pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-06 02:36:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

set resource session as base domain cookie

Browse Source
This commit is contained in:
Milo Schwartz
2024-11-27 00:07:40 -05:00
parent 41e531306d
commit 8178dd1525
13 changed files with 169 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
server/routers/badger/verifySession.ts
View File

@@ -19,10 +19,7 @@ import { Resource, roleResources, userResources } from "@server/db/schema";
import logger from "@server/logger";
const verifyResourceSessionSchema = z.object({
sessions: z.object({
session: z.string().nullable(),
resource_session: z.string().nullable(),
}),
sessions: z.record(z.string()).optional(),
originalRequestURL: z.string().url(),
scheme: z.string(),
host: z.string(),
@@ -98,10 +95,15 @@ export async function verifyResourceSession(
const redirectUrl = `${config.app.base_url}/auth/resource/${encodeURIComponent(resource.resourceId)}?redirect=${encodeURIComponent(originalRequestURL)}`;
if (sso && sessions.session) {
const { session, user } = await validateSessionToken(
sessions.session,
);
if (!sessions) {
return notAllowed(res);
}
const sessionToken = sessions[config.server.session_cookie_name];
// check for unified login
if (sso && sessionToken) {
const { session, user } = await validateSessionToken(sessionToken);
if (session && user) {
const isAllowed = await isUserAllowedToAccessResource(
user.userId,
@@ -117,11 +119,17 @@ export async function verifyResourceSession(
}
}
if (password && sessions.resource_session) {
const resourceSessionToken =
sessions[
`${config.badger.resource_session_cookie_name}_${resource.resourceId}`
];
if ((pincode || password) && resourceSessionToken) {
const { resourceSession } = await validateResourceSessionToken(
sessions.resource_session,
resourceSessionToken,
resource.resourceId,
);
if (resourceSession) {
if (
pincode &&