feat(module,auth): dynamically define authentication cookie domain

This commit is contained in:
wpetit 2023-04-05 15:19:22 +02:00
parent 84c8fd51f6
commit 006f13bc7b
2 changed files with 49 additions and 24 deletions

View File

@ -30,12 +30,12 @@ func init() {
}
type LocalHandler struct {
router chi.Router
algo jwa.KeyAlgorithm
key jwk.Key
cookieDomain string
cookieDuration time.Duration
accounts map[string]LocalAccount
router chi.Router
algo jwa.KeyAlgorithm
key jwk.Key
getCookieDomain GetCookieDomainFunc
cookieDuration time.Duration
accounts map[string]LocalAccount
}
func (h *LocalHandler) initRouter(prefix string) {
@ -118,10 +118,18 @@ func (h *LocalHandler) handleForm(w http.ResponseWriter, r *http.Request) {
return
}
cookieDomain, err := h.getCookieDomain(r)
if err != nil {
logger.Error(ctx, "could not retrieve cookie domain", logger.E(errors.WithStack(err)))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
cookie := http.Cookie{
Name: auth.CookieName,
Value: string(token),
Domain: h.cookieDomain,
Domain: cookieDomain,
HttpOnly: false,
Expires: time.Now().Add(h.cookieDuration),
Path: "/",
@ -133,12 +141,20 @@ func (h *LocalHandler) handleForm(w http.ResponseWriter, r *http.Request) {
}
func (h *LocalHandler) handleLogout(w http.ResponseWriter, r *http.Request) {
cookieDomain, err := h.getCookieDomain(r)
if err != nil {
logger.Error(r.Context(), "could not retrieve cookie domain", logger.E(errors.WithStack(err)))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
http.SetCookie(w, &http.Cookie{
Name: auth.CookieName,
Value: "",
HttpOnly: false,
Expires: time.Unix(0, 0),
Domain: h.cookieDomain,
Domain: cookieDomain,
Path: "/",
})
@ -170,11 +186,11 @@ func NewLocalHandler(algo jwa.KeyAlgorithm, key jwk.Key, funcs ...LocalHandlerOp
}
handler := &LocalHandler{
algo: algo,
key: key,
accounts: toAccountsMap(opts.Accounts),
cookieDomain: opts.CookieDomain,
cookieDuration: opts.CookieDuration,
algo: algo,
key: key,
accounts: toAccountsMap(opts.Accounts),
getCookieDomain: opts.GetCookieDomain,
cookieDuration: opts.CookieDuration,
}
handler.initRouter(opts.RoutePrefix)

View File

@ -1,22 +1,31 @@
package http
import "time"
import (
"net/http"
"time"
)
type GetCookieDomainFunc func(r *http.Request) (string, error)
func defaultGetCookieDomain(r *http.Request) (string, error) {
return "", nil
}
type LocalHandlerOptions struct {
RoutePrefix string
Accounts []LocalAccount
CookieDomain string
CookieDuration time.Duration
RoutePrefix string
Accounts []LocalAccount
GetCookieDomain GetCookieDomainFunc
CookieDuration time.Duration
}
type LocalHandlerOptionFunc func(*LocalHandlerOptions)
func defaultLocalHandlerOptions() *LocalHandlerOptions {
return &LocalHandlerOptions{
RoutePrefix: "",
Accounts: make([]LocalAccount, 0),
CookieDomain: "",
CookieDuration: 24 * time.Hour,
RoutePrefix: "",
Accounts: make([]LocalAccount, 0),
GetCookieDomain: defaultGetCookieDomain,
CookieDuration: 24 * time.Hour,
}
}
@ -32,9 +41,9 @@ func WithRoutePrefix(prefix string) LocalHandlerOptionFunc {
}
}
func WithCookieOptions(domain string, duration time.Duration) LocalHandlerOptionFunc {
func WithCookieOptions(getCookieDomain GetCookieDomainFunc, duration time.Duration) LocalHandlerOptionFunc {
return func(opts *LocalHandlerOptions) {
opts.CookieDomain = domain
opts.GetCookieDomain = getCookieDomain
opts.CookieDuration = duration
}
}