mirror of
https://github.com/1f349/lavender.git
synced 2024-12-22 07:34:06 +00:00
Use SameSiteLaxMode
This commit is contained in:
parent
96dbac5274
commit
2590e3f4e7
@ -25,10 +25,12 @@ func addIdTokenSupport(srv *server.Server, db *database.DB, key mjwt.Signer) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// IdTokenClaims contains the JWT claims for an access token
|
// IdTokenClaims contains the JWT claims for an access token
|
||||||
type IdTokenClaims struct{}
|
type IdTokenClaims struct {
|
||||||
|
Subject string `json:"subject"`
|
||||||
|
}
|
||||||
|
|
||||||
func (a IdTokenClaims) Valid() error { return nil }
|
func (a IdTokenClaims) Valid() error { return nil }
|
||||||
func (a IdTokenClaims) Type() string { return "access-token" }
|
func (a IdTokenClaims) Type() string { return "id-token" }
|
||||||
|
|
||||||
func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (token string, err error) {
|
func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (token string, err error) {
|
||||||
tx, err := us.Begin()
|
tx, err := us.Begin()
|
||||||
@ -41,7 +43,7 @@ func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (tok
|
|||||||
}
|
}
|
||||||
tx.Rollback()
|
tx.Rollback()
|
||||||
|
|
||||||
token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), IdTokenClaims{})
|
token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), &IdTokenClaims{Subject: user.Sub})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -56,7 +56,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http
|
|||||||
Path: "/",
|
Path: "/",
|
||||||
MaxAge: -1,
|
MaxAge: -1,
|
||||||
Secure: true,
|
Secure: true,
|
||||||
SameSite: http.SameSiteStrictMode,
|
SameSite: http.SameSiteLaxMode,
|
||||||
})
|
})
|
||||||
http.Redirect(rw, req, (&url.URL{
|
http.Redirect(rw, req, (&url.URL{
|
||||||
Path: "/login",
|
Path: "/login",
|
||||||
@ -82,7 +82,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http
|
|||||||
Expires: future,
|
Expires: future,
|
||||||
MaxAge: int(future.Sub(now).Seconds()),
|
MaxAge: int(future.Sub(now).Seconds()),
|
||||||
Secure: true,
|
Secure: true,
|
||||||
SameSite: http.SameSiteStrictMode,
|
SameSite: http.SameSiteLaxMode,
|
||||||
})
|
})
|
||||||
|
|
||||||
// save state for use later
|
// save state for use later
|
||||||
@ -161,7 +161,7 @@ func (h *HttpServer) setLoginDataCookie(rw http.ResponseWriter, userId string) b
|
|||||||
Path: "/",
|
Path: "/",
|
||||||
Expires: time.Now().AddDate(0, 3, 0),
|
Expires: time.Now().AddDate(0, 3, 0),
|
||||||
Secure: true,
|
Secure: true,
|
||||||
SameSite: http.SameSiteStrictMode,
|
SameSite: http.SameSiteLaxMode,
|
||||||
})
|
})
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
@ -143,7 +143,7 @@ func NewHttpServer(conf Conf, db *database.DB, signingKey mjwt.Signer) *http.Ser
|
|||||||
Path: "/",
|
Path: "/",
|
||||||
MaxAge: -1,
|
MaxAge: -1,
|
||||||
Secure: true,
|
Secure: true,
|
||||||
SameSite: http.SameSiteStrictMode,
|
SameSite: http.SameSiteLaxMode,
|
||||||
})
|
})
|
||||||
|
|
||||||
http.Redirect(rw, req, "/", http.StatusFound)
|
http.Redirect(rw, req, "/", http.StatusFound)
|
||||||
|
Loading…
Reference in New Issue
Block a user