liquid_feedback_frontend
changeset 1538:25ea15b4bd5e
Reworked cookie session control, exceptions for API
| author | bsw |
|---|---|
| date | Tue Oct 20 17:48:49 2020 +0200 (2020-10-20) |
| parents | 1e5c1edf7388 |
| children | 52185c8f5746 |
| files | app/main/_filter/20_session.lua app/main/oauth2/session.lua |
line diff
1.1 --- a/app/main/_filter/20_session.lua Mon Oct 12 12:19:18 2020 +0200 1.2 +++ b/app/main/_filter/20_session.lua Tue Oct 20 17:48:49 2020 +0200 1.3 @@ -1,37 +1,58 @@ 1.4 -local cookie = request.get_cookie{ name = config.cookie_name } 1.5 -local cookie_samesite = request.get_cookie{ name = config.cookie_name_samesite } 1.6 +local module = request.get_module() 1.7 +local view = request.get_view() 1.8 1.9 -local oauth2_session_request = request.get_module() == "oauth2" and request.get_view() == "session" 1.10 +local need_session = false 1.11 +local cors_request = false 1.12 1.13 -if 1.14 - cookie and cookie ~= cookie_samesite and not oauth2_session_request 1.15 -then 1.16 - slot.put_into("error", _"Cookie error. Try restarting your web browser and login again.") 1.17 - ui.script{ script = [[ 1.18 - function cookie_by_name(name) { 1.19 - var match = document.cookie.match(new RegExp('(^| )' + name + '=([^;]+)')); 1.20 - if (match) return match[2]; 1.21 - } 1.22 - var cookie = (cookie_by_name("]] .. config.cookie_name .. [[")); 1.23 - var cookie_samesite = (cookie_by_name("]] .. config.cookie_name_samesite ..[[")); 1.24 - if (cookie != cookie_samesite) { 1.25 - document.cookie = "]] .. config.cookie_name .. [[= ; expires = Thu, 01 Jan 1970 00:00:00 GMT" 1.26 - document.cookie = "]] .. config.cookie_name_samesite .. [[= ; expires = Thu, 01 Jan 1970 00:00:00 GMT" 1.27 - window.location = "]] .. request.get_absolute_baseurl() .. [["; 1.28 - } 1.29 - ]]} 1.30 - return 1.31 +if module == "api" then 1.32 + need_session = false 1.33 +elseif module == "oauth2" then 1.34 + if view == "authorization" then 1.35 + need_session = true 1.36 + elseif view == "session" then 1.37 + need_session = true 1.38 + cors_request = true 1.39 + else 1.40 + need_session = false 1.41 + end 1.42 +else 1.43 + need_session = true 1.44 end 1.45 1.46 -if cookie then 1.47 - app.session = Session:by_ident(cookie) 1.48 -end 1.49 +if need_session then 1.50 + 1.51 + local cookie = request.get_cookie{ name = config.cookie_name } 1.52 1.53 -if not app.session then 1.54 - app.session = Session:new() 1.55 - if not oauth2_session_request then 1.56 + if not cors_request then 1.57 + local cookie_samesite = request.get_cookie{ name = config.cookie_name_samesite } 1.58 + if cookie ~= cookie_samesite then 1.59 + slot.put_into("error", _"Cookie error. Try restarting your web browser and login again.") 1.60 + ui.script{ script = [[ 1.61 + function cookie_by_name(name) { 1.62 + var match = document.cookie.match(new RegExp('(^| )' + name + '=([^;]+)')); 1.63 + if (match) return match[2]; 1.64 + } 1.65 + var cookie = (cookie_by_name("]] .. config.cookie_name .. [[")); 1.66 + var cookie_samesite = (cookie_by_name("]] .. config.cookie_name_samesite ..[[")); 1.67 + if (cookie != cookie_samesite) { 1.68 + document.cookie = "]] .. config.cookie_name .. [[= ; expires = Thu, 01 Jan 1970 00:00:00 GMT" 1.69 + document.cookie = "]] .. config.cookie_name_samesite .. [[= ; expires = Thu, 01 Jan 1970 00:00:00 GMT" 1.70 + window.location = "]] .. request.get_absolute_baseurl() .. [["; 1.71 + } 1.72 + ]]} 1.73 + return 1.74 + end 1.75 + end 1.76 + 1.77 + if cookie then 1.78 + app.session = Session:by_ident(cookie) 1.79 + end 1.80 + 1.81 + if not cors_request and not app.session then 1.82 + app.session = Session:new() 1.83 app.session:set_cookie() 1.84 end 1.85 + 1.86 end 1.87 1.88 locale.set{ lang = app.session.lang or config.default_lang or "en" }
2.1 --- a/app/main/oauth2/session.lua Mon Oct 12 12:19:18 2020 +0200 2.2 +++ b/app/main/oauth2/session.lua Tue Oct 20 17:48:49 2020 +0200 2.3 @@ -8,7 +8,7 @@ 2.4 member_id = json.null 2.5 } 2.6 2.7 -if app.session.member_id then 2.8 +if app.session and app.session.member_id then 2.9 local origin = request.get_header("Origin") 2.10 if origin then 2.11 local system_applications = SystemApplication:by_origin(origin)