1f349/lavender
4
0
Fork 0
mirror of https://github.com/1f349/lavender.git synced 2024-11-09 22:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use SameSiteLaxMode

Browse Source
This commit is contained in:
Melon 2024-02-15 14:44:58 +00:00
parent 96dbac5274
commit 2590e3f4e7
Signed by: melon
GPG Key ID: 6C9D970C50D26A25
3 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/id_token.go
View File

@ -25,10 +25,12 @@ func addIdTokenSupport(srv *server.Server, db *database.DB, key mjwt.Signer) {
} }
// IdTokenClaims contains the JWT claims for an access token // IdTokenClaims contains the JWT claims for an access token
type IdTokenClaims struct{} type IdTokenClaims struct {
Subject string `json:"subject"`
}
func (a IdTokenClaims) Valid() error { return nil } func (a IdTokenClaims) Valid() error { return nil }
func (a IdTokenClaims) Type() string { return "access-token" } func (a IdTokenClaims) Type() string { return "id-token" }
func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (token string, err error) { func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (token string, err error) {
tx, err := us.Begin() tx, err := us.Begin()
@ -41,7 +43,7 @@ func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (tok
} }
tx.Rollback() tx.Rollback()
token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), IdTokenClaims{}) token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), &IdTokenClaims{Subject: user.Sub})
return return
} }

6
server/login.go
View File

@ -56,7 +56,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http
Path: "/", Path: "/",
MaxAge: -1, MaxAge: -1,
Secure: true, Secure: true,
SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteLaxMode,
}) })
http.Redirect(rw, req, (&url.URL{ http.Redirect(rw, req, (&url.URL{
Path: "/login", Path: "/login",
@ -82,7 +82,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http
Expires: future, Expires: future,
MaxAge: int(future.Sub(now).Seconds()), MaxAge: int(future.Sub(now).Seconds()),
Secure: true, Secure: true,
SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteLaxMode,
}) })
// save state for use later // save state for use later
@ -161,7 +161,7 @@ func (h *HttpServer) setLoginDataCookie(rw http.ResponseWriter, userId string) b
Path: "/", Path: "/",
Expires: time.Now().AddDate(0, 3, 0), Expires: time.Now().AddDate(0, 3, 0),
Secure: true, Secure: true,
SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteLaxMode,
}) })
return false return false
} }

2
server/server.go
View File

@ -143,7 +143,7 @@ func NewHttpServer(conf Conf, db *database.DB, signingKey mjwt.Signer) *http.Ser
Path: "/", Path: "/",
MaxAge: -1, MaxAge: -1,
Secure: true, Secure: true,
SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteLaxMode,
}) })
http.Redirect(rw, req, "/", http.StatusFound) http.Redirect(rw, req, "/", http.StatusFound)