1
0
mirror of https://github.com/hrfee/jfa-go.git synced 2024-12-22 09:00:10 +00:00

auth: source cookie hostname from jfa_url

instead of just applying the cookie to the hostname you accessed jfa-go
on, it is applied to the one you set in jfa-go. The result is you'll
have to login twice if you access on localhost:8056 instead
of accounts.jellyf.in.
This commit is contained in:
Harvey Tindall 2024-08-13 20:39:06 +01:00
parent e71d492495
commit b2771e6cc5
Signed by: hrfee
GPG Key ID: BBC65952848FB1A2
11 changed files with 1426 additions and 672 deletions

View File

@ -248,7 +248,9 @@ func (app *appContext) getTokenLogin(gc *gin.Context) {
respond(500, "Couldn't generate token", gc) respond(500, "Couldn't generate token", gc)
return return
} }
host := gc.Request.URL.Hostname() // host := gc.Request.URL.Hostname()
host := app.ExternalDomain
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true) gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
gc.JSON(200, getTokenDTO{token}) gc.JSON(200, getTokenDTO{token})
} }
@ -307,7 +309,8 @@ func (app *appContext) getTokenRefresh(gc *gin.Context) {
respond(500, "Couldn't generate token", gc) respond(500, "Couldn't generate token", gc)
return return
} }
host := gc.Request.URL.Hostname() // host := gc.Request.URL.Hostname()
host := app.ExternalDomain
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true) gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
gc.JSON(200, getTokenDTO{jwt}) gc.JSON(200, getTokenDTO{jwt})
} }

View File

@ -3,6 +3,7 @@ package main
import ( import (
"fmt" "fmt"
"io/fs" "io/fs"
"net/url"
"os" "os"
"path/filepath" "path/filepath"
"strconv" "strconv"
@ -60,10 +61,17 @@ func (app *appContext) loadConfig() error {
if app.URLBase == "/invite" || app.URLBase == "/accounts" || app.URLBase == "/settings" || app.URLBase == "/activity" { if app.URLBase == "/invite" || app.URLBase == "/accounts" || app.URLBase == "/settings" || app.URLBase == "/activity" {
app.err.Printf(lm.BadURLBase, app.URLBase) app.err.Printf(lm.BadURLBase, app.URLBase)
} }
app.ExternalHost = strings.TrimSuffix(strings.TrimSuffix(app.config.Section("ui").Key("jfa_url").MustString(""), "/invite"), "/") app.ExternalURI = strings.TrimSuffix(strings.TrimSuffix(app.config.Section("ui").Key("jfa_url").MustString(""), "/invite"), "/")
if !strings.HasSuffix(app.ExternalHost, app.URLBase) { if !strings.HasSuffix(app.ExternalURI, app.URLBase) {
app.err.Println(lm.NoURLSuffix) app.err.Println(lm.NoURLSuffix)
} }
if app.ExternalURI == "" {
app.err.Println(lm.NoExternalHost + lm.LoginWontSave)
}
u, err := url.Parse(app.ExternalURI)
if err == nil {
app.ExternalDomain = u.Hostname()
}
app.config.Section("email").Key("no_username").SetValue(strconv.FormatBool(app.config.Section("email").Key("no_username").MustBool(false))) app.config.Section("email").Key("no_username").SetValue(strconv.FormatBool(app.config.Section("email").Key("no_username").MustBool(false)))

View File

@ -325,7 +325,7 @@ func (emailer *Emailer) confirmationValues(code, username, key string, app *appC
} }
} else { } else {
message := app.config.Section("messages").Key("message").String() message := app.config.Section("messages").Key("message").String()
inviteLink := app.ExternalHost inviteLink := app.ExternalURI
if code == "" { // Personal email change if code == "" { // Personal email change
inviteLink = fmt.Sprintf("%s/my/confirm/%s", inviteLink, url.PathEscape(key)) inviteLink = fmt.Sprintf("%s/my/confirm/%s", inviteLink, url.PathEscape(key))
} else { // Invite email confirmation } else { // Invite email confirmation
@ -393,7 +393,7 @@ func (emailer *Emailer) inviteValues(code string, invite Invite, app *appContext
expiry := invite.ValidTill expiry := invite.ValidTill
d, t, expiresIn := emailer.formatExpiry(expiry, false, app.datePattern, app.timePattern) d, t, expiresIn := emailer.formatExpiry(expiry, false, app.datePattern, app.timePattern)
message := app.config.Section("messages").Key("message").String() message := app.config.Section("messages").Key("message").String()
inviteLink := fmt.Sprintf("%s/invite/%s", app.ExternalHost, code) inviteLink := fmt.Sprintf("%s/invite/%s", app.ExternalURI, code)
template := map[string]interface{}{ template := map[string]interface{}{
"hello": emailer.lang.InviteEmail.get("hello"), "hello": emailer.lang.InviteEmail.get("hello"),
"youHaveBeenInvited": emailer.lang.InviteEmail.get("youHaveBeenInvited"), "youHaveBeenInvited": emailer.lang.InviteEmail.get("youHaveBeenInvited"),

