From 8705eaa6eeebb37ea4d96f14aa5dc18cf4e869c7 Mon Sep 17 00:00:00 2001 From: osousa Date: Fri, 22 Jul 2022 18:45:10 +0100 Subject: [PATCH] Detect if is subdomain request, set cookie to be compatible with .domain.com --- chat/session.go | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/chat/session.go b/chat/session.go index 7696a08..dfcdce5 100644 --- a/chat/session.go +++ b/chat/session.go @@ -3,9 +3,11 @@ package chat import ( "crypto/sha256" "encoding/hex" + "fmt" "log" "math/rand" "net/http" + "regexp" "strconv" "strings" "sync" @@ -75,22 +77,30 @@ func Hash254(args ...string) string { return hex.EncodeToString(hash.Sum(nil)) } -// Mutexes might not be enough , so we sleep for a bit in order to make sure we -// get a different token every time, avoiding race conditions that could result -// in a duplicate token -func (s *Session) createCookie(name string) *http.Cookie { +// +// +// +func (s *Session) createCookie(name, domain string) *http.Cookie { + m := regexp.MustCompile(`\.?([^.]*.com)`) format := "2006-01-02 15:04:05 -0700" + if len(m.FindStringSubmatch(domain)) > 1 { + domain = "." + m.FindStringSubmatch(domain)[1] + } *s.Expirity = time.Now().Add(365 * 24 * time.Hour).Format(format) - //Not that secure... *s.SessionId = Hash254(strconv.Itoa(rand.Intn(128000)) + *s.Expirity) time, _ := time.Parse(format, *s.Expirity) + fmt.Println() return &http.Cookie{ Value: *s.SessionId, Name: "session_id", + Domain: domain, Expires: time, } } +// +// +// func (s *Session) ServeHTTP(w http.ResponseWriter, r *http.Request) { err := r.ParseForm() if err != nil { @@ -105,7 +115,7 @@ func (s *Session) ServeHTTP(w http.ResponseWriter, r *http.Request) { *s.IpAddr = r.RemoteAddr[:strings.LastIndex(r.RemoteAddr, ":")] *s.Email = r.PostForm.Get("email") *s.Alias = name + "_" + surname - cookie := s.createCookie("session_id") + cookie := s.createCookie("session_id", tokenCookie.Domain) http.SetCookie(w, cookie) *s.SessionId = cookie.Value DB.InsertRow(s)