mirror of
https://github.com/fosrl/pangolin.git
synced 2026-02-23 13:26:41 +00:00
set resource session cookie in proxy via param
This commit is contained in:
Milo Schwartz
@@ -16,6 +16,7 @@ import { z } from "zod";
|
||||
import { fromError } from "zod-validation-error";
|
||||
import { verifyTotpCode } from "@server/auth/2fa";
|
||||
import config from "@server/config";
|
||||
import logger from "@server/logger";
|
||||
|
||||
export const loginBodySchema = z.object({
|
||||
email: z.string().email(),
|
||||
@@ -125,6 +126,8 @@ export async function login(
|
||||
await createSession(token, existingUser.userId);
|
||||
const cookie = serializeSessionCookie(token);
|
||||
|
||||
logger.debug(cookie);
|
||||
|
||||
res.appendHeader("Set-Cookie", cookie);
|
||||
|
||||
if (
|
||||
|
||||
@@ -93,7 +93,7 @@ export async function verifyResourceSession(
|
||||
return allowed(res);
|
||||
}
|
||||
|
||||
const redirectUrl = `${config.app.base_url}/${resource.orgId}/auth/resource/${resource.resourceId}?r=${originalRequestURL}`;
|
||||
const redirectUrl = `${config.app.base_url}/auth/resource/${resource.resourceId}?redirect=${originalRequestURL}`;
|
||||
|
||||
if (sso && sessions.session) {
|
||||
const { session, user } = await validateSessionToken(
|
||||
|
||||
@@ -27,12 +27,13 @@ export const authWithPasswordParamsSchema = z.object({
|
||||
|
||||
export type AuthWithPasswordResponse = {
|
||||
codeRequested?: boolean;
|
||||
session?: string;
|
||||
};
|
||||
|
||||
export async function authWithPassword(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
next: NextFunction,
|
||||
): Promise<any> {
|
||||
const parsedBody = authWithPasswordBodySchema.safeParse(req.body);
|
||||
|
||||
@@ -40,8 +41,8 @@ export async function authWithPassword(
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
fromError(parsedBody.error).toString()
|
||||
)
|
||||
fromError(parsedBody.error).toString(),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -51,8 +52,8 @@ export async function authWithPassword(
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
fromError(parsedParams.error).toString()
|
||||
)
|
||||
fromError(parsedParams.error).toString(),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -65,7 +66,7 @@ export async function authWithPassword(
|
||||
.from(resources)
|
||||
.leftJoin(
|
||||
resourcePassword,
|
||||
eq(resourcePassword.resourceId, resources.resourceId)
|
||||
eq(resourcePassword.resourceId, resources.resourceId),
|
||||
)
|
||||
.where(eq(resources.resourceId, resourceId))
|
||||
.limit(1);
|
||||
@@ -75,7 +76,10 @@ export async function authWithPassword(
|
||||
|
||||
if (!resource) {
|
||||
return next(
|
||||
createHttpError(HttpCode.BAD_REQUEST, "Resource does not exist")
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
"Resource does not exist",
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -85,9 +89,9 @@ export async function authWithPassword(
|
||||
HttpCode.UNAUTHORIZED,
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
"Resource has no password protection"
|
||||
)
|
||||
)
|
||||
"Resource has no password protection",
|
||||
),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -99,11 +103,11 @@ export async function authWithPassword(
|
||||
timeCost: 2,
|
||||
outputLen: 32,
|
||||
parallelism: 1,
|
||||
}
|
||||
},
|
||||
);
|
||||
if (!validPassword) {
|
||||
return next(
|
||||
createHttpError(HttpCode.UNAUTHORIZED, "Incorrect password")
|
||||
createHttpError(HttpCode.UNAUTHORIZED, "Incorrect password"),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -127,18 +131,20 @@ export async function authWithPassword(
|
||||
token,
|
||||
passwordId: definedPassword.passwordId,
|
||||
});
|
||||
const secureCookie = resource.ssl;
|
||||
const cookie = serializeResourceSessionCookie(
|
||||
token,
|
||||
resource.fullDomain,
