TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 19:14:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
7dfa1925cc
zitadel/internal/api/http/middleware/user_agent_cookie.go

104 lines
2.7 KiB
Go
Raw Normal View History

fix: cookie handling (#654) * feat: set cookie prefix and max age * cookie prefix on csrf cookie * fix: check user agent cookie in login * update oidc pkg * cleanup
2020-08-31 06:49:35 +00:00
package middleware
import (
"context"
"net/http"
fix: improve interceptor handling (#3578) * fix: improve interceptor handling * fix: improve interceptor handling Co-authored-by: Florian Forster <florian@caos.ch>
2022-05-02 15:26:54 +00:00
"strings"
feat: run on a single port (#3163) * start v2 * start * run * some cleanup * remove v2 pkg again * simplify * webauthn * remove unused config * fix login path in Dockerfile * fix asset_generator.go * health handler * fix grpc web * refactor * merge * build new main.go * run new main.go * update logging pkg * fix error msg * update logging * cleanup * cleanup * go mod tidy * change localDevMode * fix customEndpoints * update logging * comments * change local flag to external configs * fix location generated go code * fix Co-authored-by: fforootd <florian@caos.ch>
2022-02-14 16:22:30 +00:00
"time"
fix: cookie handling (#654) * feat: set cookie prefix and max age * cookie prefix on csrf cookie * fix: check user agent cookie in login * update oidc pkg * cleanup
2020-08-31 06:49:35 +00:00
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2022-04-26 23:01:45 +00:00
http_utils "github.com/zitadel/zitadel/internal/api/http"
"github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/id"
fix: cookie handling (#654) * feat: set cookie prefix and max age * cookie prefix on csrf cookie * fix: check user agent cookie in login * update oidc pkg * cleanup
2020-08-31 06:49:35 +00:00
)
type cookieKey int
var (
userAgentKey cookieKey = 0
)
func UserAgentIDFromCtx(ctx context.Context) (string, bool) {
userAgentID, ok := ctx.Value(userAgentKey).(string)
return userAgentID, ok
}
type UserAgent struct {
ID string
}
type userAgentHandler struct {
fix: improve interceptor handling (#3578) * fix: improve interceptor handling * fix: improve interceptor handling Co-authored-by: Florian Forster <florian@caos.ch>
2022-05-02 15:26:54 +00:00
cookieHandler *http_utils.CookieHandler
cookieName string
idGenerator id.Generator
nextHandler http.Handler
ignoredPrefixes []string
fix: cookie handling (#654) * feat: set cookie prefix and max age * cookie prefix on csrf cookie * fix: check user agent cookie in login * update oidc pkg * cleanup
2020-08-31 06:49:35 +00:00
}
type UserAgentCookieConfig struct {
Name string
feat: run on a single port (#3163) * start v2 * start * run * some cleanup * remove v2 pkg again * simplify * webauthn * remove unused config * fix login path in Dockerfile * fix asset_generator.go * health handler * fix grpc web * refactor * merge * build new main.go * run new main.go * update logging pkg * fix error msg * update logging * cleanup * cleanup * go mod tidy * change localDevMode * fix customEndpoints * update logging * comments * change local flag to external configs * fix location generated go code * fix Co-authored-by: fforootd <florian@caos.ch>
2022-02-14 16:22:30 +00:00
MaxAge time.Duration
fix: cookie handling (#654) * feat: set cookie prefix and max age * cookie prefix on csrf cookie * fix: check user agent cookie in login * update oidc pkg * cleanup
2020-08-31 06:49:35 +00:00
}
fix: improve interceptor handling (#3578) * fix: improve interceptor handling * fix: improve interceptor handling Co-authored-by: Florian Forster <florian@caos.ch>
2022-05-02 15:26:54 +00:00
func NewUserAgentHandler(config *UserAgentCookieConfig, cookieKey []byte, idGenerator id.Generator, externalSecure bool, ignoredPrefixes ...string) (func(http.Handler) http.Handler, error) {
fix: cookie handling (#654) * feat: set cookie prefix and max age * cookie prefix on csrf cookie * fix: check user agent cookie in login * update oidc pkg * cleanup
2020-08-31 06:49:35 +00:00
