Add configurable HTTPS flag for secure cookie flag
This commit is contained in:
Frédéric Guillot
parent
a63105e13b
commit
7c19febd73
8 changed files with 33 additions and 24 deletions
|
|
@ -26,7 +26,9 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
// Config manages configuration parameters.
|
// Config manages configuration parameters.
|
||||||
type Config struct{}
|
type Config struct {
|
||||||
|
IsHTTPS bool
|
||||||
|
}
|
||||||
|
|
||||||
// Get returns a config parameter value.
|
// Get returns a config parameter value.
|
||||||
func (c *Config) Get(key, fallback string) string {
|
func (c *Config) Get(key, fallback string) string {
|
||||||
|
|
@ -51,5 +53,5 @@ func (c *Config) GetInt(key string, fallback int) int {
|
||||||
|
|
||||||
// NewConfig returns a new Config.
|
// NewConfig returns a new Config.
|
||||||
func NewConfig() *Config {
|
func NewConfig() *Config {
|
||||||
return &Config{}
|
return &Config{IsHTTPS: os.Getenv("HTTPS") != ""}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/miniflux/miniflux/config"
|
||||||
"github.com/miniflux/miniflux/helper"
|
"github.com/miniflux/miniflux/helper"
|
||||||
"github.com/miniflux/miniflux/locale"
|
"github.com/miniflux/miniflux/locale"
|
||||||
"github.com/miniflux/miniflux/logger"
|
"github.com/miniflux/miniflux/logger"
|
||||||
|
|
@ -16,6 +17,7 @@ import (
|
||||||
"github.com/miniflux/miniflux/storage"
|
"github.com/miniflux/miniflux/storage"
|
||||||
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
|
"github.com/tomasen/realip"
|
||||||
)
|
)
|
||||||
|
|
||||||
// HandlerFunc is an application HTTP handler.
|
// HandlerFunc is an application HTTP handler.
|
||||||
|
|
@ -23,6 +25,7 @@ type HandlerFunc func(ctx *Context, request *Request, response *Response)
|
||||||
|
|
||||||
// Handler manages HTTP handlers and middlewares.
|
// Handler manages HTTP handlers and middlewares.
|
||||||
type Handler struct {
|
type Handler struct {
|
||||||
|
cfg *config.Config
|
||||||
store *storage.Storage
|
store *storage.Storage
|
||||||
translator *locale.Translator
|
translator *locale.Translator
|
||||||
template *template.Engine
|
template *template.Engine
|
||||||
|
|
@ -34,7 +37,11 @@ type Handler struct {
|
||||||
func (h *Handler) Use(f HandlerFunc) http.Handler {
|
func (h *Handler) Use(f HandlerFunc) http.Handler {
|
||||||
return h.middleware.WrapFunc(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return h.middleware.WrapFunc(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
defer helper.ExecutionTime(time.Now(), r.URL.Path)
|
defer helper.ExecutionTime(time.Now(), r.URL.Path)
|
||||||
logger.Debug("[HTTP] %s %s", r.Method, r.URL.Path)
|
logger.Debug("[HTTP] %s %s %s", realip.RealIP(r), r.Method, r.URL.Path)
|
||||||
|
|
||||||
|
if r.Header.Get("X-Forwarded-Proto") == "https" {
|
||||||
|
h.cfg.IsHTTPS = true
|
||||||
|
}
|
||||||
|
|
||||||
ctx := NewContext(w, r, h.store, h.router, h.translator)
|
ctx := NewContext(w, r, h.store, h.router, h.translator)
|
||||||
request := NewRequest(w, r)
|
request := NewRequest(w, r)
|
||||||
|
|
@ -51,8 +58,9 @@ func (h *Handler) Use(f HandlerFunc) http.Handler {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewHandler returns a new Handler.
|
// NewHandler returns a new Handler.
|
||||||
func NewHandler(store *storage.Storage, router *mux.Router, template *template.Engine, translator *locale.Translator, middleware *middleware.Chain) *Handler {
|
func NewHandler(cfg *config.Config, store *storage.Storage, router *mux.Router, template *template.Engine, translator *locale.Translator, middleware *middleware.Chain) *Handler {
|
||||||
return &Handler{
|
return &Handler{
|
||||||
|
cfg: cfg,
|
||||||
store: store,
|
store: store,
|
||||||
translator: translator,
|
translator: translator,
|
||||||
router: router,
|
router: router,
|
||||||
|
|
|
||||||
|
|
@ -36,11 +36,6 @@ func (r *Request) File(name string) (multipart.File, *multipart.FileHeader, erro
|
||||||
return r.request.FormFile(name)
|
return r.request.FormFile(name)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsHTTPS returns if the request is made over HTTPS.
|
|
||||||
func (r *Request) IsHTTPS() bool {
|
|
||||||
return r.request.URL.Scheme == "https"
|
|
||||||
}
|
|
||||||
|
|
||||||
// Cookie returns the cookie value.
|
// Cookie returns the cookie value.
|
||||||
func (r *Request) Cookie(name string) string {
|
func (r *Request) Cookie(name string) string {
|
||||||
cookie, err := r.request.Cookie(name)
|
cookie, err := r.request.Cookie(name)
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/miniflux/miniflux/config"
|
||||||
"github.com/miniflux/miniflux/logger"
|
"github.com/miniflux/miniflux/logger"
|
||||||
"github.com/miniflux/miniflux/model"
|
"github.com/miniflux/miniflux/model"
|
||||||
"github.com/miniflux/miniflux/server/cookie"
|
"github.com/miniflux/miniflux/server/cookie"
|
||||||
|
|
@ -16,25 +17,26 @@ import (
|
||||||
|
|
||||||
// SessionMiddleware represents a session middleware.
|
// SessionMiddleware represents a session middleware.
|
||||||
type SessionMiddleware struct {
|
type SessionMiddleware struct {
|
||||||
|
cfg *config.Config
|
||||||
store *storage.Storage
|
store *storage.Storage
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handler execute the middleware.
|
// Handler execute the middleware.
|
||||||
func (t *SessionMiddleware) Handler(next http.Handler) http.Handler {
|
func (s *SessionMiddleware) Handler(next http.Handler) http.Handler {
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
var err error
|
var err error
|
||||||
session := t.getSessionValueFromCookie(r)
|
session := s.getSessionValueFromCookie(r)
|
||||||
|
|
||||||
if session == nil {
|
if session == nil {
|
||||||
logger.Debug("[Middleware:Session] Session not found")
|
logger.Debug("[Middleware:Session] Session not found")
|
||||||
session, err = t.store.CreateSession()
|
session, err = s.store.CreateSession()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error("[Middleware:Session] %v", err)
|
logger.Error("[Middleware:Session] %v", err)
|
||||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
http.SetCookie(w, cookie.New(cookie.CookieSessionID, session.ID, r.URL.Scheme == "https"))
|
http.SetCookie(w, cookie.New(cookie.CookieSessionID, session.ID, s.cfg.IsHTTPS))
|
||||||
} else {
|
} else {
|
||||||
logger.Debug("[Middleware:Session] %s", session)
|
logger.Debug("[Middleware:Session] %s", session)
|
||||||
}
|
}
|
||||||
|
|
@ -61,13 +63,13 @@ func (t *SessionMiddleware) Handler(next http.Handler) http.Handler {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *SessionMiddleware) getSessionValueFromCookie(r *http.Request) *model.Session {
|
func (s *SessionMiddleware) getSessionValueFromCookie(r *http.Request) *model.Session {
|
||||||
sessionCookie, err := r.Cookie(cookie.CookieSessionID)
|
sessionCookie, err := r.Cookie(cookie.CookieSessionID)
|
||||||
if err == http.ErrNoCookie {
|
if err == http.ErrNoCookie {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
session, err := t.store.Session(sessionCookie.Value)
|
session, err := s.store.Session(sessionCookie.Value)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error("[Middleware:Session] %v", err)
|
logger.Error("[Middleware:Session] %v", err)
|
||||||
return nil
|
return nil
|
||||||
|
|
@ -77,6 +79,6 @@ func (t *SessionMiddleware) getSessionValueFromCookie(r *http.Request) *model.Se
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewSessionMiddleware returns a new SessionMiddleware.
|
// NewSessionMiddleware returns a new SessionMiddleware.
