Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-01-25 07:58:49 -05:00
Code Issues Activity

🎉 Set a domain cookie to check for logged from landing page

Browse source
This commit is contained in:
Andrés Moya 2022-01-25 16:11:53 +01:00
parent 0d48c758df
commit 62a67bdb94
2 changed files with 32 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
backend/src/app/config.clj
View file

@ -109,6 +109,7 @@
(s/def ::secret-key ::us/string) (s/def ::secret-key ::us/string)
(s/def ::allow-demo-users ::us/boolean) (s/def ::allow-demo-users ::us/boolean)
(s/def ::assets-path ::us/string) (s/def ::assets-path ::us/string)
(s/def ::authenticated-cookie-domain ::us/string)
(s/def ::database-password (s/nilable ::us/string)) (s/def ::database-password (s/nilable ::us/string))
(s/def ::database-uri ::us/string) (s/def ::database-uri ::us/string)
(s/def ::database-username (s/nilable ::us/string)) (s/def ::database-username (s/nilable ::us/string))
@ -199,6 +200,7 @@
::allow-demo-users ::allow-demo-users
::audit-log-archive-uri ::audit-log-archive-uri
::audit-log-gc-max-age ::audit-log-gc-max-age
::authenticated-cookie-domain
::database-password ::database-password
::database-uri ::database-uri
::database-username ::database-username

42
backend/src/app/http/session.clj
View file

@ -21,9 +21,13 @@
[integrant.core :as ig] [integrant.core :as ig]
[ring.middleware.session.store :as rss])) [ring.middleware.session.store :as rss]))
;; A default cookie name for storing the session. We don't allow ;; A default cookie name for storing the session. We don't allow to configure it.
;; configure it. (def token-cookie-name "auth-token")
(def cookie-name "auth-token")
;; A cookie that we can use to check from other sites of the same domain if a user
;; is registered. Is not intended for on premise installations, although nothing
;; prevents using it if some one wants to.
(def authenticated-cookie-name "authenticated")
(deftype DatabaseStore [pool tokens] (deftype DatabaseStore [pool tokens]
rss/SessionStore rss/SessionStore
@ -78,7 +82,7 @@
(defn- delete-session (defn- delete-session
[store {:keys [cookies] :as request}] [store {:keys [cookies] :as request}]
(when-let [token (get-in cookies [cookie-name :value])] (when-let [token (get-in cookies [token-cookie-name :value])]
(rss/delete-session store token))) (rss/delete-session store token)))
(defn- retrieve-session (defn- retrieve-session
@ -88,21 +92,35 @@
(defn- retrieve-from-request (defn- retrieve-from-request
[store {:keys [cookies] :as request}] [store {:keys [cookies] :as request}]
(->> (get-in cookies [cookie-name :value]) (->> (get-in cookies [token-cookie-name :value])
(retrieve-session store))) (retrieve-session store)))
(defn- add-cookies (defn- add-cookies
[response token] [response token]
(let [cors? (contains? cfg/flags :cors) (let [cors? (contains? cfg/flags :cors)
secure? (contains? cfg/flags :secure-session-cookies)] secure? (contains? cfg/flags :secure-session-cookies)
(assoc response :cookies {cookie-name {:path "/" authenticated-cookie-domain (cfg/get :authenticated-cookie-domain)]
:http-only true (update response :cookies
:value token (fn [cookies]
:same-site (if cors? :none :lax) (cond-> cookies
:secure secure?}}))) :always
(assoc token-cookie-name {:path "/"
:http-only true
:value token
:same-site (if cors? :none :lax)
:secure secure?})
(some? authenticated-cookie-domain)
(assoc authenticated-cookie-name {:domain authenticated-cookie-domain
:path "/"
:value true
:same-site :strict
:secure secure?}))))))
(defn- clear-cookies (defn- clear-cookies
[response] [response]
(assoc response :cookies {cookie-name {:value "" :max-age -1}})) (assoc response :cookies {token-cookie-name {:value "" :max-age -1}
authenticated-cookie-name {:value "" :max-age -1}}))
(defn- middleware (defn- middleware
[events-ch store handler] [events-ch store handler]