mirror of
https://github.com/fosrl/pangolin.git
synced 2025-07-21 03:05:00 +02:00
make cookies work with multi-domain
This commit is contained in:
miloschwartz
parent
c877bb1187
commit
ff37e07ce6
4 changed files with 24 additions and 10 deletions
|
|
@ -170,9 +170,9 @@ export function serializeResourceSessionCookie(
|
||||||
isHttp: boolean = false
|
isHttp: boolean = false
|
||||||
): string {
|
): string {
|
||||||
if (!isHttp) {
|
if (!isHttp) {
|
||||||
return `${cookieName}_s=${token}; HttpOnly; SameSite=Strict; Max-Age=${SESSION_COOKIE_EXPIRES / 1000}; Path=/; Secure; Domain=${"." + domain}`;
|
return `${cookieName}_s=${token}; HttpOnly; SameSite=Lax; Max-Age=${SESSION_COOKIE_EXPIRES / 1000}; Path=/; Secure; Domain=${"." + domain}`;
|
||||||
} else {
|
} else {
|
||||||
return `${cookieName}=${token}; HttpOnly; SameSite=Strict; Max-Age=${SESSION_COOKIE_EXPIRES / 1000}; Path=/; Domain=${"." + domain}`;
|
return `${cookieName}=${token}; HttpOnly; SameSite=Lax; Max-Age=${SESSION_COOKIE_EXPIRES / 1000}; Path=/; Domain=${"." + domain}`;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -182,9 +182,9 @@ export function createBlankResourceSessionTokenCookie(
|
||||||
isHttp: boolean = false
|
isHttp: boolean = false
|
||||||
): string {
|
): string {
|
||||||
if (!isHttp) {
|
if (!isHttp) {
|
||||||
return `${cookieName}_s=; HttpOnly; SameSite=Strict; Max-Age=0; Path=/; Secure; Domain=${"." + domain}`;
|
return `${cookieName}_s=; HttpOnly; SameSite=Lax; Max-Age=0; Path=/; Secure; Domain=${"." + domain}`;
|
||||||
} else {
|
} else {
|
||||||
return `${cookieName}=; HttpOnly; SameSite=Strict; Max-Age=0; Path=/; Domain=${"." + domain}`;
|
return `${cookieName}=; HttpOnly; SameSite=Lax; Max-Age=0; Path=/; Domain=${"." + domain}`;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -41,7 +41,9 @@ const configSchema = z.object({
|
||||||
domains: z.record(
|
domains: z.record(
|
||||||
z.string(),
|
z.string(),
|
||||||
z.object({
|
z.object({
|
||||||
base_domain: hostnameSchema.transform((url) => url.toLowerCase())
|
base_domain: hostnameSchema.transform((url) => url.toLowerCase()),
|
||||||
|
cert_resolver: z.string(),
|
||||||
|
prefer_wildcard_cert: z.boolean().optional()
|
||||||
})
|
})
|
||||||
),
|
),
|
||||||
server: z.object({
|
server: z.object({
|
||||||
|
|
@ -89,8 +91,6 @@ const configSchema = z.object({
|
||||||
traefik: z.object({
|
traefik: z.object({
|
||||||
http_entrypoint: z.string(),
|
http_entrypoint: z.string(),
|
||||||
https_entrypoint: z.string().optional(),
|
https_entrypoint: z.string().optional(),
|
||||||
cert_resolver: z.string().optional(),
|
|
||||||
prefer_wildcard_cert: z.boolean().optional(),
|
|
||||||
additional_middlewares: z.array(z.string()).optional()
|
additional_middlewares: z.array(z.string()).optional()
|
||||||
}),
|
}),
|
||||||
gerbil: z.object({
|
gerbil: z.object({
|
||||||
|
|
@ -290,6 +290,10 @@ export class Config {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public getDomain(domainId: string) {
|
||||||
|
return this.rawConfig.domains[domainId];
|
||||||
|
}
|
||||||
|
|
||||||
private createTraefikConfig() {
|
private createTraefikConfig() {
|
||||||
try {
|
try {
|
||||||
// check if traefik_config.yml and dynamic_config.yml exists in APP_PATH/traefik
|
// check if traefik_config.yml and dynamic_config.yml exists in APP_PATH/traefik
|
||||||
|
|
|
||||||
|
|
@ -143,9 +143,18 @@ export async function traefikConfigProvider(
|
||||||
wildCard = `*.${domainParts.slice(1).join(".")}`;
|
wildCard = `*.${domainParts.slice(1).join(".")}`;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const configDomain = config.getDomain(resource.domainId);
|
||||||
|
|
||||||
|
if (!configDomain) {
|
||||||
|
logger.error(
|
||||||
|
`Failed to get domain from config for resource ${resource.resourceId}`
|
||||||
|
);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
const tls = {
|
const tls = {
|
||||||
certResolver: config.getRawConfig().traefik.cert_resolver,
|
certResolver: configDomain.cert_resolver,
|
||||||
...(config.getRawConfig().traefik.prefer_wildcard_cert
|
...(configDomain.prefer_wildcard_cert
|
||||||
? {
|
? {
|
||||||
domains: [
|
domains: [
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -263,7 +263,8 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isAllowed) {
|
if (isAllowed) {
|
||||||
window.location.href = props.redirect;
|
// window.location.href = props.redirect;
|
||||||
|
router.refresh();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue