auth: source cookie hostname from jfa_url

instead of just applying the cookie to the hostname you accessed jfa-go on, it is applied to the one you set in jfa-go. The result is you'll have to login twice if you access on localhost:8056 instead of accounts.jellyf.in.
2024-09-19 19:00:11 +00:00 · 2024-08-13 20:39:06 +01:00 · 2024-08-13 20:39:06 +01:00 · b2771e6cc5
commit b2771e6cc5
parent e71d492495
11 changed files with 1426 additions and 672 deletions
--- a/auth.go
+++ b/auth.go
@ -248,7 +248,9 @@ func (app *appContext) getTokenLogin(gc *gin.Context) {
 		respond(500, "Couldn't generate token", gc)
 		return
 	}
-	host := gc.Request.URL.Hostname()
+	// host := gc.Request.URL.Hostname()
+	host := app.ExternalDomain
+
 	gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
 	gc.JSON(200, getTokenDTO{token})
 }
@ -307,7 +309,8 @@ func (app *appContext) getTokenRefresh(gc *gin.Context) {
 		respond(500, "Couldn't generate token", gc)
 		return
 	}
-	host := gc.Request.URL.Hostname()
+	// host := gc.Request.URL.Hostname()
+	host := app.ExternalDomain
 	gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
 	gc.JSON(200, getTokenDTO{jwt})
 }
--- a/config.go
+++ b/config.go
@ -3,6 +3,7 @@ package main
 import (
 	"fmt"
 	"io/fs"
+	"net/url"
 	"os"
 	"path/filepath"
 	"strconv"
@ -60,10 +61,17 @@ func (app *appContext) loadConfig() error {
 	if app.URLBase == "/invite" || app.URLBase == "/accounts" || app.URLBase == "/settings" || app.URLBase == "/activity" {
 		app.err.Printf(lm.BadURLBase, app.URLBase)
 	}
-	app.ExternalHost = strings.TrimSuffix(strings.TrimSuffix(app.config.Section("ui").Key("jfa_url").MustString(""), "/invite"), "/")
-	if !strings.HasSuffix(app.ExternalHost, app.URLBase) {
+	app.ExternalURI = strings.TrimSuffix(strings.TrimSuffix(app.config.Section("ui").Key("jfa_url").MustString(""), "/invite"), "/")
+	if !strings.HasSuffix(app.ExternalURI, app.URLBase) {
 		app.err.Println(lm.NoURLSuffix)
 	}
+	if app.ExternalURI == "" {
+		app.err.Println(lm.NoExternalHost + lm.LoginWontSave)
+	}
+	u, err := url.Parse(app.ExternalURI)
+	if err == nil {
+		app.ExternalDomain = u.Hostname()
+	}

 	app.config.Section("email").Key("no_username").SetValue(strconv.FormatBool(app.config.Section("email").Key("no_username").MustBool(false)))

--- a/email.go
+++ b/email.go
@ -325,7 +325,7 @@ func (emailer *Emailer) confirmationValues(code, username, key string, app *appC
 		}
 	} else {
 		message := app.config.Section("messages").Key("message").String()
-		inviteLink := app.ExternalHost
+		inviteLink := app.ExternalURI
 		if code == "" { // Personal email change
 			inviteLink = fmt.Sprintf("%s/my/confirm/%s", inviteLink, url.PathEscape(key))
 		} else { // Invite email confirmation
@ -393,7 +393,7 @@ func (emailer *Emailer) inviteValues(code string, invite Invite, app *appContext
 	expiry := invite.ValidTill
 	d, t, expiresIn := emailer.formatExpiry(expiry, false, app.datePattern, app.timePattern)
 	message := app.config.Section("messages").Key("message").String()
-	inviteLink := fmt.Sprintf("%s/invite/%s", app.ExternalHost, code)
+	inviteLink := fmt.Sprintf("%s/invite/%s", app.ExternalURI, code)
 	template := map[string]interface{}{
 		"hello":              emailer.lang.InviteEmail.get("hello"),
 		"youHaveBeenInvited": emailer.lang.InviteEmail.get("youHaveBeenInvited"),
--- a/html/user.html
+++ b/html/user.html
@ -1,3 +1,4 @@
+<!DOCTYPE html>
 <html lang="en" class="light">
    <head>
        <link rel="stylesheet" type="text/css" href="{{ .urlBase }}/css/{{ .cssVersion }}bundle.css">
--- a/logmessages/logmessages.go
+++ b/logmessages/logmessages.go
@ -210,6 +210,7 @@ const (
 	NoURLSuffix         = `Warning: Given "jfa_url"/"External jfa-go URL" value does not include "url_base" value!`
 	BadURLBase          = `Warning: Given URL Base "%s" may conflict with the applications subpaths.`
 	NoExternalHost      = `No "External jfa-go URL" provided, set one in Settings > General.`
+	LoginWontSave       = ` Your login won't save until you do.`

