Fixed cookie vars
This commit is contained in:
parent
56f397c2a3
commit
f5af0e701c
3 changed files with 26 additions and 39 deletions
39
app/app.php
39
app/app.php
|
@ -15,33 +15,10 @@ use Appwrite\Database\Document;
|
||||||
use Appwrite\Database\Validator\Authorization;
|
use Appwrite\Database\Validator\Authorization;
|
||||||
use Appwrite\Network\Validator\Origin;
|
use Appwrite\Network\Validator\Origin;
|
||||||
|
|
||||||
Config::setParam('domain', $_SERVER['HTTP_HOST']);
|
Config::setParam('domain', 'localhost');
|
||||||
Config::setParam('domainVerification', false);
|
Config::setParam('domainVerification', false);
|
||||||
// Config::setParam('domain', $request->getServer('HTTP_HOST', ''));
|
Config::setParam('cookieDomain', 'localhost');
|
||||||
// Config::setParam('domainVerification', false);
|
Config::setParam('cookieSamesite', Response::COOKIE_SAMESITE_NONE);
|
||||||
|
|
||||||
\define('COOKIE_DOMAIN',
|
|
||||||
(
|
|
||||||
$_SERVER['HTTP_HOST'] === 'localhost' ||
|
|
||||||
$_SERVER['HTTP_HOST'] === 'localhost:'.$request->getPort() ||
|
|
||||||
(\filter_var($request->getHostname(), FILTER_VALIDATE_IP) !== false)
|
|
||||||
)
|
|
||||||
? null
|
|
||||||
: '.'.$request->getHostname()
|
|
||||||
);
|
|
||||||
\define('COOKIE_SAMESITE', Response::COOKIE_SAMESITE_NONE);
|
|
||||||
|
|
||||||
// \define('COOKIE_DOMAIN',
|
|
||||||
// (
|
|
||||||
// $request->getServer('HTTP_HOST', null) === 'localhost' ||
|
|
||||||
// $request->getServer('HTTP_HOST', null) === 'localhost:'.$request->getPort() ||
|
|
||||||
// (\filter_var($request->getHostname(), FILTER_VALIDATE_IP) !== false)
|
|
||||||
// )
|
|
||||||
// ? null
|
|
||||||
// : '.'.$request->getHostname()
|
|
||||||
// );
|
|
||||||
// \define('COOKIE_SAMESITE', Response::COOKIE_SAMESITE_NONE);
|
|
||||||
|
|
||||||
|
|
||||||
// // Set project mail
|
// // Set project mail
|
||||||
// $register->get('smtp')
|
// $register->get('smtp')
|
||||||
|
@ -98,10 +75,20 @@ App::init(function ($utopia, $request, $response, $console, $project, $user, $lo
|
||||||
$selfDomain = new Domain(Config::getParam('hostname'));
|
$selfDomain = new Domain(Config::getParam('hostname'));
|
||||||
$endDomain = new Domain($origin);
|
$endDomain = new Domain($origin);
|
||||||
|
|
||||||
|
Config::setParam('domain', $request->getServer('HTTP_HOST', ''));
|
||||||
|
|
||||||
Config::setParam('domainVerification',
|
Config::setParam('domainVerification',
|
||||||
($selfDomain->getRegisterable() === $endDomain->getRegisterable()) &&
|
($selfDomain->getRegisterable() === $endDomain->getRegisterable()) &&
|
||||||
$endDomain->getRegisterable() !== '');
|
$endDomain->getRegisterable() !== '');
|
||||||
|
|
||||||
|
Config::setParam('cookieDomain', (
|
||||||
|
$request->getServer('HTTP_HOST', null) === 'localhost' ||
|
||||||
|
$request->getServer('HTTP_HOST', null) === 'localhost:'.$request->getPort() ||
|
||||||
|
(\filter_var($request->getHostname(), FILTER_VALIDATE_IP) !== false)
|
||||||
|
)
|
||||||
|
? null
|
||||||
|
: '.'.$request->getHostname()
|
||||||
|
);
|
||||||
/*
|
/*
|
||||||
* Security Headers
|
* Security Headers
|
||||||
*
|
*
|
||||||
|
|
|
@ -234,8 +234,8 @@ App::post('/v1/account/sessions')
|
||||||
}
|
}
|
||||||
|
|
||||||
$response
|
$response
|
||||||
->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($profile->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null)
|
->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($profile->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||||
->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE)
|
->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||||
->json($session->getArrayCopy(['$id', 'type', 'expire']))
|
->json($session->getArrayCopy(['$id', 'type', 'expire']))
|
||||||
;
|
;
|
||||||
|
@ -526,7 +526,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
