go-packages/iris
1
0
Fork 0
mirror of https://github.com/kataras/iris.git synced 2025-02-02 15:30:36 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

auth: add an option to enforce the secure attr of the set-cookie

Browse Source
This commit is contained in:
Gerasimos (Makis) Maropoulos 2022-04-02 18:17:47 +03:00
parent 2f9ddff5a9
commit 872dd45359
No known key found for this signature in database
GPG Key ID: 66FCC29BD385FCA6
4 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
_examples/auth/auth/auth.yml
View File

@ -3,6 +3,7 @@ Headers: # required.
- "X-Authorization" - "X-Authorization"
Cookie: # optional. Cookie: # optional.
Name: "iris_auth_cookie" Name: "iris_auth_cookie"
Secure: false
Hash: "D*G-KaPdSgUkXp2s5v8y/B?E(H+MbQeThWmYq3t6w9z$C&F)J@NcRfUjXn2r4u7x" # length of 64 characters (512-bit). Hash: "D*G-KaPdSgUkXp2s5v8y/B?E(H+MbQeThWmYq3t6w9z$C&F)J@NcRfUjXn2r4u7x" # length of 64 characters (512-bit).
Block: "VkYp3s6v9y$B&E)H@McQfTjWmZq4t7w!" # length of 32 characters (256-bit). Block: "VkYp3s6v9y$B&E)H@McQfTjWmZq4t7w!" # length of 32 characters (256-bit).
Keys: Keys:

1
_examples/mvc/websocket-auth/auth.yml
View File

@ -3,6 +3,7 @@ Headers: # required.
- "X-Authorization" - "X-Authorization"
Cookie: # optional. Cookie: # optional.
Name: "iris_auth_cookie" Name: "iris_auth_cookie"
Secure: false
Hash: "D*G-KaPdSgUkXp2s5v8y/B?E(H+MbQeThWmYq3t6w9z$C&F)J@NcRfUjXn2r4u7x" # length of 64 characters (512-bit). Hash: "D*G-KaPdSgUkXp2s5v8y/B?E(H+MbQeThWmYq3t6w9z$C&F)J@NcRfUjXn2r4u7x" # length of 64 characters (512-bit).
Block: "VkYp3s6v9y$B&E)H@McQfTjWmZq4t7w!" # length of 32 characters (256-bit). Block: "VkYp3s6v9y$B&E)H@McQfTjWmZq4t7w!" # length of 32 characters (256-bit).
Keys: Keys:

2
auth/auth.go
View File

@ -526,7 +526,7 @@ func (s *Auth[T]) trySetCookie(ctx *context.Context, accessToken string) {
Name: cookieName, Name: cookieName,
Value: url.QueryEscape(accessToken), Value: url.QueryEscape(accessToken),
HttpOnly: true, HttpOnly: true,
Secure: ctx.IsSSL(), Secure: s.config.Cookie.Secure || ctx.IsSSL(),
Domain: ctx.Domain(), Domain: ctx.Domain(),
SameSite: http.SameSiteLaxMode, SameSite: http.SameSiteLaxMode,
Expires: time.Now().Add(maxAge), Expires: time.Now().Add(maxAge),

7
auth/configuration.go
View File

@ -45,6 +45,12 @@ type (
CookieConfiguration struct { CookieConfiguration struct {
// Name defines the cookie's name. // Name defines the cookie's name.
Name string `json:"cookie" yaml:"Name" toml:"Name" ini:"name"` Name string `json:"cookie" yaml:"Name" toml:"Name" ini:"name"`
// Secure if true then "; Secure" is appended to the Set-Cookie header.
// By setting the secure to true, the web browser will prevent the
// transmission of a cookie over an unencrypted channel.
//
// Defaults to false but it's true when the request is under iris.Context.IsSSL().
Secure bool `json:"secure" yaml:"Secure" toml:"Secure" ini:"secure"`
// Hash is optional, it is used to authenticate cookie value using HMAC. // Hash is optional, it is used to authenticate cookie value using HMAC.
// It is recommended to use a key with 32 or 64 bytes. // It is recommended to use a key with 32 or 64 bytes.
Hash string `json:"hash" yaml:"Hash" toml:"Hash" ini:"hash"` Hash string `json:"hash" yaml:"Hash" toml:"Hash" ini:"hash"`
@ -105,6 +111,7 @@ func (c *Configuration) BindRandom() error {
}, },
Cookie: CookieConfiguration{ Cookie: CookieConfiguration{
Name: "iris_auth_cookie", Name: "iris_auth_cookie",
Secure: false,
Hash: string(securecookie.GenerateRandomKey(64)), Hash: string(securecookie.GenerateRandomKey(64)),
Block: string(securecookie.GenerateRandomKey(32)), Block: string(securecookie.GenerateRandomKey(32)),
}, },