authorizer/server/cookie/cookie.go

package cookie

import (
	"net/http"
	"net/url"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/envstore"
	"github.com/authorizerdev/authorizer/server/utils"
	"github.com/gin-gonic/gin"
)

// SetSession sets the session cookie in the response
func SetSession(gc *gin.Context, sessionID string) {
	secure := true
	httpOnly := true
	hostname := utils.GetHost(gc)
	host, _ := utils.GetHostParts(hostname)
	domain := utils.GetDomainName(hostname)
	if domain != "localhost" {
		domain = "." + domain
	}

	// TODO allow configuring from dashboard
	year := 60 * 60 * 24 * 365

	gc.SetSameSite(http.SameSiteNoneMode)
	gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session", sessionID, year, "/", host, secure, httpOnly)
	gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session_domain", sessionID, year, "/", domain, secure, httpOnly)
}

// DeleteSession sets session cookies to expire
func DeleteSession(gc *gin.Context) {
	secure := true
	httpOnly := true
	hostname := utils.GetHost(gc)
	host, _ := utils.GetHostParts(hostname)
	domain := utils.GetDomainName(hostname)
	if domain != "localhost" {
		domain = "." + domain
	}

	gc.SetSameSite(http.SameSiteNoneMode)
	gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session", "", -1, "/", host, secure, httpOnly)
	gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session_domain", "", -1, "/", domain, secure, httpOnly)
}

// GetSession gets the session cookie from context
func GetSession(gc *gin.Context) (string, error) {
	var cookie *http.Cookie
	var err error
	cookie, err = gc.Request.Cookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName) + "_session")
	if err != nil {
		cookie, err = gc.Request.Cookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName) + "_session_domain")
		if err != nil {
			return "", err
		}
	}

	decodedValue, err := url.PathUnescape(cookie.Value)
	if err != nil {
		return "", err
	}
	return decodedValue, nil
}
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`package cookie`

			`import (`
			`"net/http"`
feat: add token endpoint 2022-03-04 07:26:11 +00:00			`"net/url"`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00
			`"github.com/authorizerdev/authorizer/server/constants"`
			`"github.com/authorizerdev/authorizer/server/envstore"`
			`"github.com/authorizerdev/authorizer/server/utils"`
			`"github.com/gin-gonic/gin"`
			`)`

fix: auth flow 2022-03-02 12:12:31 +00:00			`// SetSession sets the session cookie in the response`
			`func SetSession(gc *gin.Context, sessionID string) {`
feat: add session token 2022-02-28 15:56:49 +00:00			`secure := true`
			`httpOnly := true`
			`hostname := utils.GetHost(gc)`
			`host, _ := utils.GetHostParts(hostname)`
			`domain := utils.GetDomainName(hostname)`
			`if domain != "localhost" {`
			`domain = "." + domain`
			`}`

			`// TODO allow configuring from dashboard`
			`year := 60 * 60 * 24 * 365`

			`gc.SetSameSite(http.SameSiteNoneMode)`
			`gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session", sessionID, year, "/", host, secure, httpOnly)`
fix: auth flow 2022-03-02 12:12:31 +00:00			`gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session_domain", sessionID, year, "/", domain, secure, httpOnly)`
feat: add session token 2022-02-28 15:56:49 +00:00			`}`

fix: auth flow 2022-03-02 12:12:31 +00:00			`// DeleteSession sets session cookies to expire`
			`func DeleteSession(gc *gin.Context) {`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`secure := true`
			`httpOnly := true`
fix: bug with authorizer url 2022-01-31 06:05:24 +00:00			`hostname := utils.GetHost(gc)`
			`host, _ := utils.GetHostParts(hostname)`
			`domain := utils.GetDomainName(hostname)`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`if domain != "localhost" {`
			`domain = "." + domain`
			`}`

			`gc.SetSameSite(http.SameSiteNoneMode)`
fix: auth flow 2022-03-02 12:12:31 +00:00			`gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session", "", -1, "/", host, secure, httpOnly)`
			`gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session_domain", "", -1, "/", domain, secure, httpOnly)`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`}`

fix: auth flow 2022-03-02 12:12:31 +00:00			`// GetSession gets the session cookie from context`
			`func GetSession(gc *gin.Context) (string, error) {`
			`var cookie *http.Cookie`
			`var err error`
			`cookie, err = gc.Request.Cookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName) + "_session")`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`if err != nil {`
fix: auth flow 2022-03-02 12:12:31 +00:00			`cookie, err = gc.Request.Cookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName) + "_session_domain")`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`if err != nil {`
fix: remove compat cookie 2022-03-03 03:51:48 +00:00			`return "", err`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`}`
			`}`

feat: add token endpoint 2022-03-04 07:26:11 +00:00			`decodedValue, err := url.PathUnescape(cookie.Value)`
			`if err != nil {`
			`return "", err`
			`}`
			`return decodedValue, nil`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`}`