||||||
$state['success'] = URLParser::parse($state['success']);
|
$state['success'] = URLParser::parse($state['success']);
|
||||||
$query = URLParser::parseQuery($state['success']['query']);
|
$query = URLParser::parseQuery($state['success']['query']);
|
||||||
$query['project'] = $project->getId();
|
$query['project'] = $project->getId();
|
||||||
$query['domain'] = COOKIE_DOMAIN;
|
$query['domain'] = Config::getParam('cookieDomain');
|
||||||
$query['key'] = Auth::$cookieName;
|
$query['key'] = Auth::$cookieName;
|
||||||
$query['secret'] = Auth::encodeSession($user->getId(), $secret);
|
$query['secret'] = Auth::encodeSession($user->getId(), $secret);
|
||||||
$state['success']['query'] = URLParser::unparseQuery($query);
|
$state['success']['query'] = URLParser::unparseQuery($query);
|
||||||
|
@ -536,8 +536,8 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
||||||
$response
|
$response
|
||||||
->addHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0')
|
->addHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0')
|
||||||
->addHeader('Pragma', 'no-cache')
|
->addHeader('Pragma', 'no-cache')
|
||||||
->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null)
|
->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE)
|
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||||
->redirect($state['success'])
|
->redirect($state['success'])
|
||||||
;
|
;
|
||||||
}, ['request', 'response', 'project', 'user', 'projectDB', 'audit']);
|
}, ['request', 'response', 'project', 'user', 'projectDB', 'audit']);
|
||||||
|
@ -975,8 +975,8 @@ App::delete('/v1/account')
|
||||||
}
|
}
|
||||||
|
|
||||||
$response
|
$response
|
||||||
->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null)
|
->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||||
->addCookie(Auth::$cookieName, '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE)
|
->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||||
->noContent()
|
->noContent()
|
||||||
;
|
;
|
||||||
}, ['request', 'response', 'user', 'projectDB', 'audit', 'webhook']);
|
}, ['request', 'response', 'user', 'projectDB', 'audit', 'webhook']);
|
||||||
|
@ -1034,8 +1034,8 @@ App::delete('/v1/account/sessions/:sessionId')
|
||||||
|
|
||||||
if ($token->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too
|
if ($token->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too
|
||||||
$response
|
$response
|
||||||
->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null)
|
->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||||
->addCookie(Auth::$cookieName, '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE)
|
->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||||
;
|
;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1093,8 +1093,8 @@ App::delete('/v1/account/sessions')
|
||||||
|
|
||||||
if ($token->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too
|
if ($token->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too
|
||||||
$response
|
$response
|
||||||
->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null)
|
->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||||
->addCookie(Auth::$cookieName, '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE)
|
->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||||
;
|
;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -570,8 +570,8 @@ App::patch('/v1/teams/:teamId/memberships/:inviteId/status')
|
||||||
}
|
}
|
||||||
|
|
||||||
$response
|
$response
|
||||||
->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null)
|
->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE)
|
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||||
->json(\array_merge($membership->getArrayCopy([
|
->json(\array_merge($membership->getArrayCopy([
|
||||||
'$id',
|
'$id',
|
||||||
'userId',
|
'userId',
|
||||||
|
|
Loading…
Reference in a new issue