fix: Don't set cookie domain when not using multiple subdomains (#1145)
* fix: Don't set cookie domain when not using multiple subdomains * wip logging domain * wip logging domain * wip logging domain * wip logging domain * Revert "wip logging domain" This reverts commit 325907e74962179e02cee0b1df364a3aedbe62e3. * Revert "wip logging domain" This reverts commit 6ee095a49e9c18999a20d5379234323d49d5e6c8. * Revert "wip logging domain" This reverts commit 813d8eb960cdf4dd6db4795739df3adf895600e2. * Revert "wip logging domain" This reverts commit f1ca81927626bbd0d46c1963510d115a003176d8. * Remove SUBDOMAINS_ENABLED from documented env variables, no-one self hosting should need this – it just adds confusion to those looking to host on a single subdomain fix: Account for server/client process.env parsing Co-authored-by: Nan Yu <nanyu@Nans-MBP-2.lan> Co-authored-by: Nan Yu <nan@getoutline.com>
This commit is contained in:
Tom Moor
GitHub
@ -19,7 +19,6 @@ FORCE_HTTPS=true
|
|||||||
|
|
||||||
DEPLOYMENT=self
|
DEPLOYMENT=self
|
||||||
ENABLE_UPDATES=true
|
ENABLE_UPDATES=true
|
||||||
SUBDOMAINS_ENABLED=false
|
|
||||||
WEBSOCKETS_ENABLED=true
|
WEBSOCKETS_ENABLED=true
|
||||||
DEBUG=cache,presenters,events
|
DEBUG=cache,presenters,events
|
||||||
|
|
||||||
|
|||||||
5
app.json
5
app.json
@ -44,11 +44,6 @@
|
|||||||
"value": "true",
|
"value": "true",
|
||||||
"required": true
|
"required": true
|
||||||
},
|
},
|
||||||
"SUBDOMAINS_ENABLED": {
|
|
||||||
"value": "false",
|
|
||||||
"required": true,
|
|
||||||
"description": "Allows each team to have a different subdomain. Not recommend when self hosting"
|
|
||||||
},
|
|
||||||
"WEBSOCKETS_ENABLED": {
|
"WEBSOCKETS_ENABLED": {
|
||||||
"value": "true",
|
"value": "true",
|
||||||
"required": true,
|
"required": true,
|
||||||
|
|||||||
@ -3,7 +3,7 @@ import { observable, action, computed, autorun, runInAction } from 'mobx';
|
|||||||
import invariant from 'invariant';
|
import invariant from 'invariant';
|
||||||
import { getCookie, setCookie, removeCookie } from 'tiny-cookie';
|
import { getCookie, setCookie, removeCookie } from 'tiny-cookie';
|
||||||
import { client } from 'utils/ApiClient';
|
import { client } from 'utils/ApiClient';
|
||||||
import { stripSubdomain } from 'shared/utils/domains';
|
import { getCookieDomain } from 'shared/utils/domains';
|
||||||
import RootStore from 'stores/RootStore';
|
import RootStore from 'stores/RootStore';
|
||||||
import User from 'models/User';
|
import User from 'models/User';
|
||||||
import Team from 'models/Team';
|
import Team from 'models/Team';
|
||||||
@ -174,7 +174,7 @@ export default class AuthStore {
|
|||||||
delete sessions[team.id];
|
delete sessions[team.id];
|
||||||
|
|
||||||
setCookie('sessions', JSON.stringify(sessions), {
|
setCookie('sessions', JSON.stringify(sessions), {
|
||||||
domain: stripSubdomain(window.location.hostname),
|
domain: getCookieDomain(window.location.hostname),
|
||||||
});
|
});
|
||||||
this.team = null;
|
this.team = null;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -6,7 +6,7 @@ import validation from '../middlewares/validation';
|
|||||||
import auth from '../middlewares/authentication';
|
import auth from '../middlewares/authentication';
|
||||||
import addMonths from 'date-fns/add_months';
|
import addMonths from 'date-fns/add_months';
|
||||||
import { Team } from '../models';
|
import { Team } from '../models';
|
||||||
import { stripSubdomain } from '../../shared/utils/domains';
|
import { getCookieDomain } from '../../shared/utils/domains';
|
||||||
|
|
||||||
import slack from './slack';
|
import slack from './slack';
|
||||||
import google from './google';
|
import google from './google';
|
||||||
@ -25,7 +25,7 @@ router.get('/redirect', auth(), async ctx => {
|
|||||||
// transfer access token cookie from root to subdomain
|
// transfer access token cookie from root to subdomain
|
||||||
