feat: set & delete client cookie (#73)

Resolves: #71
2021-12-08 01:04:18 +05:30
parent 23e2bcadd8
commit cc2e03815c
2 changed files with 11 additions and 1 deletions
--- a/server/handlers/oauthCallback.go
+++ b/server/handlers/oauthCallback.go
@@ -179,6 +179,8 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 		inputRoles := strings.Split(sessionSplit[2], ",")
 		redirectURL := sessionSplit[1]

+		c.Request.Header.Set("Origin", redirectURL)
+
 		var err error
 		user := db.User{}
 		code := c.Request.FormValue("code")
--- a/server/utils/cookie.go
+++ b/server/utils/cookie.go
@@ -11,11 +11,16 @@ import (
 func SetCookie(gc *gin.Context, token string) {
 	secure := true
 	httpOnly := true
+	origin := gc.Request.Header.Get("Origin")

 	host := GetHostName(constants.AUTHORIZER_URL)
-	log.Println("=> cookie host", host)
+	originHost := GetHostName(origin)
+
+	log.Println("=> cookie host", host, origin)
+
 	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.COOKIE_NAME, token, 3600, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.COOKIE_NAME+"-client", token, 3600, "/", originHost, secure, httpOnly)
 }

 func GetCookie(gc *gin.Context) (string, error) {
@@ -30,12 +35,15 @@ func GetCookie(gc *gin.Context) (string, error) {
 func DeleteCookie(gc *gin.Context) {
 	secure := true
 	httpOnly := true
+	origin := gc.Request.Header.Get("Origin")

 	if !constants.IS_PROD {
 		secure = false
 	}

 	host := GetHostName(constants.AUTHORIZER_URL)
+	originHost := GetHostName(origin)
 	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.COOKIE_NAME, "", -1, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.COOKIE_NAME+"-client", "", -1, "/", originHost, secure, httpOnly)
 }