mirror of
https://github.com/1f349/lavender.git
synced 2024-12-21 23:24:09 +00:00
Use SameSiteLaxMode
This commit is contained in:
parent
96dbac5274
commit
2590e3f4e7
@ -25,10 +25,12 @@ func addIdTokenSupport(srv *server.Server, db *database.DB, key mjwt.Signer) {
|
||||
}
|
||||
|
||||
// IdTokenClaims contains the JWT claims for an access token
|
||||
type IdTokenClaims struct{}
|
||||
type IdTokenClaims struct {
|
||||
Subject string `json:"subject"`
|
||||
}
|
||||
|
||||
func (a IdTokenClaims) Valid() error { return nil }
|
||||
func (a IdTokenClaims) Type() string { return "access-token" }
|
||||
func (a IdTokenClaims) Type() string { return "id-token" }
|
||||
|
||||
func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (token string, err error) {
|
||||
tx, err := us.Begin()
|
||||
@ -41,7 +43,7 @@ func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (tok
|
||||
}
|
||||
tx.Rollback()
|
||||
|
||||
token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), IdTokenClaims{})
|
||||
token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), &IdTokenClaims{Subject: user.Sub})
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -56,7 +56,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http
|
||||
Path: "/",
|
||||
MaxAge: -1,
|
||||
Secure: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
})
|
||||
http.Redirect(rw, req, (&url.URL{
|
||||
Path: "/login",
|
||||
@ -82,7 +82,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http
|
||||
Expires: future,
|
||||
MaxAge: int(future.Sub(now).Seconds()),
|
||||
Secure: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
})
|
||||
|
||||
// save state for use later
|
||||
@ -161,7 +161,7 @@ func (h *HttpServer) setLoginDataCookie(rw http.ResponseWriter, userId string) b
|
||||
Path: "/",
|
||||
Expires: time.Now().AddDate(0, 3, 0),
|
||||
Secure: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
})
|
||||
return false
|
||||
}
|
||||
|
@ -143,7 +143,7 @@ func NewHttpServer(conf Conf, db *database.DB, signingKey mjwt.Signer) *http.Ser
|
||||
Path: "/",
|
||||
MaxAge: -1,
|
||||
Secure: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
})
|
||||
|
||||
http.Redirect(rw, req, "/", http.StatusFound)
|
||||
|
Loading…
Reference in New Issue
Block a user