mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-10-29 12:32:25 -05:00
d7f967cbb5
- adds configuration for thumbnail maximum dimensions with warning on exceeding recommendations - moves the media configuration vars into their own sub-struct - replaces the configuration flag funcs with simple string consts Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4258 Reviewed-by: tobi <kipvandenbos@noreply.codeberg.org> Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
83 lines
2.5 KiB
Go
83 lines
2.5 KiB
Go
// GoToSocial
|
|
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
package util
|
|
|
|
import (
|
|
"net/http"
|
|
"net/url"
|
|
|
|
"code.superseriousbusiness.org/gotosocial/internal/config"
|
|
"code.superseriousbusiness.org/gotosocial/internal/log"
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// CookiePolicy encompasses a number
|
|
// of security related cookie directives
|
|
// of which we want to be set consistently
|
|
// on all cookies administered by us.
|
|
type CookiePolicy struct {
|
|
Domain string
|
|
SameSite http.SameSite
|
|
HTTPOnly bool
|
|
Secure bool
|
|
}
|
|
|
|
// NewCookiePolicy will return a new CookiePolicy{}
|
|
// object setup according to current instance config.
|
|
func NewCookiePolicy() CookiePolicy {
|
|
var sameSite http.SameSite
|
|
switch s := config.GetAdvancedCookiesSamesite(); s {
|
|
case "strict":
|
|
sameSite = http.SameSiteStrictMode
|
|
case "lax":
|
|
sameSite = http.SameSiteLaxMode
|
|
default:
|
|
log.Warnf(nil, "%s set to %s which is not recognized, defaulting to 'lax'", config.AdvancedCookiesSamesiteFlag, s)
|
|
sameSite = http.SameSiteLaxMode
|
|
}
|
|
return CookiePolicy{
|
|
Domain: config.GetHost(),
|
|
|
|
// https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
|
|
SameSite: sameSite,
|
|
|
|
// forbid javascript from
|
|
// inspecting cookie
|
|
HTTPOnly: true,
|
|
|
|
// only set secure cookie directive over https
|
|
Secure: (config.GetProtocol() == "https"),
|
|
}
|
|
}
|
|
|
|
// SetCookie will set the given cookie details according to currently configured CookiePolicy{}.
|
|
func (p *CookiePolicy) SetCookie(c *gin.Context, name, value string, maxAge int, path string) {
|
|
if path == "" {
|
|
path = "/"
|
|
}
|
|
http.SetCookie(c.Writer, &http.Cookie{
|
|
Name: name,
|
|
Value: url.QueryEscape(value),
|
|
MaxAge: maxAge,
|
|
Path: path,
|
|
Domain: p.Domain,
|
|
SameSite: p.SameSite,
|
|
Secure: p.Secure,
|
|
HttpOnly: p.HTTPOnly,
|
|
})
|
|
}
|