diff options
| -rw-r--r-- | app/controllers/sessions/controller.go | 2 | ||||
| -rw-r--r-- | app/middleware/id_token.go | 2 | ||||
| -rw-r--r-- | pkg/web/cookie/new.go | 6 | ||||
| -rw-r--r-- | pkg/web/cookie/reset.go | 35 |
4 files changed, 19 insertions, 26 deletions
diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go index ae50e16..b9240c6 100644 --- a/app/controllers/sessions/controller.go +++ b/app/controllers/sessions/controller.go @@ -143,6 +143,6 @@ func (c *Controller) Create(w http.ResponseWriter, r *http.Request) { } func (c *Controller) Destroy(w http.ResponseWriter, r *http.Request) { - cookie.Expire(w, r, "session") + cookie.Expire(w, "session") http.Redirect(w, r, "/", http.StatusFound) } diff --git a/app/middleware/id_token.go b/app/middleware/id_token.go index 7d106ee..2bba8ee 100644 --- a/app/middleware/id_token.go +++ b/app/middleware/id_token.go @@ -20,7 +20,7 @@ func IDToken(cfg *oidc.OpenID, parsers ...TokenParser) func(http.Handler) http.H if err != nil { log.WithFields(r.Context(), log.Fields{"error": err}) - cookie.Expire(w, r, "session") + cookie.Expire(w, "session") } else { log.WithFields(r.Context(), log.Fields{"id_token": idToken}) next.ServeHTTP( diff --git a/pkg/web/cookie/new.go b/pkg/web/cookie/new.go index c255818..b809b4e 100644 --- a/pkg/web/cookie/new.go +++ b/pkg/web/cookie/new.go @@ -64,6 +64,10 @@ func WithSameSite(value http.SameSite) x.Option[*http.Cookie] { func WithExpiration(expires time.Time) x.Option[*http.Cookie] { return With(func(c *http.Cookie) { c.Expires = expires - c.MaxAge = int(time.Until(expires).Seconds()) + if expires.Before(time.Now()) { + c.MaxAge = -1 + } else { + c.MaxAge = int(time.Until(expires).Seconds()) + } }) } diff --git a/pkg/web/cookie/reset.go b/pkg/web/cookie/reset.go index 87e815e..cfb1830 100644 --- a/pkg/web/cookie/reset.go +++ b/pkg/web/cookie/reset.go @@ -8,29 +8,18 @@ import ( ) func Reset(name string) *http.Cookie { - return Clear(&http.Cookie{ - Name: name, - }) + return New( + name, + "", + WithExpiration(time.Unix(0, 0)), + WithPath("/"), + WithHttpOnly(true), + WithSecure(true), + WithSameSite(http.SameSiteDefaultMode), + WithDomain(env.Fetch("HOST", "localhost")), + ) } -func Expire(w http.ResponseWriter, r *http.Request, name string) { - cookie, err := r.Cookie(name) - if err != nil { - http.SetCookie(w, Reset(name)) - } else { - Clear(cookie) - http.SetCookie(w, cookie) - } -} - -func Clear(cookie *http.Cookie) *http.Cookie { - cookie.Value = "" - cookie.Expires = time.Unix(0, 0) - cookie.MaxAge = -1 - cookie.Path = "/" - cookie.HttpOnly = true - cookie.Secure = true - cookie.SameSite = http.SameSiteDefaultMode - cookie.Domain = env.Fetch("HOST", "localhost") - return cookie +func Expire(w http.ResponseWriter, name string) { + http.SetCookie(w, Reset(name)) } |