mirror of
https://github.com/hrfee/jfa-go.git
synced 2024-11-09 20:00:12 +00:00
auth: source cookie hostname from jfa_url
instead of just applying the cookie to the hostname you accessed jfa-go on, it is applied to the one you set in jfa-go. The result is you'll have to login twice if you access on localhost:8056 instead of accounts.jellyf.in.
This commit is contained in:
parent
e71d492495
commit
b2771e6cc5
GPG Key ID:
BBC65952848FB1A2
7
auth.go
7
auth.go
@ -248,7 +248,9 @@ func (app *appContext) getTokenLogin(gc *gin.Context) {
|
|||||||
respond(500, "Couldn't generate token", gc)
|
respond(500, "Couldn't generate token", gc)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
host := gc.Request.URL.Hostname()
|
// host := gc.Request.URL.Hostname()
|
||||||
|
host := app.ExternalDomain
|
||||||
|
|
||||||
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
|
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
|
||||||
gc.JSON(200, getTokenDTO{token})
|
gc.JSON(200, getTokenDTO{token})
|
||||||
}
|
}
|
||||||
@ -307,7 +309,8 @@ func (app *appContext) getTokenRefresh(gc *gin.Context) {
|
|||||||
respond(500, "Couldn't generate token", gc)
|
respond(500, "Couldn't generate token", gc)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
host := gc.Request.URL.Hostname()
|
// host := gc.Request.URL.Hostname()
|
||||||
|
host := app.ExternalDomain
|
||||||
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
|
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
|
||||||
gc.JSON(200, getTokenDTO{jwt})
|
gc.JSON(200, getTokenDTO{jwt})
|
||||||
}
|
}
|
||||||
|
|||||||
12
config.go
12
config.go
@ -3,6 +3,7 @@ package main
|
|||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/fs"
|
"io/fs"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strconv"
|
"strconv"
|
||||||
@ -60,10 +61,17 @@ func (app *appContext) loadConfig() error {
|
|||||||
if app.URLBase == "/invite" || app.URLBase == "/accounts" || app.URLBase == "/settings" || app.URLBase == "/activity" {
|
if app.URLBase == "/invite" || app.URLBase == "/accounts" || app.URLBase == "/settings" || app.URLBase == "/activity" {
|
||||||
app.err.Printf(lm.BadURLBase, app.URLBase)
|
app.err.Printf(lm.BadURLBase, app.URLBase)
|
||||||
}
|
}
|
||||||
app.ExternalHost = strings.TrimSuffix(strings.TrimSuffix(app.config.Section("ui").Key("jfa_url").MustString(""), "/invite"), "/")
|
app.ExternalURI = strings.TrimSuffix(strings.TrimSuffix(app.config.Section("ui").Key("jfa_url").MustString(""), "/invite"), "/")
|
||||||
if !strings.HasSuffix(app.ExternalHost, app.URLBase) {
|
if !strings.HasSuffix(app.ExternalURI, app.URLBase) {
|
||||||
app.err.Println(lm.NoURLSuffix)
|
app.err.Println(lm.NoURLSuffix)
|
||||||
}
|
}
|
||||||
|
if app.ExternalURI == "" {
|
||||||
|
app.err.Println(lm.NoExternalHost + lm.LoginWontSave)
|
||||||
|
}
|
||||||
|
u, err := url.Parse(app.ExternalURI)
|
||||||
|
if err == nil {
|
||||||
|
app.ExternalDomain = u.Hostname()
|
||||||
|
}
|
||||||
|
|
||||||
app.config.Section("email").Key("no_username").SetValue(strconv.FormatBool(app.config.Section("email").Key("no_username").MustBool(false)))
|
app.config.Section("email").Key("no_username").SetValue(strconv.FormatBool(app.config.Section("email").Key("no_username").MustBool(false)))
|
||||||
|
|
||||||
|
|||||||
4
email.go
4
email.go
@ -325,7 +325,7 @@ func (emailer *Emailer) confirmationValues(code, username, key string, app *appC
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
message := app.config.Section("messages").Key("message").String()
|
message := app.config.Section("messages").Key("message").String()
|
||||||
inviteLink := app.ExternalHost
|
inviteLink := app.ExternalURI
|
||||||
if code == "" { // Personal email change
|
if code == "" { // Personal email change
|
||||||
inviteLink = fmt.Sprintf("%s/my/confirm/%s", inviteLink, url.PathEscape(key))
|
inviteLink = fmt.Sprintf("%s/my/confirm/%s", inviteLink, url.PathEscape(key))
