From 6c30efaaa93a7dce1ae358d1ffb0fee77001f8d7 Mon Sep 17 00:00:00 2001 From: Sergio Vera Date: Tue, 4 Jun 2024 16:59:56 +0200 Subject: [PATCH] Fixed lost lang parameter in certain routes --- internal/webserver/controller/auth/signin.go | 2 +- internal/webserver/controller/auth/signout.go | 5 ++--- internal/webserver/controller/user/update.go | 2 +- internal/webserver/middleware.go | 3 +-- internal/webserver/routes.go | 1 + 5 files changed, 6 insertions(+), 7 deletions(-) diff --git a/internal/webserver/controller/auth/signin.go b/internal/webserver/controller/auth/signin.go index d2ee251a..0e60f3cb 100644 --- a/internal/webserver/controller/auth/signin.go +++ b/internal/webserver/controller/auth/signin.go @@ -41,7 +41,7 @@ func (a *Controller) SignIn(c *fiber.Ctx) error { Name: "coreander", Value: signedToken, Path: "/", - Expires: expiration, + MaxAge: int(a.config.SessionTimeout.Seconds()), Secure: false, HTTPOnly: true, }) diff --git a/internal/webserver/controller/auth/signout.go b/internal/webserver/controller/auth/signout.go index b185e723..4b99281d 100644 --- a/internal/webserver/controller/auth/signout.go +++ b/internal/webserver/controller/auth/signout.go @@ -2,7 +2,6 @@ package auth import ( "fmt" - "time" "github.com/gofiber/fiber/v2" ) @@ -11,9 +10,9 @@ import ( func (a *Controller) SignOut(c *fiber.Ctx) error { c.Cookie(&fiber.Cookie{ Name: "coreander", - Value: "", + Value: "void", Path: "/", - Expires: time.Now().Add(-time.Second * 10), + MaxAge: -1, Secure: false, HTTPOnly: true, }) diff --git a/internal/webserver/controller/user/update.go b/internal/webserver/controller/user/update.go index d048ebd9..056a3b3d 100644 --- a/internal/webserver/controller/user/update.go +++ b/internal/webserver/controller/user/update.go @@ -75,7 +75,7 @@ func (u *Controller) updateUserData(c *fiber.Ctx, user *model.User, session mode Name: "coreander", Value: signedToken, Path: "/", - Expires: expiration, + MaxAge: int(session.Exp), Secure: false, HTTPOnly: true, }) diff --git a/internal/webserver/middleware.go b/internal/webserver/middleware.go index 9c306716..f234c432 100644 --- a/internal/webserver/middleware.go +++ b/internal/webserver/middleware.go @@ -111,10 +111,9 @@ func forbidden(c *fiber.Ctx, sender Sender, err error) error { emailSendingConfigured = false } message := "" - if err.Error() != "missing or malformed JWT" { + if err.Error() != "missing or malformed JWT" && c.Cookies("coreander") != "void" { message = "Session expired, please log in again." } - return c.Status(fiber.StatusForbidden).Render("auth/login", fiber.Map{ "Lang": chooseBestLanguage(c), "Title": "Login", diff --git a/internal/webserver/routes.go b/internal/webserver/routes.go index ebb15354..e9a8f65f 100644 --- a/internal/webserver/routes.go +++ b/internal/webserver/routes.go @@ -72,6 +72,7 @@ func routes(app *fiber.App, controllers Controllers, jwtSecret []byte, sender Se langGroup.Get("/logout", alwaysRequireAuthentication, controllers.Auth.SignOut) // Authentication requirement is configurable for all routes below this middleware + langGroup.Use(configurableAuthentication) app.Use(configurableAuthentication) app.Get("/cover/:slug", controllers.Documents.Cover)