mirror of
https://github.com/semaphoreui/semaphore.git
synced 2025-01-20 15:29:28 +01:00
feat(be): http only for cookies
This commit is contained in:
parent
35e886b436
commit
834f75bac0
22
api/login.go
22
api/login.go
@ -16,13 +16,13 @@ import (
|
|||||||
"text/template"
|
"text/template"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/coreos/go-oidc/v3/oidc"
|
||||||
|
"github.com/go-ldap/ldap/v3"
|
||||||
|
"github.com/gorilla/mux"
|
||||||
"github.com/semaphoreui/semaphore/api/helpers"
|
"github.com/semaphoreui/semaphore/api/helpers"
|
||||||
"github.com/semaphoreui/semaphore/db"
|
"github.com/semaphoreui/semaphore/db"
|
||||||
"github.com/semaphoreui/semaphore/pkg/random"
|
"github.com/semaphoreui/semaphore/pkg/random"
|
||||||
"github.com/semaphoreui/semaphore/util"
|
"github.com/semaphoreui/semaphore/util"
|
||||||
"github.com/coreos/go-oidc/v3/oidc"
|
|
||||||
"github.com/go-ldap/ldap/v3"
|
|
||||||
"github.com/gorilla/mux"
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
@ -171,9 +171,10 @@ func createSession(w http.ResponseWriter, r *http.Request, user db.User) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
http.SetCookie(w, &http.Cookie{
|
http.SetCookie(w, &http.Cookie{
|
||||||
Name: "semaphore",
|
Name: "semaphore",
|
||||||
Value: encoded,
|
Value: encoded,
|
||||||
Path: "/",
|
Path: "/",
|
||||||
|
HttpOnly: true,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -317,10 +318,11 @@ func login(w http.ResponseWriter, r *http.Request) {
|
|||||||
|
|
||||||
func logout(w http.ResponseWriter, r *http.Request) {
|
func logout(w http.ResponseWriter, r *http.Request) {
|
||||||
http.SetCookie(w, &http.Cookie{
|
http.SetCookie(w, &http.Cookie{
|
||||||
Name: "semaphore",
|
Name: "semaphore",
|
||||||
Value: "",
|
Value: "",
|
||||||
Expires: time.Now().Add(24 * 7 * time.Hour * -1),
|
Expires: time.Now().Add(24 * 7 * time.Hour * -1),
|
||||||
Path: "/",
|
Path: "/",
|
||||||
|
HttpOnly: true,
|
||||||
})
|
})
|
||||||
|
|
||||||
w.WriteHeader(http.StatusNoContent)
|
w.WriteHeader(http.StatusNoContent)
|
||||||
|
Loading…
Reference in New Issue
Block a user