Fix/cookie host (#76)

* fix: cookie host * feat: add test for url utils * fix: url test * fix: multi domain cookie if allowed
2021-12-11 06:41:35 +05:30 · 2021-12-11 06:41:35 +05:30 · 00565c8717
commit 00565c8717
parent 74a551ae09
5 changed files with 41 additions and 4 deletions
--- a/2
+++ b/2
@ -5,3 +5,5 @@ cmd:
 	cd server && go build -ldflags "-w -X main.Version=$(VERSION)" -o '../build/server'
 clean:
 	rm -rf build
+test:
+	cd server && go test ./...
--- a/server/handlers/oauthCallback.go
+++ b/server/handlers/oauthCallback.go
@ -40,7 +40,7 @@ func processGoogleUserInfo(code string) (db.User, error) {
 	// Parse and verify ID Token payload.
 	idToken, err := verifier.Verify(ctx, rawIDToken)
 	if err != nil {
-		return user, fmt.Errorf("unable to verify id_token:", err.Error())
+		return user, fmt.Errorf("unable to verify id_token: %s", err.Error())
 	}

 	// Extract custom claims
--- a/server/utils/cookie.go
+++ b/server/utils/cookie.go
@ -11,9 +11,14 @@ func SetCookie(gc *gin.Context, token string) {
 	secure := true
 	httpOnly := true
 	host := GetHostName(constants.AUTHORIZER_URL)
+	domain := GetDomainName(constants.AUTHORIZER_URL)
+	if domain != "localhost" {
+		domain = "." + domain
+	}

 	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.COOKIE_NAME, token, 3600, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.COOKIE_NAME+"-client", token, 3600, "/", domain, secure, httpOnly)
 }

 func GetCookie(gc *gin.Context) (string, error) {
@ -29,8 +34,13 @@ func DeleteCookie(gc *gin.Context) {
 	secure := true
 	httpOnly := true

-	host := GetHostName(constants.AUTHORIZER_URL)
+	host := GetDomainName(constants.AUTHORIZER_URL)
+	domain := GetDomainName(constants.AUTHORIZER_URL)
+	if domain != "localhost" {
+		domain = "." + domain
+	}

 	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.COOKIE_NAME, "", -1, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.COOKIE_NAME+"-client", "", -1, "/", domain, secure, httpOnly)
 }
--- a/server/utils/urls.go
+++ b/server/utils/urls.go
@ -17,7 +17,7 @@ func GetHostName(auth_url string) string {
 	return host
 }

-// function to get domain name
+// GetDomainName function to get domain name
 func GetDomainName(auth_url string) string {
 	u, err := url.Parse(auth_url)
 	if err != nil {
--- a/server/utils/urls_test.go
+++ b/server/utils/urls_test.go
@ -0,0 +1,25 @@
+package utils
+
+import "testing"
+
+func TestGetHostName(t *testing.T) {
+	authorizer_url := "http://test.herokuapp.com"
+
+	got := GetHostName(authorizer_url)
+	want := "test.herokuapp.com"
+
+	if got != want {
+		t.Errorf("GetHostName Test failed got %s, wanted %s", got, want)
+	}
+}
+
+func TestGetDomainName(t *testing.T) {
+	authorizer_url := "http://test.herokuapp.com"
+
+	got := GetDomainName(authorizer_url)
+	want := "herokuapp.com"
+
+	if got != want {
+		t.Errorf("GetHostName Test failed got %q, wanted %q", got, want)
+	}
+}