commit 6031a1fb265a5ecfce8660fdd87ec1d311f202ce
parent fa4f263c414143e562a8cec61888cc4df860e9fa
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Sat, 3 Dec 2022 23:22:15 -0500
cleanup cookies
Diffstat:
3 files changed, 33 insertions(+), 123 deletions(-)
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -575,38 +575,23 @@ func LogoutHandler(ctx echo.Context) error {
}
func createPartialRecoveryCookie(value string, maxAge int64) *http.Cookie {
- return createCookie("partial-recovery-token", value, maxAge)
+ return hutils.CreateCookie("partial-recovery-token", value, maxAge)
}
func createPartialRecovery2Cookie(value string, maxAge int64) *http.Cookie {
- return createCookie("partial-recovery2-token", value, maxAge)
+ return hutils.CreateCookie("partial-recovery2-token", value, maxAge)
}
func createPartialSessionCookie(value string, maxAge int64) *http.Cookie {
- return createCookie("partial-auth-token", value, maxAge)
+ return hutils.CreateCookie("partial-auth-token", value, maxAge)
}
func createSessionCookie(value string, maxAge int64) *http.Cookie {
- return createCookie("auth-token", value, maxAge)
+ return hutils.CreateCookie("auth-token", value, maxAge)
}
func createSignupCookie(value string, maxAge int64) *http.Cookie {
- return createCookie("signup-token", value, maxAge)
-}
-
-func createCookie(name, value string, maxAge int64) *http.Cookie {
- cookie := &http.Cookie{
- Name: name,
- Value: value,
- Domain: config.Global.CookieDomain(),
- Secure: config.Global.CookieSecure(),
- Path: "/",
- HttpOnly: true,
- MaxAge: int(maxAge),
- SameSite: http.SameSiteLaxMode,
- Expires: time.Now().Add(time.Duration(maxAge) * time.Second),
- }
- return cookie
+ return hutils.CreateCookie("signup-token", value, maxAge)
}
// FlashResponse ...
@@ -4081,18 +4066,8 @@ func ByteRoadChallengeHandler(c echo.Context) error {
data.CaptchaID, data.CaptchaImg = captcha.New()
setCookie := func(token string) {
- maxAge := 86400 // 24h
- c.SetCookie(&http.Cookie{
- Name: "challenge_byte_road_session",
- Value: token,
- Domain: config.Global.CookieDomain(),
- Secure: config.Global.CookieSecure(),
- Path: "/",
- HttpOnly: true,
- MaxAge: maxAge,
- SameSite: http.SameSiteLaxMode,
- Expires: time.Now().Add(time.Duration(maxAge) * time.Second),
- })
+ maxAge := int64(86400) // 24h
+ c.SetCookie(hutils.CreateCookie("challenge_byte_road_session", token, maxAge))
}
if c.Request().Method == http.MethodPost {
diff --git a/pkg/web/handlers/utils/utils.go b/pkg/web/handlers/utils/utils.go
@@ -14,6 +14,21 @@ import (
const HBCookieName = "dkft" // dkf troll
+func CreateCookie(name, value string, maxAge int64) *http.Cookie {
+ cookie := &http.Cookie{
+ Name: name,
+ Value: value,
+ Domain: config.Global.CookieDomain(),
+ Secure: config.Global.CookieSecure(),
+ Path: "/",
+ HttpOnly: true,
+ MaxAge: int(maxAge),
+ SameSite: http.SameSiteLaxMode,
+ Expires: time.Now().Add(time.Duration(maxAge) * time.Second),
+ }
+ return cookie
+}
+
func GetRoomCookie(c echo.Context, roomID int64) (*http.Cookie, error) {
return c.Cookie("room_" + utils.FormatInt64(roomID) + "_auth")
}
@@ -23,54 +38,14 @@ func GetRoomKeyCookie(c echo.Context, roomID int64) (*http.Cookie, error) {
}
func DeleteRoomCookie(c echo.Context, roomID int64) {
- c.SetCookie(&http.Cookie{
- Name: "room_" + utils.FormatInt64(roomID) + "_auth",
- Value: "",
- Domain: config.Global.CookieDomain(),
- Secure: config.Global.CookieSecure(),
- Path: "/",
- HttpOnly: true,
- MaxAge: int(-1),
- SameSite: http.SameSiteLaxMode,
- Expires: time.Now().Add(time.Duration(-1) * time.Second),
- })
- c.SetCookie(&http.Cookie{
- Name: "room_" + utils.FormatInt64(roomID) + "_key",
- Value: "",
- Domain: config.Global.CookieDomain(),
- Secure: config.Global.CookieSecure(),
- Path: "/",
- HttpOnly: true,
- MaxAge: int(-1),
