feat(module,auth): dynamically define authentication cookie domain

2023-04-05 15:19:22 +02:00 · 2023-04-05 15:19:22 +02:00 · 006f13bc7b
parent 84c8fd51f6
commit 006f13bc7b
2 changed files with 49 additions and 24 deletions
--- a/pkg/module/auth/http/local_handler.go
+++ b/pkg/module/auth/http/local_handler.go
@ -33,7 +33,7 @@ type LocalHandler struct {
 	router          chi.Router
 	algo            jwa.KeyAlgorithm
 	key             jwk.Key
-	cookieDomain   string
+	getCookieDomain GetCookieDomainFunc
 	cookieDuration  time.Duration
 	accounts        map[string]LocalAccount
 }
@ -118,10 +118,18 @@ func (h *LocalHandler) handleForm(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	cookieDomain, err := h.getCookieDomain(r)
+	if err != nil {
+		logger.Error(ctx, "could not retrieve cookie domain", logger.E(errors.WithStack(err)))
+		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+		return
+	}
+
 	cookie := http.Cookie{
 		Name:     auth.CookieName,
 		Value:    string(token),
-		Domain:   h.cookieDomain,
+		Domain:   cookieDomain,
 		HttpOnly: false,
 		Expires:  time.Now().Add(h.cookieDuration),
 		Path:     "/",
@ -133,12 +141,20 @@ func (h *LocalHandler) handleForm(w http.ResponseWriter, r *http.Request) {
 }

 func (h *LocalHandler) handleLogout(w http.ResponseWriter, r *http.Request) {
+	cookieDomain, err := h.getCookieDomain(r)
+	if err != nil {
+		logger.Error(r.Context(), "could not retrieve cookie domain", logger.E(errors.WithStack(err)))
+		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+		return
+	}
+
 	http.SetCookie(w, &http.Cookie{
 		Name:     auth.CookieName,
 		Value:    "",
 		HttpOnly: false,
 		Expires:  time.Unix(0, 0),
-		Domain:   h.cookieDomain,
+		Domain:   cookieDomain,
 		Path:     "/",
 	})

@ -173,7 +189,7 @@ func NewLocalHandler(algo jwa.KeyAlgorithm, key jwk.Key, funcs ...LocalHandlerOp
 		algo:            algo,
 		key:             key,
 		accounts:        toAccountsMap(opts.Accounts),
-		cookieDomain:   opts.CookieDomain,
+		getCookieDomain: opts.GetCookieDomain,
 		cookieDuration:  opts.CookieDuration,
 	}

--- a/pkg/module/auth/http/options.go
+++ b/pkg/module/auth/http/options.go
@ -1,11 +1,20 @@
 package http

-import "time"
+import (
+	"net/http"
+	"time"
+)
+
+type GetCookieDomainFunc func(r *http.Request) (string, error)
+
+func defaultGetCookieDomain(r *http.Request) (string, error) {
+	return "", nil
+}

 type LocalHandlerOptions struct {
 	RoutePrefix     string
 	Accounts        []LocalAccount
-	CookieDomain   string
+	GetCookieDomain GetCookieDomainFunc
 	CookieDuration  time.Duration
 }

@ -15,7 +24,7 @@ func defaultLocalHandlerOptions() *LocalHandlerOptions {
 	return &LocalHandlerOptions{
 		RoutePrefix:     "",
 		Accounts:        make([]LocalAccount, 0),
-		CookieDomain:   "",
+		GetCookieDomain: defaultGetCookieDomain,
 		CookieDuration:  24 * time.Hour,
 	}
 }
@ -32,9 +41,9 @@ func WithRoutePrefix(prefix string) LocalHandlerOptionFunc {
 	}
 }

-func WithCookieOptions(domain string, duration time.Duration) LocalHandlerOptionFunc {
+func WithCookieOptions(getCookieDomain GetCookieDomainFunc, duration time.Duration) LocalHandlerOptionFunc {
 	return func(opts *LocalHandlerOptions) {
-		opts.CookieDomain = domain
+		opts.GetCookieDomain = getCookieDomain
 		opts.CookieDuration = duration
 	}
 }