diff options
| author | mo khan <mo@mokhan.ca> | 2025-05-11 19:56:54 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-05-11 21:22:02 -0600 |
| commit | 61a24b36f334b709f0eac0dd7746f83719747963 (patch) | |
| tree | 8930c6539c2158969be83aaa0fc058fc49e0f0ef /pkg | |
| parent | 5cc8d582127abed58433c85526d03a257748ca0c (diff) | |
refactor: use same cookie names as envoy plugin
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/web/cookie.go | 44 |
1 files changed, 2 insertions, 42 deletions
diff --git a/pkg/web/cookie.go b/pkg/web/cookie.go index 7a2426f..c5391e9 100644 --- a/pkg/web/cookie.go +++ b/pkg/web/cookie.go @@ -1,48 +1,23 @@ package web import ( - "crypto/sha256" - "encoding/base64" - "fmt" "net/http" - "strings" "github.com/xlgmokha/x/pkg/cookie" - "github.com/xlgmokha/x/pkg/crypt" - "github.com/xlgmokha/x/pkg/env" - "github.com/xlgmokha/x/pkg/pls" "github.com/xlgmokha/x/pkg/x" ) -// TODO:: https://gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/-/issues/2 -var key []byte = []byte(env.Fetch("HMAC_SESSION_SECRET", string(x.Must(pls.GenerateRandomBytes(32))))) -var Signer *crypt.HMACSigner = x.New[*crypt.HMACSigner](crypt.WithKey(key), crypt.WithAlgorithm(sha256.New)) -var delimiter string = "--" - func NewCookie(name, value string, options ...x.Option[*http.Cookie]) *http.Cookie { return x.New[*http.Cookie](x.Prepend[x.Option[*http.Cookie]]( options, cookie.WithName(name), - withSignedValue(value), + cookie.WithValue(value), cookie.WithPath("/"), cookie.WithHttpOnly(true), cookie.WithSecure(true), )...) } -func withSignedValue(value string) x.Option[*http.Cookie] { - signature, err := Signer.Sign([]byte(value)) - if err != nil { - return cookie.WithValue(value) - } - return cookie.WithValue(fmt.Sprintf( - "%v%v%v", - value, - delimiter, - base64.URLEncoding.EncodeToString(signature), - )) -} - func ExpireCookie(w http.ResponseWriter, name string) error { return WriteCookie(w, cookie.Reset(name, cookie.WithPath("/"), @@ -52,22 +27,7 @@ func ExpireCookie(w http.ResponseWriter, name string) error { } func CookieValueFrom(c *http.Cookie) string { - segments := strings.SplitN(c.Value, delimiter, 2) - if len(segments) != 2 { - return "" - } - - data := segments[0] - signature, err := base64.URLEncoding.DecodeString(segments[1]) - if err != nil { - return "" - } - - if !Signer.Verify([]byte(data), []byte(signature)) { - return "" - } - - return data + return c.Value } func WriteCookie(w http.ResponseWriter, c *http.Cookie) error { |