|
||||
secureCookie
|
||||
);
|
||||
res.appendHeader("Set-Cookie", cookie);
|
||||
// const secureCookie = resource.ssl;
|
||||
// const cookie = serializeResourceSessionCookie(
|
||||
// token,
|
||||
// resource.fullDomain,
|
||||
// secureCookie,
|
||||
// );
|
||||
// res.appendHeader("Set-Cookie", cookie);
|
||||
|
||||
logger.debug(cookie); // remove after testing
|
||||
// logger.debug(cookie); // remove after testing
|
||||
|
||||
return response<null>(res, {
|
||||
data: null,
|
||||
return response<AuthWithPasswordResponse>(res, {
|
||||
data: {
|
||||
session: token,
|
||||
},
|
||||
success: true,
|
||||
error: false,
|
||||
message: "Authenticated with resource successfully",
|
||||
@@ -148,8 +154,8 @@ export async function authWithPassword(
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.INTERNAL_SERVER_ERROR,
|
||||
"Failed to authenticate with resource"
|
||||
)
|
||||
"Failed to authenticate with resource",
|
||||
),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -27,6 +27,7 @@ export const authWithPincodeParamsSchema = z.object({
|
||||
|
||||
export type AuthWithPincodeResponse = {
|
||||
codeRequested?: boolean;
|
||||
session?: string;
|
||||
};
|
||||
|
||||
export async function authWithPincode(
|
||||
@@ -126,18 +127,20 @@ export async function authWithPincode(
|
||||
token,
|
||||
pincodeId: definedPincode.pincodeId,
|
||||
});
|
||||
const secureCookie = resource.ssl;
|
||||
const cookie = serializeResourceSessionCookie(
|
||||
token,
|
||||
resource.fullDomain,
|
||||
secureCookie,
|
||||
);
|
||||
res.appendHeader("Set-Cookie", cookie);
|
||||
// const secureCookie = resource.ssl;
|
||||
// const cookie = serializeResourceSessionCookie(
|
||||
// token,
|
||||
// resource.fullDomain,
|
||||
// secureCookie,
|
||||
// );
|
||||
// res.appendHeader("Set-Cookie", cookie);
|
||||
|
||||
logger.debug(cookie); // remove after testing
|
||||
// logger.debug(cookie); // remove after testing
|
||||
|
||||
return response<null>(res, {
|
||||
data: null,
|
||||
return response<AuthWithPincodeResponse>(res, {
|
||||
data: {
|
||||
session: token,
|
||||
},
|
||||
success: true,
|
||||
error: false,
|
||||
message: "Authenticated with resource successfully",
|
||||
|
||||
@@ -8,7 +8,7 @@ import config from "@server/config";
|
||||
|
||||
export async function traefikConfigProvider(
|
||||
_: Request,
|
||||
res: Response
|
||||
res: Response,
|
||||
): Promise<any> {
|
||||
try {
|
||||
const all = await db
|
||||
@@ -16,18 +16,18 @@ export async function traefikConfigProvider(
|
||||
.from(schema.targets)
|
||||
.innerJoin(
|
||||
schema.resources,
|
||||
eq(schema.targets.resourceId, schema.resources.resourceId)
|
||||
eq(schema.targets.resourceId, schema.resources.resourceId),
|
||||
)
|
||||
.innerJoin(
|
||||
schema.orgs,
|
||||
eq(schema.resources.orgId, schema.orgs.orgId)
|
||||
eq(schema.resources.orgId, schema.orgs.orgId),
|
||||
)
|
||||
.where(
|
||||
and(
|
||||
eq(schema.targets.enabled, true),
|
||||
isNotNull(schema.resources.subdomain),
|
||||
isNotNull(schema.orgs.domain)
|
||||
)
|
||||
isNotNull(schema.orgs.domain),
|
||||
),
|
||||
);
|
||||
|
||||
if (!all.length) {
|
||||
@@ -48,9 +48,14 @@ export async function traefikConfigProvider(
|
||||
[badgerMiddlewareName]: {
|
||||
apiBaseUrl: new URL(
|
||||
"/api/v1",
|
||||
`http://${config.server.internal_hostname}:${config.server.internal_port}`
|
||||
`http://${config.server.internal_hostname}:${config.server.internal_port}`,
|
||||
).href,
|
||||
appBaseUrl: config.app.base_url,
|
||||
resourceSessionCookieName:
|
||||
config.badger.resource_session_cookie_name,
|
||||
userSessionCookieName:
|
||||
config.server.session_cookie_name,
|
||||
sessionQueryParameter:
|
||||
config.badger.session_query_parameter,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user