fix: Don't set cookie domain when not using multiple subdomains (#1145)
* fix: Don't set cookie domain when not using multiple subdomains * wip logging domain * wip logging domain * wip logging domain * wip logging domain * Revert "wip logging domain" This reverts commit 325907e74962179e02cee0b1df364a3aedbe62e3. * Revert "wip logging domain" This reverts commit 6ee095a49e9c18999a20d5379234323d49d5e6c8. * Revert "wip logging domain" This reverts commit 813d8eb960cdf4dd6db4795739df3adf895600e2. * Revert "wip logging domain" This reverts commit f1ca81927626bbd0d46c1963510d115a003176d8. * Remove SUBDOMAINS_ENABLED from documented env variables, no-one self hosting should need this – it just adds confusion to those looking to host on a single subdomain fix: Account for server/client process.env parsing Co-authored-by: Nan Yu <nanyu@Nans-MBP-2.lan> Co-authored-by: Nan Yu <nan@getoutline.com>
This commit is contained in:
Tom Moor
GitHub
parent
9274005cbb
commit
092d9dce18
|
|
@ -19,7 +19,6 @@ FORCE_HTTPS=true
|
|||
|
||||
DEPLOYMENT=self
|
||||
ENABLE_UPDATES=true
|
||||
SUBDOMAINS_ENABLED=false
|
||||
WEBSOCKETS_ENABLED=true
|
||||
DEBUG=cache,presenters,events
|
||||
|
||||
|
|
|
|||
5
app.json
5
app.json
|
|
@ -44,11 +44,6 @@
|
|||
"value": "true",
|
||||
"required": true
|
||||
},
|
||||
"SUBDOMAINS_ENABLED": {
|
||||
"value": "false",
|
||||
"required": true,
|
||||
"description": "Allows each team to have a different subdomain. Not recommend when self hosting"
|
||||
},
|
||||
"WEBSOCKETS_ENABLED": {
|
||||
"value": "true",
|
||||
"required": true,
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ import { observable, action, computed, autorun, runInAction } from 'mobx';
|
|||
import invariant from 'invariant';
|
||||
import { getCookie, setCookie, removeCookie } from 'tiny-cookie';
|
||||
import { client } from 'utils/ApiClient';
|
||||
import { stripSubdomain } from 'shared/utils/domains';
|
||||
import { getCookieDomain } from 'shared/utils/domains';
|
||||
import RootStore from 'stores/RootStore';
|
||||
import User from 'models/User';
|
||||
import Team from 'models/Team';
|
||||
|
|
@ -174,7 +174,7 @@ export default class AuthStore {
|
|||
delete sessions[team.id];
|
||||
|
||||
setCookie('sessions', JSON.stringify(sessions), {
|
||||
domain: stripSubdomain(window.location.hostname),
|
||||
domain: getCookieDomain(window.location.hostname),
|
||||
});
|
||||
this.team = null;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import validation from '../middlewares/validation';
|
|||
import auth from '../middlewares/authentication';
|
||||
import addMonths from 'date-fns/add_months';
|
||||
import { Team } from '../models';
|
||||
import { stripSubdomain } from '../../shared/utils/domains';
|
||||
import { getCookieDomain } from '../../shared/utils/domains';
|
||||
|
||||
import slack from './slack';
|
||||
import google from './google';
|
||||
|
|
@ -25,7 +25,7 @@ router.get('/redirect', auth(), async ctx => {
|
|||
// transfer access token cookie from root to subdomain
|
||||
ctx.cookies.set('accessToken', undefined, {
|
||||
httpOnly: true,
|
||||
domain: stripSubdomain(ctx.request.hostname),
|
||||
domain: getCookieDomain(ctx.request.hostname),
|
||||
});
|
||||
|
||||
ctx.cookies.set('accessToken', user.getJwtToken(), {
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ import Sequelize from 'sequelize';
|
|||
import Router from 'koa-router';
|
||||
import auth from '../middlewares/authentication';
|
||||
import addHours from 'date-fns/add_hours';
|
||||
import { stripSubdomain } from '../../shared/utils/domains';
|
||||
import { getCookieDomain } from '../../shared/utils/domains';
|
||||
import { slackAuth } from '../../shared/utils/routeHelpers';
|
||||
import {
|
||||
Authentication,
|
||||
|
|
@ -27,7 +27,7 @@ router.get('slack', async ctx => {
|
|||
ctx.cookies.set('state', state, {
|
||||
httpOnly: false,
|
||||
expires: addHours(new Date(), 1),
|
||||
domain: stripSubdomain(ctx.request.hostname),
|
||||
domain: getCookieDomain(ctx.request.hostname),
|
||||
});
|
||||
ctx.redirect(slackAuth(state));
|
||||
});
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import { getUserForJWT } from '../utils/jwt';
|
|||
import { AuthenticationError, UserSuspendedError } from '../errors';
|
||||
import addMonths from 'date-fns/add_months';
|
||||
import addMinutes from 'date-fns/add_minutes';
|
||||
import { stripSubdomain } from '../../shared/utils/domains';
|
||||
import { getCookieDomain } from '../../shared/utils/domains';
|
||||
|
||||
export default function auth(options?: { required?: boolean } = {}) {
|
||||
return async function authMiddleware(ctx: Context, next: () => Promise<*>) {
|
||||
|
|
@ -89,7 +89,7 @@ export default function auth(options?: { required?: boolean } = {}) {
|
|||
// update the database when the user last signed in
|
||||
user.updateSignedIn(ctx.request.ip);
|
||||
|
||||
const domain = stripSubdomain(ctx.request.hostname);
|
||||
const domain = getCookieDomain(ctx.request.hostname);
|
||||
const expires = addMonths(new Date(), 3);
|
||||
|
||||
// set a cookie for which service we last signed in with. This is
|
||||
|
|
|
|||
|
|
@ -42,6 +42,14 @@ export function parseDomain(url: string): ?Domain {
|
|||
return null;
|
||||
}
|
||||
|
||||
export function getCookieDomain(domain: string) {
|
||||
// TODO: All the process.env parsing needs centralizing
|
||||
return process.env.SUBDOMAINS_ENABLED === 'true' ||
|
||||
process.env.SUBDOMAINS_ENABLED === true
|
||||
? stripSubdomain(domain)
|
||||
: domain;
|
||||
}
|
||||
|
||||
export function stripSubdomain(hostname: string) {
|
||||
const parsed = parseDomain(hostname);
|
||||
if (!parsed) return hostname;
|
||||
|
|
|
|||
Reference in New Issue