go-packages/iris
1
0
Fork 0
mirror of https://github.com/kataras/iris.git synced 2025-01-23 18:51:03 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
1e1d8a4855
iris/sessions/cookie.go
Gerasimos (Makis) Maropoulos 989ac436e8 fix https://github.com/kataras/iris/issues/1485 by adding and using the new 'context.UpsertCookie' instead of 'context.SetCookie' 
Former-commit-id: 31a50e580929616504b9bbbb1d602b0e9274a568
2020-04-13 09:27:49 +03:00

143 lines
4.3 KiB
Go
Raw Blame History

package sessions
import (
"net"
"net/http"
"strconv"
"strings"
"time"
"github.com/kataras/iris/v12/context"
"golang.org/x/net/publicsuffix"
)
var (
// CookieExpireDelete may be set on Cookie.Expire for expiring the given cookie.
CookieExpireDelete = time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC)
// CookieExpireUnlimited indicates that the cookie doesn't expire.
CookieExpireUnlimited = time.Now().AddDate(24, 10, 10)
)
// GetCookie returns cookie's value by it's name
// returns empty string if nothing was found
func GetCookie(ctx context.Context, name string) string {
c, err := ctx.Request().Cookie(name)
if err != nil {
return ""
}
return c.Value
}
// AddCookie adds a cookie
func AddCookie(ctx context.Context, cookie *http.Cookie, reclaim bool) {
if reclaim {
ctx.Request().AddCookie(cookie)
}
ctx.UpsertCookie(cookie)
}
// RemoveCookie deletes a cookie by it's name/key
// If "purge" is true then it removes the, temp, cookie from the request as well.
func RemoveCookie(ctx context.Context, config Config) {
cookie, err := ctx.Request().Cookie(config.Cookie)
if err != nil {
return
}
cookie.Expires = CookieExpireDelete
// MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
cookie.MaxAge = -1
cookie.Value = ""
cookie.Path = "/"
cookie.Domain = formatCookieDomain(ctx, config.DisableSubdomainPersistence)
AddCookie(ctx, cookie, config.AllowReclaim)
if config.AllowReclaim {
// delete request's cookie also, which is temporary available.
ctx.Request().Header.Set("Cookie", "")
}
}
// IsValidCookieDomain returns true if the receiver is a valid domain to set
// valid means that is recognised as 'domain' by the browser, so it(the cookie) can be shared with subdomains also
func IsValidCookieDomain(domain string) bool {
if net.IP([]byte(domain)).IsLoopback() {
// for these type of hosts, we can't allow subdomains persistence,
// the web browser doesn't understand the mysubdomain.0.0.0.0 and mysubdomain.127.0.0.1 mysubdomain.32.196.56.181. as scorrectly ubdomains because of the many dots
// so don't set a cookie domain here, let browser handle this
return false
}
dotLen := strings.Count(domain, ".")
if dotLen == 0 {
// we don't have a domain, maybe something like 'localhost', browser doesn't see the .localhost as wildcard subdomain+domain
return false
}
if dotLen >= 3 {
if lastDotIdx := strings.LastIndexByte(domain, '.'); lastDotIdx != -1 {
// chekc the last part, if it's number then propably it's ip
if len(domain) > lastDotIdx+1 {
_, err := strconv.Atoi(domain[lastDotIdx+1:])
if err == nil {
return false
}
}
}
}
return true
}
// func formatCookieDomain(ctx context.Context, disableSubdomainPersistence bool) string {
// if disableSubdomainPersistence {
// return ""
// }
// requestDomain := ctx.Host()
// if portIdx := strings.IndexByte(requestDomain, ':'); portIdx > 0 {
// requestDomain = requestDomain[0:portIdx]
// }
// if !IsValidCookieDomain(requestDomain) {
// return ""
// }
// // RFC2109, we allow level 1 subdomains, but no further
// // if we have localhost.com , we want the localhost.com.
// // so if we have something like: mysubdomain.localhost.com we want the localhost here
// // if we have mysubsubdomain.mysubdomain.localhost.com we want the .mysubdomain.localhost.com here
// // slow things here, especially the 'replace' but this is a good and understable( I hope) way to get the be able to set cookies from subdomains & domain with 1-level limit
// if dotIdx := strings.IndexByte(requestDomain, '.'); dotIdx > 0 {
// // is mysubdomain.localhost.com || mysubsubdomain.mysubdomain.localhost.com
// if strings.IndexByte(requestDomain[dotIdx+1:], '.') > 0 {
// requestDomain = requestDomain[dotIdx+1:]
// }
// }
// // finally set the .localhost.com (for(1-level) || .mysubdomain.localhost.com (for 2-level subdomain allow)
// return "." + requestDomain // . to allow persistence
// }
func formatCookieDomain(ctx context.Context, disableSubdomainPersistence bool) string {
if disableSubdomainPersistence {
return ""
}
host := ctx.Host()
if portIdx := strings.IndexByte(host, ':'); portIdx > 0 {
host = host[0:portIdx]
}
domain, err := publicsuffix.EffectiveTLDPlusOne(host)
if err != nil {
return "." + host
}
return "." + domain
}
Reference in New Issue View Git Blame Copy Permalink