update auth cookie settings
This commit is contained in:
Wim Brand
@@ -17,7 +17,7 @@ var client = &http.Client{Timeout: time.Minute * 5}
|
||||
// PixelAPI is the Pixeldrain API client
|
||||
type PixelAPI struct {
|
||||
apiEndpoint string
|
||||
apiKey string
|
||||
APIKey string
|
||||
RealIP string
|
||||
}
|
||||
|
||||
@@ -60,8 +60,8 @@ func (p *PixelAPI) jsonRequest(method, url string, target interface{}) error {
|
||||
Message: err.Error(),
|
||||
}
|
||||
}
|
||||
if p.apiKey != "" {
|
||||
req.SetBasicAuth("", p.apiKey)
|
||||
if p.APIKey != "" {
|
||||
req.SetBasicAuth("", p.APIKey)
|
||||
}
|
||||
if p.RealIP != "" {
|
||||
req.Header.Set("X-Real-IP", p.RealIP)
|
||||
@@ -86,8 +86,8 @@ func (p *PixelAPI) getString(url string) (string, error) {
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
if p.apiKey != "" {
|
||||
req.SetBasicAuth("", p.apiKey)
|
||||
if p.APIKey != "" {
|
||||
req.SetBasicAuth("", p.APIKey)
|
||||
}
|
||||
if p.RealIP != "" {
|
||||
req.Header.Set("X-Real-IP", p.RealIP)
|
||||
@@ -110,8 +110,8 @@ func (p *PixelAPI) getRaw(url string) (io.ReadCloser, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if p.apiKey != "" {
|
||||
req.SetBasicAuth("", p.apiKey)
|
||||
if p.APIKey != "" {
|
||||
req.SetBasicAuth("", p.APIKey)
|
||||
}
|
||||
if p.RealIP != "" {
|
||||
req.Header.Set("X-Real-IP", p.RealIP)
|
||||
@@ -141,8 +141,8 @@ func (p *PixelAPI) form(
|
||||
Message: err.Error(),
|
||||
}
|
||||
}
|
||||
if p.apiKey != "" {
|
||||
req.SetBasicAuth("", p.apiKey)
|
||||
if p.APIKey != "" {
|
||||
req.SetBasicAuth("", p.APIKey)
|
||||
}
|
||||
if p.RealIP != "" {
|
||||
req.Header.Set("X-Real-IP", p.RealIP)
|
||||
|
||||
@@ -58,7 +58,7 @@ func (p *PixelAPI) UserLogin(username, password string, saveKey bool) (resp *Log
|
||||
return nil, err
|
||||
}
|
||||
if saveKey {
|
||||
p.apiKey = resp.APIKey
|
||||
p.APIKey = resp.APIKey
|
||||
}
|
||||
return resp, nil
|
||||
}
|
||||
|
||||
@@ -64,7 +64,10 @@ func (wc *WebController) newTemplateData(w http.ResponseWriter, r *http.Request)
|
||||
log.Debug("Session check for key '%s' failed: %s", key, err)
|
||||
|
||||
if err.Error() == "authentication_required" || err.Error() == "authentication_failed" {
|
||||
// This key is invalid, delete it
|
||||
// Disable API authentication
|
||||
t.PixelAPI.APIKey = ""
|
||||
|
||||
// Remove the authentication cookie
|
||||
log.Debug("Deleting invalid API key")
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: "pd_auth_key",
|
||||
|
||||
@@ -178,6 +178,8 @@ func (wc *WebController) loginForm(td *TemplateData, r *http.Request) (f Form) {
|
||||
Path: "/",
|
||||
Expires: time.Now().AddDate(50, 0, 0),
|
||||
Domain: wc.sessionCookieDomain,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Secure: true,
|
||||
}
|
||||
f.Extra.RedirectTo = "/user"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user