret,
Expires: CookieExpirationDate,
Secure: !UnsecureCookies,
SameSite: sameSite,
HttpOnly: true,
})
utils.HttpSuccess(w, SessionWhoamiPayload{
ID: session.ID(),
Profile: session.GetProfile(),
State: session.GetState(),
})
}
func (api *ApiManagerCtx) Logout(w http.ResponseWriter, r *http.Request) {
sameSite := http.SameSiteNoneMode
if UnsecureCookies {
sameSite = http.SameSiteDefaultMode
}
http.SetCookie(w, &http.Cookie{
Name: "neko-id",
Value: "",
Expires: time.Unix(0, 0),
Secure: !UnsecureCookies,
SameSite: sameSite,
HttpOnly: false,
})
http.SetCookie(w, &http.Cookie{
Name: "neko-secret",
Value: "",
Expires: time.Unix(0, 0),
Secure: !UnsecureCookies,
SameSite: sameSite,
HttpOnly: true,
})
utils.HttpSuccess(w, true)
}
func (api *ApiManagerCtx) Whoami(w http.ResponseWriter, r *http.Request) {
session := auth.GetSession(r)
utils.HttpSuccess(w, SessionWhoamiPayload{
ID: session.ID(),
Profile: session.GetProfile(),
State: session.GetState(),
})
}
Reference in New Issue View Git Blame Copy Permalink