1
0
mirror of https://github.com/muety/wakapi.git synced 2023-08-10 21:12:56 +03:00

feat: allow insecure cookies (resolve #27)

This commit is contained in:
Ferdinand Mütsch 2020-05-30 12:11:21 +02:00
parent 002003a957
commit 9dae5a1f77
7 changed files with 20 additions and 8 deletions

View File

@ -17,7 +17,11 @@ If you like this project, please consider supporting it 🙂. You can donate eit
## Prerequisites
**On the server side:**
* Go > 1.13 (with `$GOPATH` properly set)
* Go >= 1.13 (with `$GOPATH` properly set)
* gcc (to compile [go-sqlite3](https://github.com/mattn/go-sqlite3))
* Fedora / RHEL: `dnf install @development-tools`
* Ubuntu / Debian: `apt install build-essential`
* Windows: See [here](https://github.com/mattn/go-sqlite3/issues/214#issuecomment-244604166)
* _Optional_: A MySQL- or Postgres database
**On your local machine:**

View File

@ -2,6 +2,7 @@
listen = 127.0.0.1
port = 3000
base_path = /
insecure_cookies = false
[app]
cleanup = false

View File

@ -57,7 +57,7 @@ func (m *AuthenticateMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Reques
if strings.HasPrefix(r.URL.Path, "/api") {
w.WriteHeader(http.StatusUnauthorized)
} else {
utils.ClearCookie(w, models.AuthCookieKey)
utils.ClearCookie(w, models.AuthCookieKey, !m.config.InsecureCookies)
http.Redirect(w, r, fmt.Sprintf("%s/?error=unauthorized", m.config.BasePath), http.StatusFound)
}
return

View File

@ -34,13 +34,18 @@ type Config struct {
PasswordSalt string
SecureCookieHashKey string
SecureCookieBlockKey string
InsecureCookies bool
CustomLanguages map[string]string
LanguageColors map[string]string
SecureCookie *securecookie.SecureCookie
}
func (c *Config) IsDev() bool {
return c.Env == "dev"
return IsDev(c.Env)
}
func IsDev(env string) bool {
return env == "dev" || env == "development"
}
func SetConfig(config *Config) {
@ -104,6 +109,7 @@ func readConfig() *Config {
dbMaxConn := cfg.Section("database").Key("max_connections").MustUint(1)
addr := cfg.Section("server").Key("listen").MustString("127.0.0.1")
insecureCookies := IsDev(env) || cfg.Section("server").Key("insecure_cookies").MustBool(false)
port, err := strconv.Atoi(os.Getenv("PORT"))
if err != nil {
port = cfg.Section("server").Key("port").MustInt()
@ -164,6 +170,7 @@ func readConfig() *Config {
DbDialect: dbType,
DbMaxConn: dbMaxConn,
CleanUp: cleanUp,
InsecureCookies: insecureCookies,
SecureCookie: secureCookie,
PasswordSalt: passwordSalt,
DefaultUserName: defaultUserName,

View File

@ -93,7 +93,7 @@ func (h *IndexHandler) Login(w http.ResponseWriter, r *http.Request) {
Name: models.AuthCookieKey,
Value: encoded,
Path: "/",
Secure: true,
Secure: !h.config.InsecureCookies,
HttpOnly: true,
}
http.SetCookie(w, cookie)
@ -105,7 +105,7 @@ func (h *IndexHandler) Logout(w http.ResponseWriter, r *http.Request) {
loadTemplates()
}
utils.ClearCookie(w, models.AuthCookieKey)
utils.ClearCookie(w, models.AuthCookieKey, !h.config.InsecureCookies)
http.Redirect(w, r, fmt.Sprintf("%s/", h.config.BasePath), http.StatusFound)
}

View File

@ -13,12 +13,12 @@ func RespondJSON(w http.ResponseWriter, status int, object interface{}) {
}
}
func ClearCookie(w http.ResponseWriter, name string) {
func ClearCookie(w http.ResponseWriter, name string, secure bool) {
http.SetCookie(w, &http.Cookie{
Name: name,
Value: "",
Path: "/",
Secure: true,
Secure: secure,
HttpOnly: true,
})
}

View File

@ -1 +1 @@
1.5.4
1.5.5