diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index e34f347..9693cb7 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -10,7 +10,7 @@ We're so excited you're interested in helping with Authorizer! We are happy to h ## Where to ask questions? 1. Check our [Github Issues](https://github.com/authorizerdev/authorizer/issues) to see if someone has already answered your question. -2. Join our community on [Discord](https://discord.gg/WDvCxwkX) and feel free to ask us your questions +2. Join our community on [Discord](https://discord.gg/Zv2D5h6kkK) and feel free to ask us your questions As you gain experience with Authorizer, please help answer other people's questions! :pray: @@ -19,7 +19,7 @@ As you gain experience with Authorizer, please help answer other people's questi You can get started by taking a look at our [Github issues](https://github.com/authorizerdev/authorizer/issues) If you find one that looks interesting and no one else is already working on it, comment on that issue and start contributing 🙂. -Please ask as many questions as you need, either directly in the issue or on [Discord](https://discord.gg/WDvCxwkX). We're happy to help!:raised_hands: +Please ask as many questions as you need, either directly in the issue or on [Discord](https://discord.gg/Zv2D5h6kkK). We're happy to help!:raised_hands: ### Contributions that are ALWAYS welcome diff --git a/README.md b/README.md index 9d9c394..ec3c18e 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ - [Getting Started](#getting-started) - [Contributing](https://github.com/authorizerdev/authorizer/blob/main/.github/CONTRIBUTING.md) - [Docs](http://docs.authorizer.dev/) -- [Join Community](https://discord.gg/2fXUQN3E) +- [Join Community](https://discord.gg/Zv2D5h6kkK) # Introduction diff --git a/server/constants/constants.go b/server/constants/constants.go index e7c9d13..b61db88 100644 --- a/server/constants/constants.go +++ b/server/constants/constants.go @@ -14,6 +14,7 @@ var ( JWT_SECRET = "" ALLOWED_ORIGINS = []string{} AUTHORIZER_URL = "" + APP_URL = "" PORT = "8080" REDIS_URL = "" IS_PROD = false diff --git a/server/handlers/verifyEmail.go b/server/handlers/verifyEmail.go index 00ccff3..fbb080d 100644 --- a/server/handlers/verifyEmail.go +++ b/server/handlers/verifyEmail.go @@ -69,6 +69,6 @@ func VerifyEmailHandler() gin.HandlerFunc { db.Mgr.SaveSession(sessionData) }() utils.SetCookie(c, accessToken) - c.Redirect(http.StatusTemporaryRedirect, claim.Host) + c.Redirect(http.StatusTemporaryRedirect, claim.RedirectURL) } } diff --git a/server/main.go b/server/main.go index d189314..afee5d1 100644 --- a/server/main.go +++ b/server/main.go @@ -32,6 +32,8 @@ func GinContextToContextMiddleware() gin.HandlerFunc { func CORSMiddleware() gin.HandlerFunc { return func(c *gin.Context) { origin := c.Request.Header.Get("Origin") + constants.APP_URL = origin + log.Println("=> APP_URL:", constants.APP_URL) c.Writer.Header().Set("Access-Control-Allow-Origin", origin) c.Writer.Header().Set("Access-Control-Allow-Credentials", "true") c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With") diff --git a/server/utils/cookie.go b/server/utils/cookie.go index 5de22d3..7de2501 100644 --- a/server/utils/cookie.go +++ b/server/utils/cookie.go @@ -1,7 +1,6 @@ package utils import ( - "log" "net/http" "github.com/authorizerdev/authorizer/server/constants" @@ -11,9 +10,8 @@ import ( func SetCookie(gc *gin.Context, token string) { secure := true httpOnly := true - host := GetHostName(constants.AUTHORIZER_URL) - log.Println("=> cookie host", host) + gc.SetSameSite(http.SameSiteNoneMode) gc.SetCookie(constants.COOKIE_NAME, token, 3600, "/", host, secure, httpOnly) } @@ -31,11 +29,8 @@ func DeleteCookie(gc *gin.Context) { secure := true httpOnly := true - if !constants.IS_PROD { - secure = false - } - host := GetHostName(constants.AUTHORIZER_URL) + gc.SetSameSite(http.SameSiteNoneMode) gc.SetCookie(constants.COOKIE_NAME, "", -1, "/", host, secure, httpOnly) } diff --git a/server/utils/urls.go b/server/utils/urls.go index 5ce38c5..9b0b725 100644 --- a/server/utils/urls.go +++ b/server/utils/urls.go @@ -5,7 +5,7 @@ import ( "strings" ) -// function to get hostname +// GetHostName function to get hostname func GetHostName(auth_url string) string { u, err := url.Parse(auth_url) if err != nil { diff --git a/server/utils/verificationToken.go b/server/utils/verificationToken.go index 130aa5a..f852e98 100644 --- a/server/utils/verificationToken.go +++ b/server/utils/verificationToken.go @@ -8,8 +8,9 @@ import ( ) type UserInfo struct { - Email string `json:"email"` - Host string `json:"host"` + Email string `json:"email"` + Host string `json:"host"` + RedirectURL string `json:"redirect_url"` } type CustomClaim struct { @@ -28,7 +29,7 @@ func CreateVerificationToken(email string, tokenType string) (string, error) { ExpiresAt: time.Now().Add(time.Minute * 30).Unix(), }, tokenType, - UserInfo{Email: email, Host: constants.AUTHORIZER_URL}, + UserInfo{Email: email, Host: constants.AUTHORIZER_URL, RedirectURL: constants.APP_URL}, } return t.SignedString([]byte(constants.JWT_SECRET))