opts := []http_utils.CookieHandlerOpt{
http_utils.WithEncryption(cookieKey, cookieKey),
http_utils.WithMaxAge(int(config.MaxAge.Seconds())),
}
feat: run on a single port (#3163) * start v2 * start * run * some cleanup * remove v2 pkg again * simplify * webauthn * remove unused config * fix login path in Dockerfile * fix asset_generator.go * health handler * fix grpc web * refactor * merge * build new main.go * run new main.go * update logging pkg * fix error msg * update logging * cleanup * cleanup * go mod tidy * change localDevMode * fix customEndpoints * update logging * comments * change local flag to external configs * fix location generated go code * fix Co-authored-by: fforootd <florian@caos.ch>
2022-02-14 16:22:30 +00:00
if !externalSecure {
fix: cookie handling (#654) * feat: set cookie prefix and max age * cookie prefix on csrf cookie * fix: check user agent cookie in login * update oidc pkg * cleanup
2020-08-31 06:49:35 +00:00
opts = append(opts, http_utils.WithUnsecure())
}
return func(handler http.Handler) http.Handler {
return &userAgentHandler{
fix: improve interceptor handling (#3578) * fix: improve interceptor handling * fix: improve interceptor handling Co-authored-by: Florian Forster <florian@caos.ch>
2022-05-02 15:26:54 +00:00
nextHandler: handler,
cookieName: config.Name,
cookieHandler: http_utils.NewCookieHandler(opts...),
idGenerator: idGenerator,
ignoredPrefixes: ignoredPrefixes,
fix: cookie handling (#654) * feat: set cookie prefix and max age * cookie prefix on csrf cookie * fix: check user agent cookie in login * update oidc pkg * cleanup
2020-08-31 06:49:35 +00:00
}
}, nil
}
func (ua *userAgentHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
fix: improve interceptor handling (#3578) * fix: improve interceptor handling * fix: improve interceptor handling Co-authored-by: Florian Forster <florian@caos.ch>
2022-05-02 15:26:54 +00:00
for _, prefix := range ua.ignoredPrefixes {
if strings.HasPrefix(r.URL.Path, prefix) {
ua.nextHandler.ServeHTTP(w, r)
return
}
}
fix: cookie handling (#654) * feat: set cookie prefix and max age * cookie prefix on csrf cookie * fix: check user agent cookie in login * update oidc pkg * cleanup
2020-08-31 06:49:35 +00:00
agent, err := ua.getUserAgent(r)
if err != nil {
agent, err = ua.newUserAgent()
}
if err == nil {
ctx := context.WithValue(r.Context(), userAgentKey, agent.ID)
r = r.WithContext(ctx)
feat: dynamic issuer (#3481) * feat: dynamic issuer * dynamic domain handling * key rotation durations * feat: dynamic issuer * make webauthn displayname dynamic
2022-04-25 08:01:17 +00:00
ua.setUserAgent(w, r.Host, agent)
fix: cookie handling (#654) * feat: set cookie prefix and max age * cookie prefix on csrf cookie * fix: check user agent cookie in login * update oidc pkg * cleanup
2020-08-31 06:49:35 +00:00
}
ua.nextHandler.ServeHTTP(w, r)
}
func (ua *userAgentHandler) newUserAgent() (*UserAgent, error) {
agentID, err := ua.idGenerator.Next()
if err != nil {
return nil, err
}
return &UserAgent{ID: agentID}, nil
}
func (ua *userAgentHandler) getUserAgent(r *http.Request) (*UserAgent, error) {
userAgent := new(UserAgent)
err := ua.cookieHandler.GetEncryptedCookieValue(r, ua.cookieName, userAgent)
if err != nil {
return nil, errors.ThrowPermissionDenied(err, "HTTP-YULqH4", "cannot read user agent cookie")
}
return userAgent, nil
}
feat: dynamic issuer (#3481) * feat: dynamic issuer * dynamic domain handling * key rotation durations * feat: dynamic issuer * make webauthn displayname dynamic
2022-04-25 08:01:17 +00:00
func (ua *userAgentHandler) setUserAgent(w http.ResponseWriter, host string, agent *UserAgent) error {
err := ua.cookieHandler.SetEncryptedCookie(w, ua.cookieName, host, agent)
fix: cookie handling (#654) * feat: set cookie prefix and max age * cookie prefix on csrf cookie * fix: check user agent cookie in login * update oidc pkg * cleanup
2020-08-31 06:49:35 +00:00
if err != nil {
return errors.ThrowPermissionDenied(err, "HTTP-AqgqdA", "cannot set user agent cookie")
}
return nil
}
Reference in New Issue Copy Permalink