|
||||||
func NewSessionMiddleware(s *storage.Storage) *SessionMiddleware {
|
func NewSessionMiddleware(cfg *config.Config, store *storage.Storage) *SessionMiddleware {
|
||||||
return &SessionMiddleware{store: s}
|
return &SessionMiddleware{cfg, store}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -33,17 +33,17 @@ func getRoutes(cfg *config.Config, store *storage.Storage, feedHandler *feed.Han
|
||||||
feverController := fever.NewController(store)
|
feverController := fever.NewController(store)
|
||||||
uiController := ui_controller.NewController(cfg, store, pool, feedHandler, opml.NewHandler(store))
|
uiController := ui_controller.NewController(cfg, store, pool, feedHandler, opml.NewHandler(store))
|
||||||
|
|
||||||
apiHandler := core.NewHandler(store, router, templateEngine, translator, middleware.NewChain(
|
apiHandler := core.NewHandler(cfg, store, router, templateEngine, translator, middleware.NewChain(
|
||||||
middleware.NewBasicAuthMiddleware(store).Handler,
|
middleware.NewBasicAuthMiddleware(store).Handler,
|
||||||
))
|
))
|
||||||
|
|
||||||
feverHandler := core.NewHandler(store, router, templateEngine, translator, middleware.NewChain(
|
feverHandler := core.NewHandler(cfg, store, router, templateEngine, translator, middleware.NewChain(
|
||||||
middleware.NewFeverMiddleware(store).Handler,
|
middleware.NewFeverMiddleware(store).Handler,
|
||||||
))
|
))
|
||||||
|
|
||||||
uiHandler := core.NewHandler(store, router, templateEngine, translator, middleware.NewChain(
|
uiHandler := core.NewHandler(cfg, store, router, templateEngine, translator, middleware.NewChain(
|
||||||
middleware.NewUserSessionMiddleware(store, router).Handler,
|
middleware.NewUserSessionMiddleware(store, router).Handler,
|
||||||
middleware.NewSessionMiddleware(store).Handler,
|
middleware.NewSessionMiddleware(cfg, store).Handler,
|
||||||
))
|
))
|
||||||
|
|
||||||
router.Handle("/fever/", feverHandler.Use(feverController.Handler))
|
router.Handle("/fever/", feverHandler.Use(feverController.Handler))
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,7 @@ func startServer(cfg *config.Config, handler *mux.Router) *http.Server {
|
||||||
}
|
}
|
||||||
|
|
||||||
if certDomain != "" && certCache != "" {
|
if certDomain != "" && certCache != "" {
|
||||||
|
cfg.IsHTTPS = true
|
||||||
server.Addr = ":https"
|
server.Addr = ":https"
|
||||||
certManager := autocert.Manager{
|
certManager := autocert.Manager{
|
||||||
Cache: autocert.DirCache(certCache),
|
Cache: autocert.DirCache(certCache),
|
||||||
|
|
@ -51,6 +52,7 @@ func startServer(cfg *config.Config, handler *mux.Router) *http.Server {
|
||||||
}()
|
}()
|
||||||
} else if certFile != "" && keyFile != "" {
|
} else if certFile != "" && keyFile != "" {
|
||||||
server.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12}
|
server.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12}
|
||||||
|
cfg.IsHTTPS = true
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
logger.Info(`Listening on "%s" by using certificate "%s" and key "%s"`, server.Addr, certFile, keyFile)
|
logger.Info(`Listening on "%s" by using certificate "%s" and key "%s"`, server.Addr, certFile, keyFile)
|
||||||
|
|
|
||||||
|
|
@ -59,7 +59,7 @@ func (c *Controller) CheckLogin(ctx *core.Context, request *core.Request, respon
|
||||||
|
|
||||||
logger.Info("[Controller:CheckLogin] username=%s just logged in", authForm.Username)
|
logger.Info("[Controller:CheckLogin] username=%s just logged in", authForm.Username)
|
||||||
|
|
||||||
response.SetCookie(cookie.New(cookie.CookieUserSessionID, sessionToken, request.IsHTTPS()))
|
response.SetCookie(cookie.New(cookie.CookieUserSessionID, sessionToken, c.cfg.IsHTTPS))
|
||||||
response.Redirect(ctx.Route("unread"))
|
response.Redirect(ctx.Route("unread"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -71,6 +71,6 @@ func (c *Controller) Logout(ctx *core.Context, request *core.Request, response *
|
||||||
logger.Error("[Controller:Logout] %v", err)
|
logger.Error("[Controller:Logout] %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
response.SetCookie(cookie.Expired(cookie.CookieUserSessionID, request.IsHTTPS()))
|
response.SetCookie(cookie.Expired(cookie.CookieUserSessionID, c.cfg.IsHTTPS))
|
||||||
response.Redirect(ctx.Route("login"))
|
response.Redirect(ctx.Route("login"))
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -118,7 +118,7 @@ func (c *Controller) OAuth2Callback(ctx *core.Context, request *core.Request, re
|
||||||
|
|
||||||
logger.Info("[Controller:OAuth2Callback] username=%s just logged in", user.Username)
|
logger.Info("[Controller:OAuth2Callback] username=%s just logged in", user.Username)
|
||||||
|
|
||||||
response.SetCookie(cookie.New(cookie.CookieUserSessionID, sessionToken, request.IsHTTPS()))
|
response.SetCookie(cookie.New(cookie.CookieUserSessionID, sessionToken, c.cfg.IsHTTPS))
|
||||||
response.Redirect(ctx.Route("unread"))
|
response.Redirect(ctx.Route("unread"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue