From 6cdf05e7f2723ad734b74755599c70ad5a64b288 Mon Sep 17 00:00:00 2001 From: Igor Dolgiy Date: Thu, 19 Jun 2014 18:50:43 +0400 Subject: [PATCH] Added cookie settings --- main.go | 2 ++ oauthproxy.go | 19 ++++++++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/main.go b/main.go index c2ee189..feca1df 100644 --- a/main.go +++ b/main.go @@ -23,6 +23,8 @@ var ( htpasswdFile = flag.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption") cookieSecret = flag.String("cookie-secret", "", "the seed string for secure cookies") cookieDomain = flag.String("cookie-domain", "", "an optional cookie domain to force cookies to") + cookieExpire = flag.Int("cookie-expire", 168 * 60, "expire time for cookie") + cookieSecure = flag.Bool("cookie-secure", false, "HTTPS only cookie") authenticatedEmailsFile = flag.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)") googleAppsDomains = StringArray{} upstreams = StringArray{} diff --git a/oauthproxy.go b/oauthproxy.go index e5f5019..9f9bfbe 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -184,14 +184,27 @@ func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val st if *cookieDomain != "" && strings.HasSuffix(domain, *cookieDomain) { domain = *cookieDomain } + need_expire := true + expire := time.Now().Add(time.Duration(*cookieExpire)) + if *cookieExpire == 0 { + need_expire = false + } + http_only := true + secure := false + if *cookieSecure { + http_only = false + secure = true + } cookie := &http.Cookie{ Name: p.CookieKey, Value: signedCookieValue(p.CookieSeed, p.CookieKey, val), Path: "/", Domain: domain, - Expires: time.Now().Add(time.Duration(168) * time.Hour), // 7 days - HttpOnly: true, - // Secure: req. ... ? set if X-Scheme: https ? + HttpOnly: http_only, + Secure: secure, + } + if need_expire { + cookie.Expires = expire } http.SetCookie(rw, cookie) }