Set nhp-token cookie

Author: jerry-0824

common/types.go

@@ -32,6 +32,7 @@ type ResourceData struct {
 	RedirectWithParams bool           `json:"redirectWithParams,omitempty"`
 	SkipAuth           bool           `json:"skipAuth,omitempty"`
 	CookieDomain       string         `json:"cookieDomain,omitempty"`
+	AccessControlAllowOrigin string	  `json:accessControlAllowOrigin",omitempty"`
 }
 
 type ResourceGroupMap map[string]*ResourceData

server/plugins/example/etc/resource.toml

@@ -6,12 +6,14 @@
 # OpenTime: seconds for traffic passing duration after successful knock.
 # RedirectUrl: a customized url send back with the http response message as an option for redirection. (only applicable for http agent)
 # RedirectWithParams: whether or not to include queries in the original http request. (only applicable for http agent)
+# AccessControlAllowOrigin: the response header indicates whether the response can be shared with requesting code from the given origin.
 ["demo"]
 SkipAuth = true
 OpenTime = 15
 RedirectUrl = "https://acdemo.opennhp.org"
 RedirectWithParams = false
 CookieDomain = "opennhp.org"
+AccessControlAllowOrigin = "https://demologin.opennhp.org"
 
 # syntax ["{ResourceId}".Resources."{ResourceName}"]
 # ResourceName: name of resource inside a resource group. Each ResourceId can have multiple ResourceNames.

server/plugins/example/main.go

@@ -186,6 +186,8 @@ func AuthWithHttp(ctx *gin.Context, req *common.HttpKnockRequest, helper *plugin
 		return
 	}
 
+	corsMiddleware(ctx, res.AccessControlAllowOrigin)
+
 	switch {
 	case strings.EqualFold(action, "valid"):
 		ackMsg, err = authRegular(ctx, req, res, helper)
@@ -316,6 +318,28 @@ func AuthWithNHP(req *common.NhpAuthRequest, helper *plugins.NhpServerPluginHelp
 	return ackMsg, err
 }
 
+func corsMiddleware(ctx *gin.Context, originResource string) {
+		// HTTP headers for CORS
+		ctx.Writer.Header().Set("Access-Control-Allow-Origin", originResource) // allow cross-origin resource sharing
+		ctx.Writer.Header().Set("Access-Control-Allow-Methods", "GET, OPTIONS, POST") // methods
+		ctx.Writer.Header().Set("Access-Control-Expose-Headers", "Content-Type, Content-Length, Set-Cookie")
+		ctx.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Authorization, X-NHP-Ver, Cookie")
+		ctx.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
+		ctx.Writer.Header().Set("Access-Control-Max-Age", "300")
+
+		if ctx.Request.Method == "OPTIONS" {
+			ctx.Status(http.StatusOK)
+			return
+		}
+
+		if ctx.Request.Method == "DELETE" || ctx.Request.Method == "PUT" {
+			ctx.AbortWithStatus(http.StatusNoContent)
+			return
+		}
+
+		ctx.Next()
+}
+
 func main() {
 
 }

server/plugins/example/templates/example_login.html

@@ -289,7 +289,9 @@ <h2 id="authSuccessMessage"></h2>
             "&password=" + encodeURIComponent(password);
             console.log(nhpValidUrl);
 
-            fetch(nhpValidUrl)
+            fetch(nhpValidUrl,{
+                credentials: "include"
+            })
             .then(response => response.json())
             .then(result => {
                 console.log(result);