mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-02 05:52:25 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auth flow fixes (#82)

Browse source 
* preliminary fixes to broken auth flow

* fix some auth/cookie weirdness

* fmt
This commit is contained in:
Tobi Smethurst 2021-07-08 11:32:31 +02:00 committed by GitHub
commit 5460271bb5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 79 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

9
internal/router/session.go
View file

@ -22,6 +22,7 @@ import (
"crypto/rand"
"errors"
"fmt"
"net/http"
"github.com/gin-contrib/sessions"
"github.com/gin-contrib/sessions/memstore"
@ -63,6 +64,14 @@ func useSession(cfg *config.Config, dbService db.DB, engine *gin.Engine) error {
}
store := memstore.NewStore(rs.Auth, rs.Crypt)
store.Options(sessions.Options{
Path: "/",
Domain: cfg.Host,
MaxAge: 120, // 2 minutes
Secure: true, // only use cookie over https
HttpOnly: true, // exclude javascript from inspecting cookie
SameSite: http.SameSiteStrictMode, // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
})
sessionName := fmt.Sprintf("gotosocial-%s", cfg.Host)
engine.Use(sessions.Sessions(sessionName, store))
return nil