delete cookie using 200 meta refresh

fastn-stack · May 21, 2024 · b5021c2 · b5021c2
1 parent e774a9e
commit b5021c2
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 13 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -102,7 +102,6 @@ ftd-p1.path = "ftd-p1"
 ftd-tc.path = "ftd-tc"
 ftd-ast.path = "ftd-ast"
 fastn-js.path = "fastn-js"
-#ft-sys-shared = { version = "0.1.1-alpha.3", path = "../ft-sdk/ft-sys-shared" }
 ft-sys-shared = "0.1.1-alpha.4"
 futures = "0.3"
 futures-util = { version = "0.3", default-features = false, features = ["std"] }

diff --git a/fastn-core/src/commands/serve.rs b/fastn-core/src/commands/serve.rs
@@ -1,3 +1,5 @@
+use actix_web::cookie::time::Duration;
+
 #[tracing::instrument(skip_all)]
 fn handle_redirect(
     config: &fastn_core::Config,
@@ -132,23 +134,56 @@ async fn serve_fastn_file(config: &fastn_core::Config) -> fastn_core::http::Resp
     fastn_core::http::ok_with_content_type(response, mime_guess::mime::APPLICATION_OCTET_STREAM)
 }
 
+pub fn clear_sid(req: &fastn_core::http::Request) -> fastn_core::http::Response {
+    let mut cookie = actix_web::cookie::Cookie::build(ft_sys_shared::SESSION_KEY, "")
+        .domain(match req.connection_info.host().split_once(':') {
+            Some((domain, _port)) => domain.to_string(),
+            None => req.connection_info.host().to_string(),
+        })
+        .path("/")
+        .max_age(Duration::seconds(34560000))
+        .secure(true)
+        .same_site(actix_web::cookie::SameSite::Strict)
+        .finish();
+    cookie.make_removal();
+
+    dbg!(
+        actix_web::HttpResponse::build(actix_web::http::StatusCode::TEMPORARY_REDIRECT)
+            .insert_header(("LOCATION", "/"))
+            .cookie(cookie)
+            .finish()
+    )
+}
+
+pub fn clear_sid2(req: &fastn_core::http::Request) -> fastn_core::http::Response {
+    // safari is ignoring cookie if we return a redirect, so we are returning a meta refresh
+    // further we are not using .secure(true) here because then cookie is not working on
+    // localhost
+
+    let cookie = actix_web::cookie::Cookie::build(ft_sys_shared::SESSION_KEY, "")
+        .domain(match req.connection_info.host().split_once(':') {
+            Some((domain, _port)) => domain.to_string(),
+            None => req.connection_info.host().to_string(),
+        })
+        .path("/")
+        .max_age(Duration::seconds(0))
+        .same_site(actix_web::cookie::SameSite::Strict)
+        .finish();
+
+    actix_web::HttpResponse::build(actix_web::http::StatusCode::OK)
+        .cookie(cookie)
+        .append_header(("Content-Type", "text/html"))
+        .body(r#" <meta http-equiv="refresh" content="0; url=/" />"#)
+}
+
 #[tracing::instrument(skip_all)]
 pub async fn serve(
     config: &fastn_core::Config,
     req: fastn_core::http::Request,
     only_js: bool,
 ) -> fastn_core::Result<fastn_core::http::Response> {
     if req.path() == "/-/auth/logout/" {
-        return Ok(actix_web::HttpResponse::TemporaryRedirect()
-            .insert_header(("LOCATION", "/"))
-            .insert_header((
-                "SET-COOKIE",
-                format!(
-                    "{}=; Secure; HttpOnly; SameSite=Strict; Path=/; Max-Age=0",
-                    ft_sys_shared::SESSION_KEY
-                ),
-            ))
-            .finish());
+        return Ok(clear_sid2(&req));
     }
 
     if let Some(endpoint_response) = handle_endpoints(config, &req).await {