efim/go-ssr-pocketbase-oauth-attempt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: setting Secure behind nginx

Browse Source 
bug was due to having explicit 'serve --http=address' when running
behind nginx on NixOS server
So either a more complicated check was required, or just setting
Secure=true unconditionally.

This seems to be a better way, because Firefox already allows secure
cookies beng sent and received from localhost for dev purposes, and
Chromium does too
This commit is contained in:
efim
2023-10-09 04:50:33 +00:00
parent 2a3d00839f
commit a367ed9a34
3 changed files with 37 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
middleware/auth.go
View File

@@ -1,7 +1,6 @@
package middleware
import (
"log"
"net/http"
"github.com/labstack/echo/v5"
@@ -15,9 +14,7 @@ import (
const AuthCookieName = "Auth"
func AddCookieSessionMiddleware(app *pocketbase.PocketBase, isTlsEnabled bool) {
log.Println("Warning: starting server with cookie Secure = false!")
func AddCookieSessionMiddleware(app *pocketbase.PocketBase) {
app.OnBeforeServe().Add(func(e *core.ServeEvent) error {
e.Router.Use(loadAuthContextFromCookie(app))
return nil
@@ -29,7 +26,7 @@ func AddCookieSessionMiddleware(app *pocketbase.PocketBase, isTlsEnabled bool) {
Name: AuthCookieName,
Value: e.Token,
Path: "/",
Secure: isTlsEnabled,
Secure: true,
HttpOnly: true,
})
e.HttpContext.SetCookie(&http.Cookie{
@@ -43,12 +40,12 @@ func AddCookieSessionMiddleware(app *pocketbase.PocketBase, isTlsEnabled bool) {
Name: AuthCookieName,
Value: e.Token,
Path: "/",
Secure: isTlsEnabled,
Secure: true,
HttpOnly: true,
})
return nil
})
app.OnBeforeServe().Add(getLogoutRoute(app, isTlsEnabled))
app.OnBeforeServe().Add(getLogoutRoute(app))
}
func loadAuthContextFromCookie(app core.App) echo.MiddlewareFunc {
@@ -92,7 +89,7 @@ func loadAuthContextFromCookie(app core.App) echo.MiddlewareFunc {
}
// render and return login page with configured oauth providers
func getLogoutRoute(app *pocketbase.PocketBase, isTlsEnabled bool) func(*core.ServeEvent) error {
func getLogoutRoute(app *pocketbase.PocketBase) func(*core.ServeEvent) error {
return func (e *core.ServeEvent) error {
e.Router.GET("/logout", func(c echo.Context) error {
c.SetCookie(&http.Cookie{
@@ -100,7 +97,7 @@ func getLogoutRoute(app *pocketbase.PocketBase, isTlsEnabled bool) func(*core.S
Value: "",
Path: "/",
MaxAge: -1,
Secure: isTlsEnabled,
Secure: true,
HttpOnly: true,
})
c.Response().Header().Add("HX-Trigger", "auth-change-event")