ctx.cookies.set('accessToken', undefined, {
|
ctx.cookies.set('accessToken', undefined, {
|
||||||
httpOnly: true,
|
httpOnly: true,
|
||||||
domain: stripSubdomain(ctx.request.hostname),
|
domain: getCookieDomain(ctx.request.hostname),
|
||||||
});
|
});
|
||||||
|
|
||||||
ctx.cookies.set('accessToken', user.getJwtToken(), {
|
ctx.cookies.set('accessToken', user.getJwtToken(), {
|
||||||
|
|||||||
@ -3,7 +3,7 @@ import Sequelize from 'sequelize';
|
|||||||
import Router from 'koa-router';
|
import Router from 'koa-router';
|
||||||
import auth from '../middlewares/authentication';
|
import auth from '../middlewares/authentication';
|
||||||
import addHours from 'date-fns/add_hours';
|
import addHours from 'date-fns/add_hours';
|
||||||
import { stripSubdomain } from '../../shared/utils/domains';
|
import { getCookieDomain } from '../../shared/utils/domains';
|
||||||
import { slackAuth } from '../../shared/utils/routeHelpers';
|
import { slackAuth } from '../../shared/utils/routeHelpers';
|
||||||
import {
|
import {
|
||||||
Authentication,
|
Authentication,
|
||||||
@ -27,7 +27,7 @@ router.get('slack', async ctx => {
|
|||||||
ctx.cookies.set('state', state, {
|
ctx.cookies.set('state', state, {
|
||||||
httpOnly: false,
|
httpOnly: false,
|
||||||
expires: addHours(new Date(), 1),
|
expires: addHours(new Date(), 1),
|
||||||
domain: stripSubdomain(ctx.request.hostname),
|
domain: getCookieDomain(ctx.request.hostname),
|
||||||
});
|
});
|
||||||
ctx.redirect(slackAuth(state));
|
ctx.redirect(slackAuth(state));
|
||||||
});
|
});
|
||||||
|
|||||||
@ -6,7 +6,7 @@ import { getUserForJWT } from '../utils/jwt';
|
|||||||
import { AuthenticationError, UserSuspendedError } from '../errors';
|
import { AuthenticationError, UserSuspendedError } from '../errors';
|
||||||
import addMonths from 'date-fns/add_months';
|
import addMonths from 'date-fns/add_months';
|
||||||
import addMinutes from 'date-fns/add_minutes';
|
import addMinutes from 'date-fns/add_minutes';
|
||||||
import { stripSubdomain } from '../../shared/utils/domains';
|
import { getCookieDomain } from '../../shared/utils/domains';
|
||||||
|
|
||||||
export default function auth(options?: { required?: boolean } = {}) {
|
export default function auth(options?: { required?: boolean } = {}) {
|
||||||
return async function authMiddleware(ctx: Context, next: () => Promise<*>) {
|
return async function authMiddleware(ctx: Context, next: () => Promise<*>) {
|
||||||
@ -89,7 +89,7 @@ export default function auth(options?: { required?: boolean } = {}) {
|
|||||||
// update the database when the user last signed in
|
// update the database when the user last signed in
|
||||||
user.updateSignedIn(ctx.request.ip);
|
user.updateSignedIn(ctx.request.ip);
|
||||||
|
|
||||||
const domain = stripSubdomain(ctx.request.hostname);
|
const domain = getCookieDomain(ctx.request.hostname);
|
||||||
const expires = addMonths(new Date(), 3);
|
const expires = addMonths(new Date(), 3);
|
||||||
|
|
||||||
// set a cookie for which service we last signed in with. This is
|
// set a cookie for which service we last signed in with. This is
|
||||||
|
|||||||
@ -42,6 +42,14 @@ export function parseDomain(url: string): ?Domain {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export function getCookieDomain(domain: string) {
|
||||||
|
// TODO: All the process.env parsing needs centralizing
|
||||||
|
return process.env.SUBDOMAINS_ENABLED === 'true' ||
|
||||||
|
process.env.SUBDOMAINS_ENABLED === true
|
||||||
|
? stripSubdomain(domain)
|
||||||
|
: domain;
|
||||||
|
}
|
||||||
|
|
||||||
export function stripSubdomain(hostname: string) {
|
export function stripSubdomain(hostname: string) {
|
||||||
const parsed = parseDomain(hostname);
|
const parsed = parseDomain(hostname);
|
||||||
if (!parsed) return hostname;
|
if (!parsed) return hostname;
|
||||||
|
|||||||
Reference in New Issue
Block a user