BreizhHardware/jfa-go
1
0
Fork 0
mirror of https://github.com/hrfee/jfa-go.git synced 2026-01-18 16:47:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

auth: strip port from domain if present

Browse Source 
app.UseProxyHost being enabled means app.ExternalDomain sometimes
returns a domain/IP with a port attached. This is now removed, so the
refresh cookie is set correctly.
This commit is contained in:
Harvey Tindall
2025-07-18 12:59:39 +01:00
parent 010ce5ff7a
commit a0165f6f02
3 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
auth.go
View File

@@ -266,7 +266,7 @@ func (app *appContext) getTokenLogin(gc *gin.Context) {
respond(500, "Couldn't generate token", gc)
return
}
host := app.ExternalDomain(gc)
host := app.ExternalDomainNoPort(gc)
// Before you think this is broken: the first "true" arg is for "secure", i.e. only HTTPS!
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
@@ -328,7 +328,7 @@ func (app *appContext) getTokenRefresh(gc *gin.Context) {
return
}
// host := gc.Request.URL.Hostname()
host := app.ExternalDomain(gc)
host := app.ExternalDomainNoPort(gc)
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
gc.JSON(200, getTokenDTO{jwt})
}

11
config.go
View File

@@ -3,6 +3,7 @@ package main
import (
"fmt"
"io/fs"
"net"
"net/url"
"os"
"path/filepath"
@@ -81,6 +82,16 @@ func (app *appContext) ExternalDomain(gc *gin.Context) string {
return gc.Request.Host
}
// ExternalDomainNoPort attempts to return app.ExternalDomain() with the port removed. If the internally-used method fails, it is assumed the domain has no port anyway.
func (app *appContext) ExternalDomainNoPort(gc *gin.Context) string {
domain := app.ExternalDomain(gc)
host, _, err := net.SplitHostPort(domain)
if err != nil {
return domain
}
return host
}
// ExternalURI returns the External URI of jfa-go's root directory (by default, where the admin page is), using the fixed app.externalURI value unless app.UseProxyHost is true and gc is not nil.
// When nil is passed, app.externalURI is returned.
func (app *appContext) ExternalURI(gc *gin.Context) string {

4
user-auth.go
View File

@@ -65,7 +65,7 @@ func (app *appContext) getUserTokenLogin(gc *gin.Context) {
}
// host := gc.Request.URL.Hostname()
host := app.ExternalDomain(gc)
host := app.ExternalDomainNoPort(gc)
uri := "/my"
// FIXME: This seems like a bad idea? I think it's to deal with people having Reverse proxy subfolder/URL base set to /accounts.
if strings.HasPrefix(gc.Request.RequestURI, PAGES.Base) {
@@ -105,7 +105,7 @@ func (app *appContext) getUserTokenRefresh(gc *gin.Context) {
}
// host := gc.Request.URL.Hostname()
host := app.ExternalDomain(gc)
host := app.ExternalDomainNoPort(gc)
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", host, true, true)
gc.JSON(200, getTokenDTO{jwt})
}