|
||||||
} else { // Invite email confirmation
|
} else { // Invite email confirmation
|
||||||
@ -393,7 +393,7 @@ func (emailer *Emailer) inviteValues(code string, invite Invite, app *appContext
|
|||||||
expiry := invite.ValidTill
|
expiry := invite.ValidTill
|
||||||
d, t, expiresIn := emailer.formatExpiry(expiry, false, app.datePattern, app.timePattern)
|
d, t, expiresIn := emailer.formatExpiry(expiry, false, app.datePattern, app.timePattern)
|
||||||
message := app.config.Section("messages").Key("message").String()
|
message := app.config.Section("messages").Key("message").String()
|
||||||
inviteLink := fmt.Sprintf("%s/invite/%s", app.ExternalHost, code)
|
inviteLink := fmt.Sprintf("%s/invite/%s", app.ExternalURI, code)
|
||||||
template := map[string]interface{}{
|
template := map[string]interface{}{
|
||||||
"hello": emailer.lang.InviteEmail.get("hello"),
|
"hello": emailer.lang.InviteEmail.get("hello"),
|
||||||
"youHaveBeenInvited": emailer.lang.InviteEmail.get("youHaveBeenInvited"),
|
"youHaveBeenInvited": emailer.lang.InviteEmail.get("youHaveBeenInvited"),
|
||||||
|
|||||||
@ -1,3 +1,4 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
<html lang="en" class="light">
|
<html lang="en" class="light">
|
||||||
<head>
|
<head>
|
||||||
<link rel="stylesheet" type="text/css" href="{{ .urlBase }}/css/{{ .cssVersion }}bundle.css">
|
<link rel="stylesheet" type="text/css" href="{{ .urlBase }}/css/{{ .cssVersion }}bundle.css">
|
||||||
|
|||||||
@ -210,6 +210,7 @@ const (
|
|||||||
NoURLSuffix = `Warning: Given "jfa_url"/"External jfa-go URL" value does not include "url_base" value!`
|
NoURLSuffix = `Warning: Given "jfa_url"/"External jfa-go URL" value does not include "url_base" value!`
|
||||||
BadURLBase = `Warning: Given URL Base "%s" may conflict with the applications subpaths.`
|
BadURLBase = `Warning: Given URL Base "%s" may conflict with the applications subpaths.`
|
||||||
NoExternalHost = `No "External jfa-go URL" provided, set one in Settings > General.`
|
NoExternalHost = `No "External jfa-go URL" provided, set one in Settings > General.`
|
||||||
|
LoginWontSave = ` Your login won't save until you do.`
|
||||||
|
|
||||||
// discord.go
|
// discord.go
|
||||||
StartDaemon = "Started %s daemon"
|
StartDaemon = "Started %s daemon"
|
||||||
|
|||||||
60
main.go
60
main.go
@ -101,36 +101,36 @@ type appContext struct {
|
|||||||
adminUsers []User
|
adminUsers []User
|
||||||
invalidTokens []string
|
invalidTokens []string
|
||||||
// Keeping jf name because I can't think of a better one
|
// Keeping jf name because I can't think of a better one
|
||||||
jf *mediabrowser.MediaBrowser
|
jf *mediabrowser.MediaBrowser
|
||||||
authJf *mediabrowser.MediaBrowser
|
authJf *mediabrowser.MediaBrowser
|
||||||
ombi *OmbiWrapper
|
ombi *OmbiWrapper
|
||||||
js *JellyseerrWrapper
|
js *JellyseerrWrapper
|
||||||
thirdPartyServices []ThirdPartyService
|
thirdPartyServices []ThirdPartyService
|
||||||
datePattern string
|
datePattern string
|
||||||
timePattern string
|
timePattern string
|
||||||
storage Storage
|
storage Storage
|
||||||
validator Validator
|
validator Validator
|
||||||
email *Emailer
|
email *Emailer
|
||||||
telegram *TelegramDaemon
|
telegram *TelegramDaemon
|
||||||
discord *DiscordDaemon
|
discord *DiscordDaemon
|
||||||
matrix *MatrixDaemon
|
matrix *MatrixDaemon
|
||||||
contactMethods []ContactMethodLinker
|
contactMethods []ContactMethodLinker
|
||||||
info, debug, err *logger.Logger
|
info, debug, err *logger.Logger
|
||||||
host string
|
host string
|
||||||
port int
|
port int
|
||||||
version string
|
version string
|
||||||
URLBase, ExternalHost string
|
URLBase, ExternalURI, ExternalDomain string
|
||||||
updater *Updater
|
updater *Updater
|
||||||
newUpdate bool // Whether whatever's in update is new.
|
newUpdate bool // Whether whatever's in update is new.