 	// discord.go
 	StartDaemon                      = "Started %s daemon"
--- a/main.go
+++ b/main.go
@ -119,7 +119,7 @@ type appContext struct {
 	host                                 string
 	port                                 int
 	version                              string
-	URLBase, ExternalHost string
+	URLBase, ExternalURI, ExternalDomain string
 	updater                              *Updater
 	newUpdate                            bool // Whether whatever's in update is new.
 	tag                                  Tag
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -27,7 +27,7 @@
    "inline-source": "^8.0.2",
    "jsdom": "^22.1.0",
    "lodash": "^4.17.21",
-    "mjml": "^4.14.1",
+    "mjml": "^4.15.3",
    "nightwind": "^1.1.13",
    "perl-regex": "^1.0.4",
    "postcss": "^8.4.24",
--- a/pwreset.go
+++ b/pwreset.go
@ -30,7 +30,7 @@ func (app *appContext) GenInternalReset(userID string) (InternalPWR, error) {

 // GenResetLink generates and returns a password reset link.
 func (app *appContext) GenResetLink(pin string) (string, error) {
-	url := app.ExternalHost
+	url := app.ExternalURI
 	var pinLink string
 	if url == "" {
 		return pinLink, errors.New(lm.NoExternalHost)
--- a/user-auth.go
+++ b/user-auth.go
@ -64,11 +64,13 @@ func (app *appContext) getUserTokenLogin(gc *gin.Context) {
 		return
 	}

+	// host := gc.Request.URL.Hostname()
+	host := app.ExternalDomain
 	uri := "/my"
 	if strings.HasPrefix(gc.Request.RequestURI, app.URLBase) {
 		uri = "/accounts/my"
 	}
-	gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, uri, gc.Request.URL.Hostname(), true, true)
+	gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, uri, host, true, true)
 	gc.JSON(200, getTokenDTO{token})
 }

@ -101,6 +103,8 @@ func (app *appContext) getUserTokenRefresh(gc *gin.Context) {
 		return
 	}

-	gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", gc.Request.URL.Hostname(), true, true)
+	// host := gc.Request.URL.Hostname()
+	host := app.ExternalDomain
+	gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", host, true, true)
 	gc.JSON(200, getTokenDTO{jwt})
 }
--- a/views.go
+++ b/views.go
@ -740,7 +740,7 @@ func (app *appContext) InviteProxy(gc *gin.Context) {
 	discord := discordEnabled && app.config.Section("discord").Key("show_on_reg").MustBool(true)
 	matrix := matrixEnabled && app.config.Section("matrix").Key("show_on_reg").MustBool(true)

-	userPageAddress := fmt.Sprintf("%s/my/account", app.ExternalHost)
+	userPageAddress := fmt.Sprintf("%s/my/account", app.ExternalURI)

 	fromUser := ""
 	if invite.ReferrerJellyfinID != "" {