- SameSite: http.SameSiteLaxMode,
- Expires: time.Now().Add(time.Duration(-1) * time.Second),
- })
+ c.SetCookie(CreateCookie("room_"+utils.FormatInt64(roomID)+"_auth", "", -1))
+ c.SetCookie(CreateCookie("room_"+utils.FormatInt64(roomID)+"_key", "", -1))
}
func CreateRoomCookie(c echo.Context, roomID int64, v, key string) {
- maxAge := 86400 // 24h
- c.SetCookie(&http.Cookie{
- Name: "room_" + utils.FormatInt64(roomID) + "_auth",
- Value: v,
- Domain: config.Global.CookieDomain(),
- Secure: config.Global.CookieSecure(),
- Path: "/",
- HttpOnly: true,
- MaxAge: int(maxAge),
- SameSite: http.SameSiteLaxMode,
- Expires: time.Now().Add(time.Duration(maxAge) * time.Second),
- })
- c.SetCookie(&http.Cookie{
- Name: "room_" + utils.FormatInt64(roomID) + "_key",
- Value: key,
- Domain: config.Global.CookieDomain(),
- Secure: config.Global.CookieSecure(),
- Path: "/",
- HttpOnly: true,
- MaxAge: int(maxAge),
- SameSite: http.SameSiteLaxMode,
- Expires: time.Now().Add(time.Duration(maxAge) * time.Second),
- })
+ maxAge := int64(86400) // 24h
+ c.SetCookie(CreateCookie("room_"+utils.FormatInt64(roomID)+"_auth", v, maxAge))
+ c.SetCookie(CreateCookie("room_"+utils.FormatInt64(roomID)+"_key", key, maxAge))
}
func GetGistCookie(c echo.Context, gistUUID string) (*http.Cookie, error) {
@@ -78,32 +53,12 @@ func GetGistCookie(c echo.Context, gistUUID string) (*http.Cookie, error) {
}
func DeleteGistCookie(c echo.Context, gistUUID string) {
- c.SetCookie(&http.Cookie{
- Name: "gist_" + gistUUID + "_auth",
- Value: "",
- Domain: config.Global.CookieDomain(),
- Secure: config.Global.CookieSecure(),
- Path: "/",
- HttpOnly: true,
- MaxAge: int(-1),
- SameSite: http.SameSiteLaxMode,
- Expires: time.Now().Add(time.Duration(-1) * time.Second),
- })
+ c.SetCookie(CreateCookie("gist_"+gistUUID+"_auth", "", -1))
}
func CreateGistCookie(c echo.Context, gistUUID, v string) {
- maxAge := 86400 // 24h
- c.SetCookie(&http.Cookie{
- Name: "gist_" + gistUUID + "_auth",
- Value: v,
- Domain: config.Global.CookieDomain(),
- Secure: config.Global.CookieSecure(),
- Path: "/",
- HttpOnly: true,
- MaxAge: int(maxAge),
- SameSite: http.SameSiteLaxMode,
- Expires: time.Now().Add(time.Duration(maxAge) * time.Second),
- })
+ maxAge := int64(86400) // 24h
+ c.SetCookie(CreateCookie("gist_"+gistUUID+"_auth", v, maxAge))
}
func GetAprilFoolCookie(c echo.Context) int {
@@ -119,18 +74,8 @@ func GetAprilFoolCookie(c echo.Context) int {
}
func CreateAprilFoolCookie(c echo.Context, v int) {
- maxAge := 86400 // 24h
- c.SetCookie(&http.Cookie{
- Name: "april_fool",
- Value: strconv.Itoa(v),
- Domain: config.Global.CookieDomain(),
- Secure: config.Global.CookieSecure(),
- Path: "/",
- HttpOnly: true,
- MaxAge: maxAge,
- SameSite: http.SameSiteLaxMode,
- Expires: time.Now().Add(time.Duration(maxAge) * time.Second),
- })
+ maxAge := int64(86400) // 24h
+ c.SetCookie(CreateCookie("april_fool", strconv.Itoa(v), maxAge))
}
// CaptchaVerifyString ensure that all captcha across the website makes HB life miserable.
diff --git a/pkg/web/middlewares/middlewares.go b/pkg/web/middlewares/middlewares.go
@@ -296,17 +296,7 @@ func HellbannedCookieMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
user := c.Get("authUser").(*database.User)
if user != nil && user.IsHellbanned {
if _, err := c.Cookie(hutils.HBCookieName); err != nil {
- cookie := &http.Cookie{
- Name: hutils.HBCookieName,
- Value: utils.GenerateToken3(),
- Domain: config.Global.CookieDomain(),
- Secure: config.Global.CookieSecure(),
- Path: "/",
- HttpOnly: true,
- MaxAge: utils.OneMonthSecs,
- SameSite: http.SameSiteLaxMode,
- Expires: time.Now().Add(time.Duration(utils.OneMonthSecs) * time.Second),
- }
+ cookie := hutils.CreateCookie(hutils.HBCookieName, utils.GenerateToken3(), utils.OneMonthSecs)
c.SetCookie(cookie)
}
}
