Fix session cookie
This commit is contained in:
Chris Jean-Marie
parent
86ea93545b
commit
f9b39d0df8
|
|
@ -11,6 +11,7 @@ use axum::{
|
||||||
use axum_extra::TypedHeader;
|
use axum_extra::TypedHeader;
|
||||||
use dotenvy::var;
|
use dotenvy::var;
|
||||||
use headers::Cookie;
|
use headers::Cookie;
|
||||||
|
use http::{HeaderMap, HeaderValue};
|
||||||
use oauth2::{
|
use oauth2::{
|
||||||
basic::BasicClient, reqwest::http_client, AuthUrl, AuthorizationCode, ClientId, ClientSecret,
|
basic::BasicClient, reqwest::http_client, AuthUrl, AuthorizationCode, ClientId, ClientSecret,
|
||||||
CsrfToken, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RevocationUrl, Scope,
|
CsrfToken, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RevocationUrl, Scope,
|
||||||
|
|
@ -109,10 +110,15 @@ pub async fn google_auth_return(
|
||||||
) -> Result<impl IntoResponse, AppError> {
|
) -> Result<impl IntoResponse, AppError> {
|
||||||
let state = CsrfToken::new(params.remove("state").ok_or("OAuth: without state")?);
|
let state = CsrfToken::new(params.remove("state").ok_or("OAuth: without state")?);
|
||||||
let code = AuthorizationCode::new(params.remove("code").ok_or("OAuth: without code")?);
|
let code = AuthorizationCode::new(params.remove("code").ok_or("OAuth: without code")?);
|
||||||
let mut headers = axum::response::AppendHeaders([(
|
let mut headers = HeaderMap::new();
|
||||||
|
headers.insert(
|
||||||
|
axum::http::header::CACHE_CONTROL,
|
||||||
|
HeaderValue::from_static("no-store, no-cache, must-revalidate, max-age=0"),
|
||||||
|
);
|
||||||
|
headers.insert(
|
||||||
axum::http::header::SET_COOKIE,
|
axum::http::header::SET_COOKIE,
|
||||||
"session_token=".to_owned() + "; path=/; httponly; secure; samesite=strict",
|
HeaderValue::from_static("session_token=deleted; path=/; httponly; secure; samesite=strict"),
|
||||||
)]);
|
);
|
||||||
|
|
||||||
let query: (String, String) = sqlx::query_as(
|
let query: (String, String) = sqlx::query_as(
|
||||||
r#"DELETE FROM oauth2_state_storage WHERE csrf_state = ? RETURNING pkce_code_verifier,return_url"#,
|
r#"DELETE FROM oauth2_state_storage WHERE csrf_state = ? RETURNING pkce_code_verifier,return_url"#,
|
||||||
|
|
@ -229,12 +235,13 @@ pub async fn google_auth_return(
|
||||||
let session_token_p2 = Uuid::new_v4().to_string();
|
let session_token_p2 = Uuid::new_v4().to_string();
|
||||||
let session_token =
|
let session_token =
|
||||||
[session_token_p1.as_str(), "_", session_token_p2.as_str()].concat();
|
[session_token_p1.as_str(), "_", session_token_p2.as_str()].concat();
|
||||||
headers = axum::response::AppendHeaders([(
|
*headers.entry(axum::http::header::SET_COOKIE).or_insert(HeaderValue::from_static("")) =
|
||||||
axum::http::header::SET_COOKIE,
|
HeaderValue::from_str(
|
||||||
"session_token=".to_owned()
|
&format!(
|
||||||
+ &*session_token
|
"session_token={}; httponly; secure; samesite=lax", // path=/; samesite=strict
|
||||||
+ "; path=/; httponly; secure; samesite=strict",
|
session_token
|
||||||
)]);
|
)
|
||||||
|
).map_err(|_| AppError::new("Failed to create session token header"))?;
|
||||||
let now = Utc::now().timestamp();
|
let now = Utc::now().timestamp();
|
||||||
|
|
||||||
sqlx::query(
|
sqlx::query(
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue