mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-30 21:02:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
gotosocial/internal/api/util/cookie.go

84 lines
2.5 KiB
Go
Raw Normal View History

[chore] tweak NoLLaMas proof-of-work algorithm (#4090) # Description - tweaks the NoLLaMas proof-of-work algorithm to further granularity on time spent computing solutions - standardizes GoToSocial cookie security directive setting in a CookiePolicy{} type ## Checklist - [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md). - [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat. - [x] I/we have not leveraged AI to create the proposed changes. - [x] I/we have performed a self-review of added code. - [x] I/we have written code that is legible and maintainable by others. - [x] I/we have commented the added code, particularly in hard-to-understand areas. - [ ] I/we have made any necessary changes to documentation. - [ ] I/we have added tests that cover new code. - [ ] I/we have run tests and they pass locally with the changes. - [x] I/we have run `go fmt ./...` and `golangci-lint run`. Co-authored-by: tobi <tobi.smethurst@protonmail.com> Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4090 Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-04-29 13:57:26 +00:00
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package util
import (
"net/http"
"net/url"
"code.superseriousbusiness.org/gotosocial/internal/config"
"code.superseriousbusiness.org/gotosocial/internal/log"
"github.com/gin-gonic/gin"
)
// CookiePolicy encompasses a number
// of security related cookie directives
// of which we want to be set consistently
// on all cookies administered by us.
type CookiePolicy struct {
Domain string
SameSite http.SameSite
HTTPOnly bool
Secure bool
}
// NewCookiePolicy will return a new CookiePolicy{}
// object setup according to current instance config.
func NewCookiePolicy() CookiePolicy {
var sameSite http.SameSite
switch s := config.GetAdvancedCookiesSamesite(); s {
case "strict":
sameSite = http.SameSiteStrictMode
case "lax":
sameSite = http.SameSiteLaxMode
default:
[feature] configurable maximum thumbnail dimensions (#4258) - adds configuration for thumbnail maximum dimensions with warning on exceeding recommendations - moves the media configuration vars into their own sub-struct - replaces the configuration flag funcs with simple string consts Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4258 Reviewed-by: tobi <kipvandenbos@noreply.codeberg.org> Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-06-10 15:43:31 +02:00
log.Warnf(nil, "%s set to %s which is not recognized, defaulting to 'lax'", config.AdvancedCookiesSamesiteFlag, s)
[chore] tweak NoLLaMas proof-of-work algorithm (#4090) # Description - tweaks the NoLLaMas proof-of-work algorithm to further granularity on time spent computing solutions - standardizes GoToSocial cookie security directive setting in a CookiePolicy{} type ## Checklist - [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md). - [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat. - [x] I/we have not leveraged AI to create the proposed changes. - [x] I/we have performed a self-review of added code. - [x] I/we have written code that is legible and maintainable by others. - [x] I/we have commented the added code, particularly in hard-to-understand areas. - [ ] I/we have made any necessary changes to documentation. - [ ] I/we have added tests that cover new code. - [ ] I/we have run tests and they pass locally with the changes. - [x] I/we have run `go fmt ./...` and `golangci-lint run`. Co-authored-by: tobi <tobi.smethurst@protonmail.com> Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4090 Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-04-29 13:57:26 +00:00
sameSite = http.SameSiteLaxMode
}
return CookiePolicy{
Domain: config.GetHost(),
// https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
SameSite: sameSite,
// forbid javascript from
// inspecting cookie
HTTPOnly: true,
// only set secure cookie directive over https
Secure: (config.GetProtocol() == "https"),
}
}
// SetCookie will set the given cookie details according to currently configured CookiePolicy{}.
func (p *CookiePolicy) SetCookie(c *gin.Context, name, value string, maxAge int, path string) {
if path == "" {
path = "/"
}
http.SetCookie(c.Writer, &http.Cookie{
Name: name,
Value: url.QueryEscape(value),
MaxAge: maxAge,
Path: path,
Domain: p.Domain,
SameSite: p.SameSite,
Secure: p.Secure,
HttpOnly: p.HTTPOnly,
})
}
Reference in a new issue Copy permalink