1
0
mirror of https://github.com/hrfee/jfa-go.git synced 2024-12-21 16:40:11 +00:00

auth: source cookie hostname from jfa_url

instead of just applying the cookie to the hostname you accessed jfa-go
on, it is applied to the one you set in jfa-go. The result is you'll
have to login twice if you access on localhost:8056 instead
of accounts.jellyf.in.
This commit is contained in:
Harvey Tindall 2024-08-13 20:39:06 +01:00
parent e71d492495
commit b2771e6cc5
Signed by: hrfee
GPG Key ID: BBC65952848FB1A2
11 changed files with 1426 additions and 672 deletions

View File

@ -248,7 +248,9 @@ func (app *appContext) getTokenLogin(gc *gin.Context) {
respond(500, "Couldn't generate token", gc)
return
}
host := gc.Request.URL.Hostname()
// host := gc.Request.URL.Hostname()
host := app.ExternalDomain
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
gc.JSON(200, getTokenDTO{token})
}
@ -307,7 +309,8 @@ func (app *appContext) getTokenRefresh(gc *gin.Context) {
respond(500, "Couldn't generate token", gc)
return
}
host := gc.Request.URL.Hostname()
// host := gc.Request.URL.Hostname()
host := app.ExternalDomain
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
gc.JSON(200, getTokenDTO{jwt})
}

View File

@ -3,6 +3,7 @@ package main
import (
"fmt"
"io/fs"
"net/url"
"os"
"path/filepath"
"strconv"
@ -60,10 +61,17 @@ func (app *appContext) loadConfig() error {
if app.URLBase == "/invite" || app.URLBase == "/accounts" || app.URLBase == "/settings" || app.URLBase == "/activity" {
app.err.Printf(lm.BadURLBase, app.URLBase)
}
app.ExternalHost = strings.TrimSuffix(strings.TrimSuffix(app.config.Section("ui").Key("jfa_url").MustString(""), "/invite"), "/")
if !strings.HasSuffix(app.ExternalHost, app.URLBase) {
app.ExternalURI = strings.TrimSuffix(strings.TrimSuffix(app.config.Section("ui").Key("jfa_url").MustString(""), "/invite"), "/")
if !strings.HasSuffix(app.ExternalURI, app.URLBase) {
app.err.Println(lm.NoURLSuffix)
}
if app.ExternalURI == "" {
app.err.Println(lm.NoExternalHost + lm.LoginWontSave)
}
u, err := url.Parse(app.ExternalURI)
if err == nil {
app.ExternalDomain = u.Hostname()
}
app.config.Section("email").Key("no_username").SetValue(strconv.FormatBool(app.config.Section("email").Key("no_username").MustBool(false)))

View File

@ -325,7 +325,7 @@ func (emailer *Emailer) confirmationValues(code, username, key string, app *appC
}
} else {
message := app.config.Section("messages").Key("message").String()
inviteLink := app.ExternalHost
inviteLink := app.ExternalURI
if code == "" { // Personal email change
inviteLink = fmt.Sprintf("%s/my/confirm/%s", inviteLink, url.PathEscape(key))
} else { // Invite email confirmation
@ -393,7 +393,7 @@ func (emailer *Emailer) inviteValues(code string, invite Invite, app *appContext
expiry := invite.ValidTill
d, t, expiresIn := emailer.formatExpiry(expiry, false, app.datePattern, app.timePattern)
message := app.config.Section("messages").Key("message").String()
inviteLink := fmt.Sprintf("%s/invite/%s", app.ExternalHost, code)
inviteLink := fmt.Sprintf("%s/invite/%s", app.ExternalURI, code)
template := map[string]interface{}{
"hello": emailer.lang.InviteEmail.get("hello"),
"youHaveBeenInvited": emailer.lang.InviteEmail.get("youHaveBeenInvited"),

View File

@ -1,3 +1,4 @@
<!DOCTYPE html>
<html lang="en" class="light">
<head>
<link rel="stylesheet" type="text/css" href="{{ .urlBase }}/css/{{ .cssVersion }}bundle.css">

View File

@ -210,6 +210,7 @@ const (
NoURLSuffix = `Warning: Given "jfa_url"/"External jfa-go URL" value does not include "url_base" value!`
BadURLBase = `Warning: Given URL Base "%s" may conflict with the applications subpaths.`
NoExternalHost = `No "External jfa-go URL" provided, set one in Settings > General.`
LoginWontSave = ` Your login won't save until you do.`
// discord.go
StartDaemon = "Started %s daemon"

