tronnet/ProxmoxAAS-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

add SameSite value for access cookies,

Browse Source 
add proper minimum expire time for username/auth access cookie,
fix bug in setUser
This commit is contained in:
Arthur Lu
2024-10-30 18:59:10 +00:00
parent 4984877ab7
commit 7626dcf387
3 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/routes/access.js
View File

@@ -73,12 +73,17 @@ router.post("/ticket", async (req, res) => {
return;
}
const cookies = cm.exportCookies();
let minimumExpires = Infinity;
for (const cookie of cookies) {
const expiresDate = new Date(Date.now() + cookie.expiresMSFromNow);
res.cookie(cookie.name, cookie.value, { domain, path: "/", httpOnly: true, secure: true, expires: expiresDate });
res.cookie(cookie.name, cookie.value, { domain, path: "/", httpOnly: true, secure: true, expires: expiresDate, sameSite: "none" });
if (cookie.expiresMSFromNow < minimumExpires) {
minimumExpires = cookie.expiresMSFromNow;
}
}
res.cookie("username", params.username, { domain, path: "/", secure: true });
res.cookie("auth", 1, { domain, path: "/", secure: true });
const expiresDate = new Date(Date.now() + minimumExpires);
res.cookie("username", params.username, { domain, path: "/", secure: true, expires: expiresDate, sameSite: "none" });
res.cookie("auth", 1, { domain, path: "/", secure: true, expires: expiresDate, sameSite: "none" });
res.status(200).send({ auth: true });
});
@@ -95,7 +100,7 @@ router.delete("/ticket", async (req, res) => {
const domain = global.config.application.domain;
const expire = new Date(0);
for (const cookie in req.cookies) {
res.cookie(cookie, "", { domain, path: "/", expires: expire });
res.cookie(cookie, "", { domain, path: "/", expires: expire, secure: true, sameSite: "none" });
}
await global.pve.closeSession(req.cookies);
await global.userManager.closeSession(req.cookies);