Dont create auth cookie in backend (#4136)
This commit is contained in:
parent
7a30a75905
commit
aaaf17486d
3 changed files with 7 additions and 26 deletions
|
@ -1,16 +1,14 @@
|
||||||
use crate::check_totp_2fa_valid;
|
use crate::check_totp_2fa_valid;
|
||||||
use actix_web::{
|
use actix_web::{
|
||||||
http::StatusCode,
|
|
||||||
web::{Data, Json},
|
web::{Data, Json},
|
||||||
HttpRequest,
|
HttpRequest,
|
||||||
HttpResponse,
|
|
||||||
};
|
};
|
||||||
use bcrypt::verify;
|
use bcrypt::verify;
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
claims::Claims,
|
claims::Claims,
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
person::{Login, LoginResponse},
|
person::{Login, LoginResponse},
|
||||||
utils::{check_user_valid, create_login_cookie},
|
utils::check_user_valid,
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{local_site::LocalSite, registration_application::RegistrationApplication},
|
source::{local_site::LocalSite, registration_application::RegistrationApplication},
|
||||||
|
@ -25,7 +23,7 @@ pub async fn login(
|
||||||
data: Json<Login>,
|
data: Json<Login>,
|
||||||
req: HttpRequest,
|
req: HttpRequest,
|
||||||
context: Data<LemmyContext>,
|
context: Data<LemmyContext>,
|
||||||
) -> Result<HttpResponse, LemmyError> {
|
) -> Result<Json<LoginResponse>, LemmyError> {
|
||||||
let site_view = SiteView::read_local(&mut context.pool()).await?;
|
let site_view = SiteView::read_local(&mut context.pool()).await?;
|
||||||
|
|
||||||
// Fetch that username / email
|
// Fetch that username / email
|
||||||
|
@ -65,15 +63,11 @@ pub async fn login(
|
||||||
|
|
||||||
let jwt = Claims::generate(local_user_view.local_user.id, req, &context).await?;
|
let jwt = Claims::generate(local_user_view.local_user.id, req, &context).await?;
|
||||||
|
|
||||||
let json = LoginResponse {
|
Ok(Json(LoginResponse {
|
||||||
jwt: Some(jwt.clone()),
|
jwt: Some(jwt.clone()),
|
||||||
verify_email_sent: false,
|
verify_email_sent: false,
|
||||||
registration_created: false,
|
registration_created: false,
|
||||||
};
|
}))
|
||||||
|
|
||||||
let mut res = HttpResponse::build(StatusCode::OK).json(json);
|
|
||||||
res.add_cookie(&create_login_cookie(jwt))?;
|
|
||||||
Ok(res)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn check_registration_application(
|
async fn check_registration_application(
|
||||||
|
|
|
@ -1,10 +1,8 @@
|
||||||
use crate::{
|
use crate::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
request::purge_image_from_pictrs,
|
request::purge_image_from_pictrs,
|
||||||
sensitive::Sensitive,
|
|
||||||
site::{FederatedInstances, InstanceWithFederationState},
|
site::{FederatedInstances, InstanceWithFederationState},
|
||||||
};
|
};
|
||||||
use actix_web::cookie::{Cookie, SameSite};
|
|
||||||
use anyhow::Context;
|
use anyhow::Context;
|
||||||
use chrono::{DateTime, Days, Local, TimeZone, Utc};
|
use chrono::{DateTime, Days, Local, TimeZone, Utc};
|
||||||
use enum_map::{enum_map, EnumMap};
|
use enum_map::{enum_map, EnumMap};
|
||||||
|
@ -776,14 +774,6 @@ pub fn generate_moderators_url(community_id: &DbUrl) -> Result<DbUrl, LemmyError
|
||||||
Ok(Url::parse(&format!("{community_id}/moderators"))?.into())
|
Ok(Url::parse(&format!("{community_id}/moderators"))?.into())
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn create_login_cookie(jwt: Sensitive<String>) -> Cookie<'static> {
|
|
||||||
let mut cookie = Cookie::new(AUTH_COOKIE_NAME, jwt.into_inner());
|
|
||||||
cookie.set_secure(true);
|
|
||||||
cookie.set_same_site(SameSite::Lax);
|
|
||||||
cookie.set_http_only(true);
|
|
||||||
cookie
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Ensure that ban/block expiry is in valid range. If its in past, throw error. If its more
|
/// Ensure that ban/block expiry is in valid range. If its in past, throw error. If its more
|
||||||
/// than 10 years in future, convert to permanent ban. Otherwise return the same value.
