pixeldrain/fnx_web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update auth cookie settings

Browse Source
This commit is contained in:
Wim Brand
2020-02-05 11:35:31 +01:00
parent 2fba11269a
commit 650c7ede6c
4 changed files with 21 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pixelapi/pixelapi.go
View File

@@ -17,7 +17,7 @@ var client = &http.Client{Timeout: time.Minute * 5}
// PixelAPI is the Pixeldrain API client // PixelAPI is the Pixeldrain API client
type PixelAPI struct { type PixelAPI struct {
apiEndpoint string apiEndpoint string
apiKey string APIKey string
RealIP string RealIP string
} }
@@ -60,8 +60,8 @@ func (p *PixelAPI) jsonRequest(method, url string, target interface{}) error {
Message: err.Error(), Message: err.Error(),
} }
} }
if p.apiKey != "" { if p.APIKey != "" {
req.SetBasicAuth("", p.apiKey) req.SetBasicAuth("", p.APIKey)
} }
if p.RealIP != "" { if p.RealIP != "" {
req.Header.Set("X-Real-IP", p.RealIP) req.Header.Set("X-Real-IP", p.RealIP)
@@ -86,8 +86,8 @@ func (p *PixelAPI) getString(url string) (string, error) {
if err != nil { if err != nil {
return "", err return "", err
} }
if p.apiKey != "" { if p.APIKey != "" {
req.SetBasicAuth("", p.apiKey) req.SetBasicAuth("", p.APIKey)
} }
if p.RealIP != "" { if p.RealIP != "" {
req.Header.Set("X-Real-IP", p.RealIP) req.Header.Set("X-Real-IP", p.RealIP)
@@ -110,8 +110,8 @@ func (p *PixelAPI) getRaw(url string) (io.ReadCloser, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
if p.apiKey != "" { if p.APIKey != "" {
req.SetBasicAuth("", p.apiKey) req.SetBasicAuth("", p.APIKey)
} }
if p.RealIP != "" { if p.RealIP != "" {
req.Header.Set("X-Real-IP", p.RealIP) req.Header.Set("X-Real-IP", p.RealIP)
@@ -141,8 +141,8 @@ func (p *PixelAPI) form(
Message: err.Error(), Message: err.Error(),
} }
} }
if p.apiKey != "" { if p.APIKey != "" {
req.SetBasicAuth("", p.apiKey) req.SetBasicAuth("", p.APIKey)
} }
if p.RealIP != "" { if p.RealIP != "" {
req.Header.Set("X-Real-IP", p.RealIP) req.Header.Set("X-Real-IP", p.RealIP)

2
pixelapi/user.go
View File

@@ -58,7 +58,7 @@ func (p *PixelAPI) UserLogin(username, password string, saveKey bool) (resp *Log
return nil, err return nil, err
} }
if saveKey { if saveKey {
p.apiKey = resp.APIKey p.APIKey = resp.APIKey
} }
return resp, nil return resp, nil
} }

5
webcontroller/templates.go
View File

@@ -64,7 +64,10 @@ func (wc *WebController) newTemplateData(w http.ResponseWriter, r *http.Request)
log.Debug("Session check for key '%s' failed: %s", key, err) log.Debug("Session check for key '%s' failed: %s", key, err)
if err.Error() == "authentication_required" || err.Error() == "authentication_failed" { if err.Error() == "authentication_required" || err.Error() == "authentication_failed" {
// This key is invalid, delete it // Disable API authentication
t.PixelAPI.APIKey = ""
// Remove the authentication cookie
log.Debug("Deleting invalid API key") log.Debug("Deleting invalid API key")
http.SetCookie(w, &http.Cookie{ http.SetCookie(w, &http.Cookie{
Name: "pd_auth_key", Name: "pd_auth_key",

12
webcontroller/user_account.go
View File

@@ -173,11 +173,13 @@ func (wc *WebController) loginForm(td *TemplateData, r *http.Request) (f Form) {
f.SubmitSuccess = true f.SubmitSuccess = true
f.SubmitMessages = []template.HTML{"Success!"} f.SubmitMessages = []template.HTML{"Success!"}
f.Extra.SetCookie = &http.Cookie{ f.Extra.SetCookie = &http.Cookie{
Name: "pd_auth_key", Name: "pd_auth_key",
Value: loginResp.APIKey, Value: loginResp.APIKey,
Path: "/", Path: "/",
Expires: time.Now().AddDate(50, 0, 0), Expires: time.Now().AddDate(50, 0, 0),
Domain: wc.sessionCookieDomain, Domain: wc.sessionCookieDomain,
SameSite: http.SameSiteStrictMode,
Secure: true,
} }
f.Extra.RedirectTo = "/user" f.Extra.RedirectTo = "/user"
} }