|
||||||
tag Tag
|
tag Tag
|
||||||
update Update
|
update Update
|
||||||
proxyEnabled bool
|
proxyEnabled bool
|
||||||
proxyTransport *http.Transport
|
proxyTransport *http.Transport
|
||||||
proxyConfig easyproxy.ProxyConfig
|
proxyConfig easyproxy.ProxyConfig
|
||||||
internalPWRs map[string]InternalPWR
|
internalPWRs map[string]InternalPWR
|
||||||
pwrCaptchas map[string]Captcha
|
pwrCaptchas map[string]Captcha
|
||||||
ConfirmationKeys map[string]map[string]newUserDTO // Map of invite code to jwt to request
|
ConfirmationKeys map[string]map[string]newUserDTO // Map of invite code to jwt to request
|
||||||
confirmationKeysLock sync.Mutex
|
confirmationKeysLock sync.Mutex
|
||||||
}
|
}
|
||||||
|
|
||||||
func generateSecret(length int) (string, error) {
|
func generateSecret(length int) (string, error) {
|
||||||
|
|||||||
1999
package-lock.json
generated
1999
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@ -27,7 +27,7 @@
|
|||||||
"inline-source": "^8.0.2",
|
"inline-source": "^8.0.2",
|
||||||
"jsdom": "^22.1.0",
|
"jsdom": "^22.1.0",
|
||||||
"lodash": "^4.17.21",
|
"lodash": "^4.17.21",
|
||||||
"mjml": "^4.14.1",
|
"mjml": "^4.15.3",
|
||||||
"nightwind": "^1.1.13",
|
"nightwind": "^1.1.13",
|
||||||
"perl-regex": "^1.0.4",
|
"perl-regex": "^1.0.4",
|
||||||
"postcss": "^8.4.24",
|
"postcss": "^8.4.24",
|
||||||
|
|||||||
@ -30,7 +30,7 @@ func (app *appContext) GenInternalReset(userID string) (InternalPWR, error) {
|
|||||||
|
|
||||||
// GenResetLink generates and returns a password reset link.
|
// GenResetLink generates and returns a password reset link.
|
||||||
func (app *appContext) GenResetLink(pin string) (string, error) {
|
func (app *appContext) GenResetLink(pin string) (string, error) {
|
||||||
url := app.ExternalHost
|
url := app.ExternalURI
|
||||||
var pinLink string
|
var pinLink string
|
||||||
if url == "" {
|
if url == "" {
|
||||||
return pinLink, errors.New(lm.NoExternalHost)
|
return pinLink, errors.New(lm.NoExternalHost)
|
||||||
|
|||||||
@ -64,11 +64,13 @@ func (app *appContext) getUserTokenLogin(gc *gin.Context) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// host := gc.Request.URL.Hostname()
|
||||||
|
host := app.ExternalDomain
|
||||||
uri := "/my"
|
uri := "/my"
|
||||||
if strings.HasPrefix(gc.Request.RequestURI, app.URLBase) {
|
if strings.HasPrefix(gc.Request.RequestURI, app.URLBase) {
|
||||||
uri = "/accounts/my"
|
uri = "/accounts/my"
|
||||||
}
|
}
|
||||||
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, uri, gc.Request.URL.Hostname(), true, true)
|
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, uri, host, true, true)
|
||||||
gc.JSON(200, getTokenDTO{token})
|
gc.JSON(200, getTokenDTO{token})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -101,6 +103,8 @@ func (app *appContext) getUserTokenRefresh(gc *gin.Context) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", gc.Request.URL.Hostname(), true, true)
|
// host := gc.Request.URL.Hostname()
|
||||||
|
host := app.ExternalDomain
|
||||||
|
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", host, true, true)
|
||||||
gc.JSON(200, getTokenDTO{jwt})
|
gc.JSON(200, getTokenDTO{jwt})
|
||||||
}
|
}
|
||||||
|
|||||||
2
views.go
2
views.go
@ -740,7 +740,7 @@ func (app *appContext) InviteProxy(gc *gin.Context) {
|
|||||||
discord := discordEnabled && app.config.Section("discord").Key("show_on_reg").MustBool(true)
|
discord := discordEnabled && app.config.Section("discord").Key("show_on_reg").MustBool(true)
|
||||||
matrix := matrixEnabled && app.config.Section("matrix").Key("show_on_reg").MustBool(true)
|
matrix := matrixEnabled && app.config.Section("matrix").Key("show_on_reg").MustBool(true)
|
||||||
|
|
||||||
userPageAddress := fmt.Sprintf("%s/my/account", app.ExternalHost)
|
userPageAddress := fmt.Sprintf("%s/my/account", app.ExternalURI)
|
||||||
|
|
||||||
fromUser := ""
|
fromUser := ""
|
||||||
if invite.ReferrerJellyfinID != "" {
|
if invite.ReferrerJellyfinID != "" {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user