mirrors/homebox
1
0
Fork 1
mirror of https://github.com/hay-kot/homebox.git synced 2025-08-03 16:20:27 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: cookie domain for reverse proxy setup

Browse source
This commit is contained in:
Volodymyr Matviienko 2024-02-09 11:50:19 +01:00
parent 3d748021dc
commit c870d68673
1 changed files with 28 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

31
backend/app/api/handlers/v1/v1_ctrl_auth.go
View file

@ -3,6 +3,7 @@ package v1
import ( import (
"errors" "errors"
"net/http" "net/http"
"net/url"
"strconv" "strconv"
"strings" "strings"
"time" "time"
@ -40,6 +41,30 @@ type CookieContents struct {
Remember bool Remember bool
} }
func GetHostFromHeader(r *http.Request, header string) string {
value := r.Header.Get(header)
if value == "" {
return ""
}
url, err := url.Parse(value)
if err != nil {
return ""
}
return url.Hostname()
}
func GetOriginRefererHost(r *http.Request) string {
origin := GetHostFromHeader(r, "Origin")
if origin != "" {
return origin
}
referer := GetHostFromHeader(r, "Referer")
if referer != "" {
return referer
}
return r.Host
}
func GetCookies(r *http.Request) (*CookieContents, error) { func GetCookies(r *http.Request) (*CookieContents, error) {
cookie, err := r.Cookie(cookieNameToken) cookie, err := r.Cookie(cookieNameToken)
if err != nil { if err != nil {
@ -120,7 +145,7 @@ func (ctrl *V1Controller) HandleAuthLogin(ps ...AuthProvider) errchain.HandlerFu
return server.JSON(w, http.StatusInternalServerError, err.Error()) return server.JSON(w, http.StatusInternalServerError, err.Error())
} }
ctrl.setCookies(w, noPort(r.Host), newToken.Raw, newToken.ExpiresAt, true) ctrl.setCookies(w, noPort(GetOriginRefererHost(r)), newToken.Raw, newToken.ExpiresAt, true)
return server.JSON(w, http.StatusOK, TokenResponse{ return server.JSON(w, http.StatusOK, TokenResponse{
Token: "Bearer " + newToken.Raw, Token: "Bearer " + newToken.Raw,
ExpiresAt: newToken.ExpiresAt, ExpiresAt: newToken.ExpiresAt,
@ -148,7 +173,7 @@ func (ctrl *V1Controller) HandleAuthLogout() errchain.HandlerFunc {
return validate.NewRequestError(err, http.StatusInternalServerError) return validate.NewRequestError(err, http.StatusInternalServerError)
} }
ctrl.unsetCookies(w, noPort(r.Host)) ctrl.unsetCookies(w, noPort(GetOriginRefererHost(r)))
return server.JSON(w, http.StatusNoContent, nil) return server.JSON(w, http.StatusNoContent, nil)
} }
} }
@ -174,7 +199,7 @@ func (ctrl *V1Controller) HandleAuthRefresh() errchain.HandlerFunc {
return validate.NewUnauthorizedError() return validate.NewUnauthorizedError()
} }
ctrl.setCookies(w, noPort(r.Host), newToken.Raw, newToken.ExpiresAt, false) ctrl.setCookies(w, noPort(GetOriginRefererHost(r)), newToken.Raw, newToken.ExpiresAt, false)
return server.JSON(w, http.StatusOK, newToken) return server.JSON(w, http.StatusOK, newToken)
} }
} }