View File

@ -1,3 +1,4 @@
<!DOCTYPE html>
<html lang="en" class="light"> <html lang="en" class="light">
<head> <head>
<link rel="stylesheet" type="text/css" href="{{ .urlBase }}/css/{{ .cssVersion }}bundle.css"> <link rel="stylesheet" type="text/css" href="{{ .urlBase }}/css/{{ .cssVersion }}bundle.css">

View File

@ -210,6 +210,7 @@ const (
NoURLSuffix = `Warning: Given "jfa_url"/"External jfa-go URL" value does not include "url_base" value!` NoURLSuffix = `Warning: Given "jfa_url"/"External jfa-go URL" value does not include "url_base" value!`
BadURLBase = `Warning: Given URL Base "%s" may conflict with the applications subpaths.` BadURLBase = `Warning: Given URL Base "%s" may conflict with the applications subpaths.`
NoExternalHost = `No "External jfa-go URL" provided, set one in Settings > General.` NoExternalHost = `No "External jfa-go URL" provided, set one in Settings > General.`
LoginWontSave = ` Your login won't save until you do.`
// discord.go // discord.go
StartDaemon = "Started %s daemon" StartDaemon = "Started %s daemon"

View File

@ -119,7 +119,7 @@ type appContext struct {
host string host string
port int port int
version string version string
URLBase, ExternalHost string URLBase, ExternalURI, ExternalDomain string
updater *Updater updater *Updater
newUpdate bool // Whether whatever's in update is new. newUpdate bool // Whether whatever's in update is new.
tag Tag tag Tag

1999
package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@ -27,7 +27,7 @@
"inline-source": "^8.0.2", "inline-source": "^8.0.2",
"jsdom": "^22.1.0", "jsdom": "^22.1.0",
"lodash": "^4.17.21", "lodash": "^4.17.21",
"mjml": "^4.14.1", "mjml": "^4.15.3",
"nightwind": "^1.1.13", "nightwind": "^1.1.13",
"perl-regex": "^1.0.4", "perl-regex": "^1.0.4",
"postcss": "^8.4.24", "postcss": "^8.4.24",

View File

@ -30,7 +30,7 @@ func (app *appContext) GenInternalReset(userID string) (InternalPWR, error) {
// GenResetLink generates and returns a password reset link. // GenResetLink generates and returns a password reset link.
func (app *appContext) GenResetLink(pin string) (string, error) { func (app *appContext) GenResetLink(pin string) (string, error) {
url := app.ExternalHost url := app.ExternalURI
var pinLink string var pinLink string
if url == "" { if url == "" {
return pinLink, errors.New(lm.NoExternalHost) return pinLink, errors.New(lm.NoExternalHost)

View File

@ -64,11 +64,13 @@ func (app *appContext) getUserTokenLogin(gc *gin.Context) {
return return
} }
// host := gc.Request.URL.Hostname()
host := app.ExternalDomain
uri := "/my" uri := "/my"
if strings.HasPrefix(gc.Request.RequestURI, app.URLBase) { if strings.HasPrefix(gc.Request.RequestURI, app.URLBase) {
uri = "/accounts/my" uri = "/accounts/my"
} }
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, uri, gc.Request.URL.Hostname(), true, true) gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, uri, host, true, true)
gc.JSON(200, getTokenDTO{token}) gc.JSON(200, getTokenDTO{token})
} }
@ -101,6 +103,8 @@ func (app *appContext) getUserTokenRefresh(gc *gin.Context) {
return return
} }
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", gc.Request.URL.Hostname(), true, true) // host := gc.Request.URL.Hostname()
host := app.ExternalDomain
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", host, true, true)
gc.JSON(200, getTokenDTO{jwt}) gc.JSON(200, getTokenDTO{jwt})
} }

View File

@ -740,7 +740,7 @@ func (app *appContext) InviteProxy(gc *gin.Context) {
discord := discordEnabled && app.config.Section("discord").Key("show_on_reg").MustBool(true) discord := discordEnabled && app.config.Section("discord").Key("show_on_reg").MustBool(true)
matrix := matrixEnabled && app.config.Section("matrix").Key("show_on_reg").MustBool(true) matrix := matrixEnabled && app.config.Section("matrix").Key("show_on_reg").MustBool(true)
userPageAddress := fmt.Sprintf("%s/my/account", app.ExternalHost) userPageAddress := fmt.Sprintf("%s/my/account", app.ExternalURI)
fromUser := "" fromUser := ""
if invite.ReferrerJellyfinID != "" { if invite.ReferrerJellyfinID != "" {