From e0a0226bcc6b0938323a861a524e9075d3fa9dd5 Mon Sep 17 00:00:00 2001 From: Lakhan Samani Date: Wed, 8 Dec 2021 01:01:45 +0530 Subject: [PATCH] feat: set & delete client cookie Resolves: #71 --- server/handlers/oauthCallback.go | 2 ++ server/utils/cookie.go | 10 +++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/server/handlers/oauthCallback.go b/server/handlers/oauthCallback.go index e345da8..809498e 100644 --- a/server/handlers/oauthCallback.go +++ b/server/handlers/oauthCallback.go @@ -179,6 +179,8 @@ func OAuthCallbackHandler() gin.HandlerFunc { inputRoles := strings.Split(sessionSplit[2], ",") redirectURL := sessionSplit[1] + c.Request.Header.Set("Origin", redirectURL) + var err error user := db.User{} code := c.Request.FormValue("code") diff --git a/server/utils/cookie.go b/server/utils/cookie.go index 5de22d3..553e1b5 100644 --- a/server/utils/cookie.go +++ b/server/utils/cookie.go @@ -11,11 +11,16 @@ import ( func SetCookie(gc *gin.Context, token string) { secure := true httpOnly := true + origin := gc.Request.Header.Get("Origin") host := GetHostName(constants.AUTHORIZER_URL) - log.Println("=> cookie host", host) + originHost := GetHostName(origin) + + log.Println("=> cookie host", host, origin) + gc.SetSameSite(http.SameSiteNoneMode) gc.SetCookie(constants.COOKIE_NAME, token, 3600, "/", host, secure, httpOnly) + gc.SetCookie(constants.COOKIE_NAME+"-client", token, 3600, "/", originHost, secure, httpOnly) } func GetCookie(gc *gin.Context) (string, error) { @@ -30,12 +35,15 @@ func GetCookie(gc *gin.Context) (string, error) { func DeleteCookie(gc *gin.Context) { secure := true httpOnly := true + origin := gc.Request.Header.Get("Origin") if !constants.IS_PROD { secure = false } host := GetHostName(constants.AUTHORIZER_URL) + originHost := GetHostName(origin) gc.SetSameSite(http.SameSiteNoneMode) gc.SetCookie(constants.COOKIE_NAME, "", -1, "/", host, secure, httpOnly) + gc.SetCookie(constants.COOKIE_NAME+"-client", "", -1, "/", originHost, secure, httpOnly) }