|
/// than 10 years in future, convert to permanent ban. Otherwise return the same value.
|
||||||
pub fn check_expire_time(expires_unix_opt: Option<i64>) -> LemmyResult<Option<DateTime<Utc>>> {
|
pub fn check_expire_time(expires_unix_opt: Option<i64>) -> LemmyResult<Option<DateTime<Utc>>> {
|
||||||
|
|
|
@ -1,11 +1,10 @@
|
||||||
use activitypub_federation::{config::Data, http_signatures::generate_actor_keypair};
|
use activitypub_federation::{config::Data, http_signatures::generate_actor_keypair};
|
||||||
use actix_web::{http::StatusCode, web::Json, HttpRequest, HttpResponse, HttpResponseBuilder};
|
use actix_web::{web::Json, HttpRequest};
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
claims::Claims,
|
claims::Claims,
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
person::{LoginResponse, Register},
|
person::{LoginResponse, Register},
|
||||||
utils::{
|
utils::{
|
||||||
create_login_cookie,
|
|
||||||
generate_inbox_url,
|
generate_inbox_url,
|
||||||
generate_local_apub_endpoint,
|
generate_local_apub_endpoint,
|
||||||
generate_shared_inbox_url,
|
generate_shared_inbox_url,
|
||||||
|
@ -42,7 +41,7 @@ pub async fn register(
|
||||||
data: Json<Register>,
|
data: Json<Register>,
|
||||||
req: HttpRequest,
|
req: HttpRequest,
|
||||||
context: Data<LemmyContext>,
|
context: Data<LemmyContext>,
|
||||||
) -> Result<HttpResponse, LemmyError> {
|
) -> Result<Json<LoginResponse>, LemmyError> {
|
||||||
let site_view = SiteView::read_local(&mut context.pool()).await?;
|
let site_view = SiteView::read_local(&mut context.pool()).await?;
|
||||||
let local_site = site_view.local_site;
|
let local_site = site_view.local_site;
|
||||||
let require_registration_application =
|
let require_registration_application =
|
||||||
|
@ -158,7 +157,6 @@ pub async fn register(
|
||||||
.await?;
|
.await?;
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut res = HttpResponseBuilder::new(StatusCode::OK);
|
|
||||||
let mut login_response = LoginResponse {
|
let mut login_response = LoginResponse {
|
||||||
jwt: None,
|
jwt: None,
|
||||||
registration_created: false,
|
registration_created: false,
|
||||||
|
@ -170,7 +168,6 @@ pub async fn register(
|
||||||
|| (!require_registration_application && !local_site.require_email_verification)
|
|| (!require_registration_application && !local_site.require_email_verification)
|
||||||
{
|
{
|
||||||
let jwt = Claims::generate(inserted_local_user.id, req, &context).await?;
|
let jwt = Claims::generate(inserted_local_user.id, req, &context).await?;
|
||||||
res.cookie(create_login_cookie(jwt.clone()));
|
|
||||||
login_response.jwt = Some(jwt);
|
login_response.jwt = Some(jwt);
|
||||||
} else {
|
} else {
|
||||||
if local_site.require_email_verification {
|
if local_site.require_email_verification {
|
||||||
|
@ -201,5 +198,5 @@ pub async fn register(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(res.json(login_response))
|
Ok(Json(login_response))
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue