Detect if is subdomain request, set cookie to be compatible with .dom…

…ain.com
livematrix · Jul 22, 2022 · 8705eaa · 8705eaa
1 parent 55c66cc
commit 8705eaa
Showing 1 changed file with 16 additions and 6 deletions.
diff --git a/chat/session.go b/chat/session.go
@@ -3,9 +3,11 @@ package chat
 import (
 	"crypto/sha256"
 	"encoding/hex"
+	"fmt"
 	"log"
 	"math/rand"
 	"net/http"
+	"regexp"
 	"strconv"
 	"strings"
 	"sync"
@@ -75,22 +77,30 @@ func Hash254(args ...string) string {
 	return hex.EncodeToString(hash.Sum(nil))
 }
 
-// Mutexes might not be enough , so we sleep for a bit in order to make sure we
-// get a different token every time, avoiding race conditions that could result
-// in a duplicate token
-func (s *Session) createCookie(name string) *http.Cookie {
+//
+//
+//
+func (s *Session) createCookie(name, domain string) *http.Cookie {
+	m := regexp.MustCompile(`\.?([^.]*.com)`)
 	format := "2006-01-02 15:04:05 -0700"
+	if len(m.FindStringSubmatch(domain)) > 1 {
+		domain = "." + m.FindStringSubmatch(domain)[1]
+	}
 	*s.Expirity = time.Now().Add(365 * 24 * time.Hour).Format(format)
-	//Not that secure...
 	*s.SessionId = Hash254(strconv.Itoa(rand.Intn(128000)) + *s.Expirity)
 	time, _ := time.Parse(format, *s.Expirity)
+	fmt.Println()
 	return &http.Cookie{
 		Value:   *s.SessionId,
 		Name:    "session_id",
+		Domain:  domain,
 		Expires: time,
 	}
 }
 
+//
+//
+//
 func (s *Session) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	err := r.ParseForm()
 	if err != nil {
@@ -105,7 +115,7 @@ func (s *Session) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		*s.IpAddr = r.RemoteAddr[:strings.LastIndex(r.RemoteAddr, ":")]
 		*s.Email = r.PostForm.Get("email")
 		*s.Alias = name + "_" + surname
-		cookie := s.createCookie("session_id")
+		cookie := s.createCookie("session_id", tokenCookie.Domain)
 		http.SetCookie(w, cookie)
 		*s.SessionId = cookie.Value
 		DB.InsertRow(s)