60
main.go
View File

@ -101,36 +101,36 @@ type appContext struct {
adminUsers []User
invalidTokens []string
// Keeping jf name because I can't think of a better one
jf *mediabrowser.MediaBrowser
authJf *mediabrowser.MediaBrowser
ombi *OmbiWrapper
js *JellyseerrWrapper
thirdPartyServices []ThirdPartyService
datePattern string
timePattern string
storage Storage
validator Validator
email *Emailer
telegram *TelegramDaemon
discord *DiscordDaemon
matrix *MatrixDaemon
contactMethods []ContactMethodLinker
info, debug, err *logger.Logger
host string
port int
version string
URLBase, ExternalHost string
updater *Updater
newUpdate bool // Whether whatever's in update is new.
tag Tag
update Update
proxyEnabled bool
proxyTransport *http.Transport
proxyConfig easyproxy.ProxyConfig
internalPWRs map[string]InternalPWR
pwrCaptchas map[string]Captcha
ConfirmationKeys map[string]map[string]newUserDTO // Map of invite code to jwt to request
confirmationKeysLock sync.Mutex
jf *mediabrowser.MediaBrowser
authJf *mediabrowser.MediaBrowser
ombi *OmbiWrapper
js *JellyseerrWrapper
thirdPartyServices []ThirdPartyService
datePattern string
timePattern string
storage Storage
validator Validator
email *Emailer
telegram *TelegramDaemon
discord *DiscordDaemon
matrix *MatrixDaemon
contactMethods []ContactMethodLinker
info, debug, err *logger.Logger
host string
port int
version string
URLBase, ExternalURI, ExternalDomain string
updater *Updater
newUpdate bool // Whether whatever's in update is new.
tag Tag
update Update
proxyEnabled bool
proxyTransport *http.Transport
proxyConfig easyproxy.ProxyConfig
internalPWRs map[string]InternalPWR
pwrCaptchas map[string]Captcha
ConfirmationKeys map[string]map[string]newUserDTO // Map of invite code to jwt to request
confirmationKeysLock sync.Mutex
}
func generateSecret(length int) (string, error) {

1999
package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@ -27,7 +27,7 @@
"inline-source": "^8.0.2",
"jsdom": "^22.1.0",
"lodash": "^4.17.21",
"mjml": "^4.14.1",
"mjml": "^4.15.3",
"nightwind": "^1.1.13",
"perl-regex": "^1.0.4",
"postcss": "^8.4.24",

View File

@ -30,7 +30,7 @@ func (app *appContext) GenInternalReset(userID string) (InternalPWR, error) {
// GenResetLink generates and returns a password reset link.
func (app *appContext) GenResetLink(pin string) (string, error) {
url := app.ExternalHost
url := app.ExternalURI
var pinLink string
if url == "" {
return pinLink, errors.New(lm.NoExternalHost)

View File

@ -64,11 +64,13 @@ func (app *appContext) getUserTokenLogin(gc *gin.Context) {
return
}
// host := gc.Request.URL.Hostname()
host := app.ExternalDomain
uri := "/my"
if strings.HasPrefix(gc.Request.RequestURI, app.URLBase) {
uri = "/accounts/my"
}
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, uri, gc.Request.URL.Hostname(), true, true)
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, uri, host, true, true)
gc.JSON(200, getTokenDTO{token})
}
@ -101,6 +103,8 @@ func (app *appContext) getUserTokenRefresh(gc *gin.Context) {
return
}
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", gc.Request.URL.Hostname(), true, true)
// host := gc.Request.URL.Hostname()
host := app.ExternalDomain
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", host, true, true)
gc.JSON(200, getTokenDTO{jwt})
}

View File

@ -740,7 +740,7 @@ func (app *appContext) InviteProxy(gc *gin.Context) {
discord := discordEnabled && app.config.Section("discord").Key("show_on_reg").MustBool(true)
matrix := matrixEnabled && app.config.Section("matrix").Key("show_on_reg").MustBool(true)
userPageAddress := fmt.Sprintf("%s/my/account", app.ExternalHost)
userPageAddress := fmt.Sprintf("%s/my/account", app.ExternalURI)
fromUser := ""
if invite.ReferrerJellyfinID != "" {