diff --git a/pkg/cookies/cookies.go b/pkg/cookies/cookies.go index 936f08e..08e6a9b 100644 --- a/pkg/cookies/cookies.go +++ b/pkg/cookies/cookies.go @@ -7,6 +7,7 @@ import ( "time" "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/apis/options" ) // MakeCookie constructs a cookie from the given parameters, @@ -32,3 +33,9 @@ func MakeCookie(req *http.Request, name string, value string, path string, domai Expires: now.Add(expiration), } } + +// MakeCookieFromOptions constructs a cookie based on the givemn *options.CookieOptions, +// value and creation time +func MakeCookieFromOptions(req *http.Request, name string, value string, opts *options.CookieOptions, expiration time.Duration, now time.Time) *http.Cookie { + return MakeCookie(req, name, value, opts.CookiePath, opts.CookieDomain, opts.CookieHTTPOnly, opts.CookieSecure, expiration, now) +} diff --git a/pkg/sessions/cookie/session_store.go b/pkg/sessions/cookie/session_store.go index 8285888..ec43d73 100644 --- a/pkg/sessions/cookie/session_store.go +++ b/pkg/sessions/cookie/session_store.go @@ -27,14 +27,8 @@ var _ sessions.SessionStore = &SessionStore{} // SessionStore is an implementation of the sessions.SessionStore // interface that stores sessions in client side cookies type SessionStore struct { - CookieCipher *cookie.Cipher - CookieDomain string - CookieExpire time.Duration - CookieHTTPOnly bool - CookieName string - CookiePath string - CookieSecret string - CookieSecure bool + CookieOptions *options.CookieOptions + CookieCipher *cookie.Cipher } // Save takes a sessions.SessionState and stores the information from it @@ -54,12 +48,12 @@ func (s *SessionStore) Save(rw http.ResponseWriter, req *http.Request, ss *sessi // Load reads sessions.SessionState information from Cookies within the // HTTP request object func (s *SessionStore) Load(req *http.Request) (*sessions.SessionState, error) { - c, err := loadCookie(req, s.CookieName) + c, err := loadCookie(req, s.CookieOptions.CookieName) if err != nil { // always http.ErrNoCookie - return nil, fmt.Errorf("Cookie %q not present", s.CookieName) + return nil, fmt.Errorf("Cookie %q not present", s.CookieOptions.CookieName) } - val, _, ok := cookie.Validate(c, s.CookieSecret, s.CookieExpire) + val, _, ok := cookie.Validate(c, s.CookieOptions.CookieSecret, s.CookieOptions.CookieExpire) if !ok { return nil, errors.New("Cookie Signature not valid") } @@ -77,7 +71,7 @@ func (s *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) error { var cookies []*http.Cookie // matches CookieName, CookieName_ - var cookieNameRegex = regexp.MustCompile(fmt.Sprintf("^%s(_\\d+)?$", s.CookieName)) + var cookieNameRegex = regexp.MustCompile(fmt.Sprintf("^%s(_\\d+)?$", s.CookieOptions.CookieName)) for _, c := range req.Cookies() { if cookieNameRegex.MatchString(c.Name) { @@ -93,33 +87,30 @@ func (s *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) error { // setSessionCookie adds the user's session cookie to the response func (s *SessionStore) setSessionCookie(rw http.ResponseWriter, req *http.Request, val string, created time.Time) { - for _, c := range s.makeSessionCookie(req, val, s.CookieExpire, created) { + for _, c := range s.makeSessionCookie(req, val, created) { http.SetCookie(rw, c) } } // makeSessionCookie creates an http.Cookie containing the authenticated user's // authentication details -func (s *SessionStore) makeSessionCookie(req *http.Request, value string, expiration time.Duration, now time.Time) []*http.Cookie { +func (s *SessionStore) makeSessionCookie(req *http.Request, value string, now time.Time) []*http.Cookie { if value != "" { - value = cookie.SignedValue(s.CookieSecret, s.CookieName, value, now) + value = cookie.SignedValue(s.CookieOptions.CookieSecret, s.CookieOptions.CookieName, value, now) } - c := s.makeCookie(req, s.CookieName, value, expiration, now) - if len(c.Value) > 4096-len(s.CookieName) { + c := s.makeCookie(req, s.CookieOptions.CookieName, value, s.CookieOptions.CookieExpire, now) + if len(c.Value) > 4096-len(s.CookieOptions.CookieName) { return splitCookie(c) } return []*http.Cookie{c} } func (s *SessionStore) makeCookie(req *http.Request, name string, value string, expiration time.Duration, now time.Time) *http.Cookie { - return cookies.MakeCookie( + return cookies.MakeCookieFromOptions( req, name, value, - s.CookiePath, - s.CookieDomain, - s.CookieHTTPOnly, - s.CookieSecure, + s.CookieOptions, expiration, now, ) @@ -138,14 +129,8 @@ func NewCookieSessionStore(opts options.CookieStoreOptions, cookieOpts *options. } return &SessionStore{ - CookieCipher: cipher, - CookieDomain: cookieOpts.CookieDomain, - CookieExpire: cookieOpts.CookieExpire, - CookieHTTPOnly: cookieOpts.CookieHTTPOnly, - CookieName: cookieOpts.CookieName, - CookiePath: cookieOpts.CookiePath, - CookieSecret: cookieOpts.CookieSecret, - CookieSecure: cookieOpts.CookieSecure, + CookieCipher: cipher, + CookieOptions: cookieOpts, }, nil }