Dont create auth cookie in backend (#4136)

This commit is contained in:
Nutomic 2023-11-08 13:55:09 +01:00 committed by GitHub
parent 7a30a75905
commit aaaf17486d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 26 deletions

View file

@ -1,16 +1,14 @@
use crate::check_totp_2fa_valid; use crate::check_totp_2fa_valid;
use actix_web::{ use actix_web::{
http::StatusCode,
web::{Data, Json}, web::{Data, Json},
HttpRequest, HttpRequest,
HttpResponse,
}; };
use bcrypt::verify; use bcrypt::verify;
use lemmy_api_common::{ use lemmy_api_common::{
claims::Claims, claims::Claims,
context::LemmyContext, context::LemmyContext,
person::{Login, LoginResponse}, person::{Login, LoginResponse},
utils::{check_user_valid, create_login_cookie}, utils::check_user_valid,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{local_site::LocalSite, registration_application::RegistrationApplication}, source::{local_site::LocalSite, registration_application::RegistrationApplication},
@ -25,7 +23,7 @@ pub async fn login(
data: Json<Login>, data: Json<Login>,
req: HttpRequest, req: HttpRequest,
context: Data<LemmyContext>, context: Data<LemmyContext>,
) -> Result<HttpResponse, LemmyError> { ) -> Result<Json<LoginResponse>, LemmyError> {
let site_view = SiteView::read_local(&mut context.pool()).await?; let site_view = SiteView::read_local(&mut context.pool()).await?;
// Fetch that username / email // Fetch that username / email
@ -65,15 +63,11 @@ pub async fn login(
let jwt = Claims::generate(local_user_view.local_user.id, req, &context).await?; let jwt = Claims::generate(local_user_view.local_user.id, req, &context).await?;
let json = LoginResponse { Ok(Json(LoginResponse {
jwt: Some(jwt.clone()), jwt: Some(jwt.clone()),
verify_email_sent: false, verify_email_sent: false,
registration_created: false, registration_created: false,
}; }))
let mut res = HttpResponse::build(StatusCode::OK).json(json);
res.add_cookie(&create_login_cookie(jwt))?;
Ok(res)
} }
async fn check_registration_application( async fn check_registration_application(

View file

@ -1,10 +1,8 @@
use crate::{ use crate::{
context::LemmyContext, context::LemmyContext,
request::purge_image_from_pictrs, request::purge_image_from_pictrs,
sensitive::Sensitive,
site::{FederatedInstances, InstanceWithFederationState}, site::{FederatedInstances, InstanceWithFederationState},
}; };
use actix_web::cookie::{Cookie, SameSite};
use anyhow::Context; use anyhow::Context;
use chrono::{DateTime, Days, Local, TimeZone, Utc}; use chrono::{DateTime, Days, Local, TimeZone, Utc};
use enum_map::{enum_map, EnumMap}; use enum_map::{enum_map, EnumMap};
@ -776,14 +774,6 @@ pub fn generate_moderators_url(community_id: &DbUrl) -> Result<DbUrl, LemmyError
Ok(Url::parse(&format!("{community_id}/moderators"))?.into()) Ok(Url::parse(&format!("{community_id}/moderators"))?.into())
} }
pub fn create_login_cookie(jwt: Sensitive<String>) -> Cookie<'static> {
let mut cookie = Cookie::new(AUTH_COOKIE_NAME, jwt.into_inner());
cookie.set_secure(true);
cookie.set_same_site(SameSite::Lax);
cookie.set_http_only(true);
cookie
}
/// Ensure that ban/block expiry is in valid range. If its in past, throw error. If its more /// Ensure that ban/block expiry is in valid range. If its in past, throw error. If its more
/// than 10 years in future, convert to permanent ban. Otherwise return the same value. /// than 10 years in future, convert to permanent ban. Otherwise return the same value.
pub fn check_expire_time(expires_unix_opt: Option<i64>) -> LemmyResult<Option<DateTime<Utc>>> { pub fn check_expire_time(expires_unix_opt: Option<i64>) -> LemmyResult<Option<DateTime<Utc>>> {

View file

@ -1,11 +1,10 @@
use activitypub_federation::{config::Data, http_signatures::generate_actor_keypair}; use activitypub_federation::{config::Data, http_signatures::generate_actor_keypair};
use actix_web::{http::StatusCode, web::Json, HttpRequest, HttpResponse, HttpResponseBuilder}; use actix_web::{web::Json, HttpRequest};
use lemmy_api_common::{ use lemmy_api_common::{
claims::Claims, claims::Claims,
context::LemmyContext, context::LemmyContext,
person::{LoginResponse, Register}, person::{LoginResponse, Register},
utils::{ utils::{
create_login_cookie,
generate_inbox_url, generate_inbox_url,
generate_local_apub_endpoint, generate_local_apub_endpoint,
generate_shared_inbox_url, generate_shared_inbox_url,
@ -42,7 +41,7 @@ pub async fn register(
data: Json<Register>, data: Json<Register>,
req: HttpRequest, req: HttpRequest,
context: Data<LemmyContext>, context: Data<LemmyContext>,
) -> Result<HttpResponse, LemmyError> { ) -> Result<Json<LoginResponse>, LemmyError> {
let site_view = SiteView::read_local(&mut context.pool()).await?; let site_view = SiteView::read_local(&mut context.pool()).await?;
let local_site = site_view.local_site; let local_site = site_view.local_site;
let require_registration_application = let require_registration_application =
@ -158,7 +157,6 @@ pub async fn register(
.await?; .await?;
} }
let mut res = HttpResponseBuilder::new(StatusCode::OK);
let mut login_response = LoginResponse { let mut login_response = LoginResponse {
jwt: None, jwt: None,
registration_created: false, registration_created: false,
@ -170,7 +168,6 @@ pub async fn register(
|| (!require_registration_application && !local_site.require_email_verification) || (!require_registration_application && !local_site.require_email_verification)
{ {
let jwt = Claims::generate(inserted_local_user.id, req, &context).await?; let jwt = Claims::generate(inserted_local_user.id, req, &context).await?;
res.cookie(create_login_cookie(jwt.clone()));
login_response.jwt = Some(jwt); login_response.jwt = Some(jwt);
} else { } else {
if local_site.require_email_verification { if local_site.require_email_verification {
@ -201,5 +198,5 @@ pub async fn register(
} }
} }
Ok(res.json(login_response)) Ok(Json(login_response))
} }