Skip to content

Commit

Permalink
fix(yolo): fix cookie issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@moul
moul committed Feb 4, 2019
1 parent 775ec93 commit 34c033b
Show file tree
Hide file tree
Showing 6 changed files with 36 additions and 27 deletions.
4 changes: 1 addition & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,9 @@ FROM golang:1.11.4-alpine as builder
RUN apk add --no-cache make git gcc musl-dev g++
RUN go get -u github.com/gobuffalo/packr/packr
WORKDIR /go/src/github.com/berty/staff/tools/release
COPY go.mod go.sum ./
RUN GO111MODULE=on go mod download
COPY . .
RUN packr
RUN make install
RUN GO111MODULE=on go install -mod=vendor -v ./cmd/...

# runtime
FROM alpine
Expand Down
1 change: 1 addition & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ install:

.PHONY: docker.build
docker.build:
go mod vendor
docker build -t "$(IMAGE)" .

.PHONY: docker.push
Expand Down
1 change: 1 addition & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ require (
github.com/mattn/go-colorable v0.0.9 // indirect
github.com/mattn/go-isatty v0.0.4 // indirect
github.com/oxtoacart/bpool v0.0.0-20150712133111-4e1c5567d7c2
github.com/pkg/errors v0.8.1
github.com/spf13/cobra v0.0.3
github.com/valyala/bytebufferpool v1.0.0 // indirect
github.com/valyala/fasttemplate v0.0.0-20170224212429-dcecefd839c4 // indirect
Expand Down
3 changes: 3 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,7 @@ github.com/gobuffalo/x v0.0.0-20181007152206-913e47c59ca7/go.mod h1:9rDPXaB3kXdK
github.com/gofrs/uuid v3.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/google/uuid v1.1.0 h1:Jf4mxPC/ziBnoPIdpQdPJ9OeiomAUHLvxmPRSPH9m4s=
github.com/google/uuid v1.1.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
Expand Down Expand Up @@ -399,6 +400,7 @@ golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5h
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181206074257-70b957f3b65e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190102155601-82a175fd1598/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190116161447-11f53e031339 h1:g/Jesu8+QLnA0CPzF3E1pURg0Byr7i6jLoX5sqjcAh0=
golang.org/x/sys v0.0.0-20190116161447-11f53e031339/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
Expand All @@ -425,6 +427,7 @@ golang.org/x/tools v0.0.0-20190104182027-498d95493402/go.mod h1:n7NCudcB/nEzxVGm
golang.org/x/tools v0.0.0-20190111214448-fc1d57b08d7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190118193359-16909d206f00/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
Expand Down
51 changes: 27 additions & 24 deletions server/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,19 +14,22 @@ import (
"github.com/gorilla/sessions"
"github.com/labstack/echo"
"github.com/labstack/echo-contrib/session"
"github.com/pkg/errors"
"golang.org/x/oauth2"
)

const (
AuthDomain = "berty.eu.auth0.com"
ClientID = "yqYy0K16xwgWbwS3dISg87Iacz06PMmX"
ClientSecret = "laLoKBfijXRDkyksnX4OP-LgsWzWqMl41kcQp_XwUmM1KbWnI3dKRxdveuheHdue"
SessionSecret = "***REMOVED***"
AuthDomain = "berty.eu.auth0.com"
ClientID = "yqYy0K16xwgWbwS3dISg87Iacz06PMmX"
ClientSecret = "laLoKBfijXRDkyksnX4OP-LgsWzWqMl41kcQp_XwUmM1KbWnI3dKRxdveuheHdue"
SessionSecret = "***REMOVED***"
authSessionCookieName = "yolo-auth-session"
stateCookieName = "yolo-state"
)

type OAuth struct {
conf *oauth2.Config
sf *sessions.FilesystemStore
sf *sessions.CookieStore
}

func NewOAuth(redirectUrl string, e *echo.Echo) *OAuth {
Expand All @@ -41,7 +44,7 @@ func NewOAuth(redirectUrl string, e *echo.Echo) *OAuth {
},
}

sf := sessions.NewFilesystemStore("", []byte(SessionSecret))
sf := sessions.NewCookieStore([]byte(SessionSecret))
gob.Register(map[string]interface{}{})

