mirror of
https://github.com/fosrl/pangolin.git
synced 2025-07-20 18:54:52 +02:00
make cookies work with multi-domain
This commit is contained in:
miloschwartz
parent
c877bb1187
commit
ff37e07ce6
4 changed files with 24 additions and 10 deletions
|
|
@ -170,9 +170,9 @@ export function serializeResourceSessionCookie(
|
|||
isHttp: boolean = false
|
||||
): string {
|
||||
if (!isHttp) {
|
||||
return `${cookieName}_s=${token}; HttpOnly; SameSite=Strict; Max-Age=${SESSION_COOKIE_EXPIRES / 1000}; Path=/; Secure; Domain=${"." + domain}`;
|
||||
return `${cookieName}_s=${token}; HttpOnly; SameSite=Lax; Max-Age=${SESSION_COOKIE_EXPIRES / 1000}; Path=/; Secure; Domain=${"." + domain}`;
|
||||
} else {
|
||||
return `${cookieName}=${token}; HttpOnly; SameSite=Strict; Max-Age=${SESSION_COOKIE_EXPIRES / 1000}; Path=/; Domain=${"." + domain}`;
|
||||
return `${cookieName}=${token}; HttpOnly; SameSite=Lax; Max-Age=${SESSION_COOKIE_EXPIRES / 1000}; Path=/; Domain=${"." + domain}`;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -182,9 +182,9 @@ export function createBlankResourceSessionTokenCookie(
|
|||
isHttp: boolean = false
|
||||
): string {
|
||||
if (!isHttp) {
|
||||
return `${cookieName}_s=; HttpOnly; SameSite=Strict; Max-Age=0; Path=/; Secure; Domain=${"." + domain}`;
|
||||
return `${cookieName}_s=; HttpOnly; SameSite=Lax; Max-Age=0; Path=/; Secure; Domain=${"." + domain}`;
|
||||
} else {
|
||||
return `${cookieName}=; HttpOnly; SameSite=Strict; Max-Age=0; Path=/; Domain=${"." + domain}`;
|
||||
return `${cookieName}=; HttpOnly; SameSite=Lax; Max-Age=0; Path=/; Domain=${"." + domain}`;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -41,7 +41,9 @@ const configSchema = z.object({
|
|||
domains: z.record(
|
||||
z.string(),
|
||||
z.object({
|
||||
base_domain: hostnameSchema.transform((url) => url.toLowerCase())
|
||||
base_domain: hostnameSchema.transform((url) => url.toLowerCase()),
|
||||
cert_resolver: z.string(),
|
||||
prefer_wildcard_cert: z.boolean().optional()
|
||||
})
|
||||
),
|
||||
server: z.object({
|
||||
|
|
@ -89,8 +91,6 @@ const configSchema = z.object({
|
|||
traefik: z.object({
|
||||
http_entrypoint: z.string(),
|
||||
https_entrypoint: z.string().optional(),
|
||||
cert_resolver: z.string().optional(),
|
||||
prefer_wildcard_cert: z.boolean().optional(),
|
||||
additional_middlewares: z.array(z.string()).optional()
|
||||
}),
|
||||
gerbil: z.object({
|
||||
|
|
@ -290,6 +290,10 @@ export class Config {
|
|||
);
|
||||
}
|
||||
|
||||
public getDomain(domainId: string) {
|
||||
return this.rawConfig.domains[domainId];
|
||||
}
|
||||
|
||||
private createTraefikConfig() {
|
||||
try {
|
||||
// check if traefik_config.yml and dynamic_config.yml exists in APP_PATH/traefik
|
||||
|
|
|
|||
|
|
@ -143,9 +143,18 @@ export async function traefikConfigProvider(
|
|||
wildCard = `*.${domainParts.slice(1).join(".")}`;
|
||||
}
|
||||
|
||||
const configDomain = config.getDomain(resource.domainId);
|
||||
|
||||
if (!configDomain) {
|
||||
logger.error(
|
||||
`Failed to get domain from config for resource ${resource.resourceId}`
|
||||
);
|
||||
continue;
|
||||
}
|
||||
|
||||
const tls = {
|
||||
certResolver: config.getRawConfig().traefik.cert_resolver,
|
||||
...(config.getRawConfig().traefik.prefer_wildcard_cert
|
||||
certResolver: configDomain.cert_resolver,
|
||||
...(configDomain.prefer_wildcard_cert
|
||||
? {
|
||||
domains: [
|
||||
{
|
||||
|
|
|
|||
|
|
@ -263,7 +263,8 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
|
|||
}
|
||||
|
||||
if (isAllowed) {
|
||||
window.location.href = props.redirect;
|
||||
// window.location.href = props.redirect;
|
||||
router.refresh();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue