From b5021c2b6758b9649bbf690b3694afa791c6e6db Mon Sep 17 00:00:00 2001 From: Amit Upadhyay Date: Tue, 21 May 2024 13:52:52 +0530 Subject: [PATCH] delete cookie using 200 meta refresh --- Cargo.lock | 4 +-- Cargo.toml | 1 - fastn-core/src/commands/serve.rs | 55 ++++++++++++++++++++++++++------ 3 files changed, 47 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6dcba33e8a..d6fec56b62 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1798,9 +1798,9 @@ dependencies = [ [[package]] name = "ft-sys-shared" -version = "0.1.1-alpha.3" +version = "0.1.1-alpha.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90b6afb4aa641a12e2415d6ce6c9351ece33aec22375e8630815c0f6a1ce97ee" +checksum = "500044793197316ea2516bc2d3cfd767e1e968199288f5aabba9d6506d67808c" dependencies = [ "bytes", "chrono", diff --git a/Cargo.toml b/Cargo.toml index dbe24c9baf..75f7ec2384 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -102,7 +102,6 @@ ftd-p1.path = "ftd-p1" ftd-tc.path = "ftd-tc" ftd-ast.path = "ftd-ast" fastn-js.path = "fastn-js" -#ft-sys-shared = { version = "0.1.1-alpha.3", path = "../ft-sdk/ft-sys-shared" } ft-sys-shared = "0.1.1-alpha.4" futures = "0.3" futures-util = { version = "0.3", default-features = false, features = ["std"] } diff --git a/fastn-core/src/commands/serve.rs b/fastn-core/src/commands/serve.rs index 4cfce57e93..43d8477e49 100644 --- a/fastn-core/src/commands/serve.rs +++ b/fastn-core/src/commands/serve.rs @@ -1,3 +1,5 @@ +use actix_web::cookie::time::Duration; + #[tracing::instrument(skip_all)] fn handle_redirect( config: &fastn_core::Config, @@ -132,6 +134,48 @@ async fn serve_fastn_file(config: &fastn_core::Config) -> fastn_core::http::Resp fastn_core::http::ok_with_content_type(response, mime_guess::mime::APPLICATION_OCTET_STREAM) } +pub fn clear_sid(req: &fastn_core::http::Request) -> fastn_core::http::Response { + let mut cookie = actix_web::cookie::Cookie::build(ft_sys_shared::SESSION_KEY, "") + .domain(match req.connection_info.host().split_once(':') { + Some((domain, _port)) => domain.to_string(), + None => req.connection_info.host().to_string(), + }) + .path("/") + .max_age(Duration::seconds(34560000)) + .secure(true) + .same_site(actix_web::cookie::SameSite::Strict) + .finish(); + cookie.make_removal(); + + dbg!( + actix_web::HttpResponse::build(actix_web::http::StatusCode::TEMPORARY_REDIRECT) + .insert_header(("LOCATION", "/")) + .cookie(cookie) + .finish() + ) +} + +pub fn clear_sid2(req: &fastn_core::http::Request) -> fastn_core::http::Response { + // safari is ignoring cookie if we return a redirect, so we are returning a meta refresh + // further we are not using .secure(true) here because then cookie is not working on + // localhost + + let cookie = actix_web::cookie::Cookie::build(ft_sys_shared::SESSION_KEY, "") + .domain(match req.connection_info.host().split_once(':') { + Some((domain, _port)) => domain.to_string(), + None => req.connection_info.host().to_string(), + }) + .path("/") + .max_age(Duration::seconds(0)) + .same_site(actix_web::cookie::SameSite::Strict) + .finish(); + + actix_web::HttpResponse::build(actix_web::http::StatusCode::OK) + .cookie(cookie) + .append_header(("Content-Type", "text/html")) + .body(r#" "#) +} + #[tracing::instrument(skip_all)] pub async fn serve( config: &fastn_core::Config, @@ -139,16 +183,7 @@ pub async fn serve( only_js: bool, ) -> fastn_core::Result { if req.path() == "/-/auth/logout/" { - return Ok(actix_web::HttpResponse::TemporaryRedirect() - .insert_header(("LOCATION", "/")) - .insert_header(( - "SET-COOKIE", - format!( - "{}=; Secure; HttpOnly; SameSite=Strict; Path=/; Max-Age=0", - ft_sys_shared::SESSION_KEY - ), - )) - .finish()); + return Ok(clear_sid2(&req)); } if let Some(endpoint_response) = handle_endpoints(config, &req).await {