Added cookie settings

This commit is contained in:
Igor Dolgiy 2014-06-19 18:50:43 +04:00 committed by Jehiah Czebotar
parent 23a89b06de
commit 6cdf05e7f2
2 changed files with 18 additions and 3 deletions

View File

@ -23,6 +23,8 @@ var (
htpasswdFile = flag.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption")
cookieSecret = flag.String("cookie-secret", "", "the seed string for secure cookies")
cookieDomain = flag.String("cookie-domain", "", "an optional cookie domain to force cookies to")
cookieExpire = flag.Int("cookie-expire", 168 * 60, "expire time for cookie")
cookieSecure = flag.Bool("cookie-secure", false, "HTTPS only cookie")
authenticatedEmailsFile = flag.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
googleAppsDomains = StringArray{}
upstreams = StringArray{}

View File

@ -184,14 +184,27 @@ func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val st
if *cookieDomain != "" && strings.HasSuffix(domain, *cookieDomain) {
domain = *cookieDomain
}
need_expire := true
expire := time.Now().Add(time.Duration(*cookieExpire))
if *cookieExpire == 0 {
need_expire = false
}
http_only := true
secure := false
if *cookieSecure {
http_only = false
secure = true
}
cookie := &http.Cookie{
Name: p.CookieKey,
Value: signedCookieValue(p.CookieSeed, p.CookieKey, val),
Path: "/",
Domain: domain,
Expires: time.Now().Add(time.Duration(168) * time.Hour), // 7 days
HttpOnly: true,
// Secure: req. ... ? set if X-Scheme: https ?
HttpOnly: http_only,
Secure: secure,
}
if need_expire {
cookie.Expires = expire
}
http.SetCookie(rw, cookie)
}