From 655fb6c4cc180dfcbc13c1b85e0fbf47019caec0 Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Apr 2025 17:46:34 -0600 Subject: feat: create session cookie tied to access token --- app/controllers/sessions/controller.go | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'app/controllers/sessions/controller.go') diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go index d526a86..1ceb9ec 100644 --- a/app/controllers/sessions/controller.go +++ b/app/controllers/sessions/controller.go @@ -1,18 +1,24 @@ package sessions import ( + "context" "net/http" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web/cookie" "golang.org/x/oauth2" ) type Controller struct { - cfg *oidc.OpenID + cfg *oidc.OpenID + http *http.Client } -func New(cfg *oidc.OpenID) *Controller { - return &Controller{cfg: cfg} +func New(cfg *oidc.OpenID, http *http.Client) *Controller { + return &Controller{ + cfg: cfg, + http: http, + } } func (c *Controller) MountTo(mux *http.ServeMux) { @@ -27,7 +33,8 @@ func (c *Controller) New(w http.ResponseWriter, r *http.Request) { } func (c *Controller) Create(w http.ResponseWriter, r *http.Request) { - token, err := c.cfg.Config.Exchange(r.Context(), r.URL.Query().Get("code")) + ctx := context.WithValue(r.Context(), oauth2.HTTPClient, c.http) + token, err := c.cfg.Config.Exchange(ctx, r.URL.Query().Get("code")) if err != nil { w.WriteHeader(http.StatusBadRequest) return @@ -44,6 +51,6 @@ func (c *Controller) Create(w http.ResponseWriter, r *http.Request) { return } - http.SetCookie(w, &http.Cookie{Name: "session", Value: encoded}) + http.SetCookie(w, cookie.New("session", encoded, tokens.Expiry)) http.Redirect(w, r, "/dashboard", http.StatusFound) } -- cgit v1.2.3