e.Use(session.Middleware(sf))
Expand All @@ -60,7 +63,7 @@ func (o *OAuth) ProtectMiddleware(failureRedirect string, fverify func(map[strin
return next(c)
}

sess, err := session.Get("auth-session", c)
sess, err := session.Get(authSessionCookieName, c)
if err != nil {
return c.Redirect(http.StatusTemporaryRedirect, failureRedirect)
}
Expand All @@ -85,22 +88,22 @@ func (o *OAuth) LoginHandler() func(echo.Context) error {
return func(c echo.Context) error {
aud := "https://" + AuthDomain + "/userinfo"

sess, err := session.Get("state", c)
sess, err := session.Get(stateCookieName, c)
if err != nil {
c.Logger().Warn("invalid session: ", err.Error())
c.Logger().Warn("Login: invalid session: ", err.Error())
}

if sess == nil {
return echo.NewHTTPError(http.StatusInternalServerError, "invalid session")
return errors.Wrap(err, "Login: failed to get session")
}

b := make([]byte, 32)
rand.Read(b)
state := base64.StdEncoding.EncodeToString(b)

sess.Values["state"] = state
sess.Values[stateCookieName] = state
if err := sess.Save(c.Request(), c.Response()); err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
return errors.Wrap(err, "Login: failed to save session")
}

audience := oauth2.SetAuthURLParam("audience", aud)
Expand All @@ -115,10 +118,10 @@ func (o *OAuth) LogoutHandler(redirectUrl string) func(echo.Context) error {
var logoutUrl *url.URL
logoutUrl, err := url.Parse("https://" + AuthDomain)
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
return errors.Wrap(err, "Logout: failed to parse auth domain")
}

for _, ck := range []string{"auth-session", "state"} {
for _, ck := range []string{authSessionCookieName, stateCookieName} {
cookie, err := c.Cookie(ck)
if err == nil {
cookie.MaxAge = -1 // erase the cookie
Expand Down Expand Up @@ -146,44 +149,44 @@ func (o *OAuth) LogoutHandler(redirectUrl string) func(echo.Context) error {
func (o *OAuth) CallbackHandler(redirectUrl string) func(echo.Context) error {
return func(c echo.Context) error {
state := c.QueryParam("state")
sess, err := session.Get("state", c)
sess, err := session.Get(stateCookieName, c)
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
return errors.Wrap(err, "Callback: failed to get state")
}

if state != sess.Values["state"] {
return echo.NewHTTPError(http.StatusInternalServerError, "invalid state")
if state != sess.Values[stateCookieName] {
return errors.Errorf("Callback: invalid state (%q != %q)", state, sess.Values[stateCookieName])
}

code := c.QueryParam("code")
token, err := o.conf.Exchange(context.TODO(), code)
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
return errors.Wrap(err, "Callback: failed to do the code exchange")
}

client := o.conf.Client(context.TODO(), token)
resp, err := client.Get("https://" + AuthDomain + "/userinfo")
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
return errors.Wrap(err, "Callback: failed to get userinfo")
}

defer resp.Body.Close()

var profile map[string]interface{}
if err = json.NewDecoder(resp.Body).Decode(&profile); err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
return errors.Wrap(err, "Callback: failed to decode profile")
}

sessAuth, err := session.Get("auth-session", c)
sessAuth, err := session.Get(authSessionCookieName, c)
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
return errors.Wrap(err, "Callback: failed to get auth-session")
}

sessAuth.Values["id_token"] = token.Extra("id_token")
sessAuth.Values["access_token"] = token.AccessToken
sessAuth.Values["profile"] = profile
if err := sessAuth.Save(c.Request(), c.Response()); err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
return errors.Wrap(err, "failed to save session")
}

return c.Redirect(http.StatusSeeOther, redirectUrl)
Expand Down
3 changes: 3 additions & 0 deletions server/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,10 @@ func NewServer(cfg *ServerConfig) (*Server, error) {

randStr := randStringRunes(10)
e := echo.New()
e.Debug = cfg.Debug
e.Use(middleware.Logger())
e.Use(middleware.Recover())
e.Use(middleware.Gzip())
templatesBox := packr.NewBox("../templates")
s := &Server{
client: cfg.Client,
Expand Down

0 comments on commit 34c033b

Please sign in to comment.