tronnet/ProxmoxAAS-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add SameSite value for access cookies,

Browse Source 
add proper minimum expire time for username/auth access cookie,
fix bug in setUser
This commit is contained in:
Arthur Lu 2024-10-30 18:59:10 +00:00
parent 4984877ab7
commit 7626dcf387
3 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/backends/backends.js
View File

@ -250,7 +250,7 @@ class USER_BACKEND_MANAGER extends USER_BACKEND {
for (const backend of this.#config.realm[user.realm]) { for (const backend of this.#config.realm[user.realm]) {
const atomicChange = await global.backends[backend].setUser(user, attributes, params); const atomicChange = await global.backends[backend].setUser(user, attributes, params);
if (atomicChange.valid === false) { // if any fails, preemptively exit if (atomicChange.valid === false) { // if any fails, preemptively exit
return atomicChange.stauts; return atomicChange.status;
} }
atomicChanges.push(atomicChange); // queue callback into array atomicChanges.push(atomicChange); // queue callback into array
} }

13
src/routes/access.js
View File

@ -73,12 +73,17 @@ router.post("/ticket", async (req, res) => {
return; return;
} }
const cookies = cm.exportCookies(); const cookies = cm.exportCookies();
let minimumExpires = Infinity;
for (const cookie of cookies) { for (const cookie of cookies) {
const expiresDate = new Date(Date.now() + cookie.expiresMSFromNow); const expiresDate = new Date(Date.now() + cookie.expiresMSFromNow);
res.cookie(cookie.name, cookie.value, { domain, path: "/", httpOnly: true, secure: true, expires: expiresDate }); res.cookie(cookie.name, cookie.value, { domain, path: "/", httpOnly: true, secure: true, expires: expiresDate, sameSite: "none" });
if (cookie.expiresMSFromNow < minimumExpires) {
minimumExpires = cookie.expiresMSFromNow;
}
} }
res.cookie("username", params.username, { domain, path: "/", secure: true }); const expiresDate = new Date(Date.now() + minimumExpires);
res.cookie("auth", 1, { domain, path: "/", secure: true }); res.cookie("username", params.username, { domain, path: "/", secure: true, expires: expiresDate, sameSite: "none" });
res.cookie("auth", 1, { domain, path: "/", secure: true, expires: expiresDate, sameSite: "none" });
res.status(200).send({ auth: true }); res.status(200).send({ auth: true });
}); });
@ -95,7 +100,7 @@ router.delete("/ticket", async (req, res) => {
const domain = global.config.application.domain; const domain = global.config.application.domain;
const expire = new Date(0); const expire = new Date(0);
for (const cookie in req.cookies) { for (const cookie in req.cookies) {
res.cookie(cookie, "", { domain, path: "/", expires: expire }); res.cookie(cookie, "", { domain, path: "/", expires: expire, secure: true, sameSite: "none" });
} }
await global.pve.closeSession(req.cookies); await global.pve.closeSession(req.cookies);
await global.userManager.closeSession(req.cookies); await global.userManager.closeSession(req.cookies);

5
src/utils.js
View File

@ -379,6 +379,11 @@ export function readJSONFile (path) {
} }
}; };
/**
*
* @param {*} username
* @returns {Object | null} user object containing username and realm or null if user does not exist
*/
export function getUserObjFromUsername (username) { export function getUserObjFromUsername (username) {
if (username) { if (username) {
const userRealm = username.split("@").at(-1); const userRealm = username.split("@").at(-1);