amass/Older
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

make cookie domain prepend .
All checks were successful
Deploy / Build (push) Successful in 5m32s
Details

Browse Source
This commit is contained in:
amass 2025-01-09 12:21:06 +08:00
parent 2534882296
commit cb6525636c
2 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
WebApplication/Application.cpp
View File

@ -68,14 +68,25 @@ Application::Application(const Wt::WEnvironment &env, bool embedded)
}
}
}
LOG(info) << "url: " << url();
LOG(info) << "relative resources url: " << relativeResourcesUrl();
LOG(info) << "resources url: " << resourcesUrl();
LOG(info) << "internal path: " << internalPath();
LOG(info) << "bookmark url: " << bookmarkUrl("/");
LOG(info) << "relative url: " << resolveRelativeUrl("/");
auto app = Amass::Singleton<WebToolkit::Server>::instance();
bool authTokensEnabled = app->authService().authTokensEnabled();
std::string authTokenCookieName = app->authService().authTokenCookieName();
std::string authTokenCookieDomain = app->authService().authTokenCookieDomain();
if (env.hostName().find("amass.fun") != std::string::npos) {
if (authTokenCookieDomain != AuthModel::CookieDomain) {
app->authService().setAuthTokensEnabled(authTokensEnabled, authTokenCookieName, AuthModel::CookieDomain);
}
} else {
if (!authTokenCookieDomain.empty()) {
app->authService().setAuthTokensEnabled(authTokensEnabled, authTokenCookieName, "");
}
}
LOG(info) << "url: " << url() << ", host name: " << env.hostName();
LOG(info) << "resources url: " << resourcesUrl() << ", relative resources url: " << relativeResourcesUrl();
LOG(info) << "internal path: " << internalPath() << ", bookmark url: " << bookmarkUrl();
m_loginPage = std::make_unique<LoginPage>(app->authService(), m_session->users(), m_session->login());
if (externalPath.empty()) {
m_loginPage->processEnvironment();
@ -130,6 +141,7 @@ void Application::authEvent() {
auto token = env.getCookie(service.authTokenCookieName());
if (token == nullptr) {
Wt::Http::Cookie cookie(service.authTokenCookieName(), service.createAuthToken(u));
cookie.setDomain(service.authTokenCookieDomain());
cookie.setPath(AuthModel::CookiePath);
cookie.setExpires(Wt::WDateTime());
setCookie(cookie);
@ -248,6 +260,7 @@ void Server::insertCookie(const std::string &cookie) {
Wt::Http::Cookie Server::updateCookie(const std::string &oldCookie, const Wt::Auth::AuthTokenResult &result, bool secure) {
Wt::Http::Cookie cookie(m_authService->authTokenCookieName());
cookie.setPath(AuthModel::CookiePath);
cookie.setDomain(m_authService->authTokenCookieDomain());
cookie.setSecure(secure);
if (result.state() == Wt::Auth::AuthTokenState::Invalid) {
if (m_cookies.contains(oldCookie)) {

1
WebApplication/model/AuthModel.h
View File

@ -6,6 +6,7 @@
class AuthModel : public Wt::Auth::AuthModel {
public:
static constexpr auto CookiePath = "/";
static constexpr auto CookieDomain = ".amass.fun";
AuthModel(const Wt::Auth::AuthService &baseAuth, Wt::Auth::AbstractUserDatabase &users);
Wt::Auth::User processAuthToken() final;
void setRememberMeCookie(const Wt::Auth::User &user) final;