Permalink
Browse files

fix #24: simplify js, remove jQuery

  • Loading branch information...
kamilsk committed Jan 5, 2019
1 parent 12080af commit 738e15ae3c1073da20931794a4d6810eec7cbdf3
@@ -23,7 +23,7 @@ var (
"read_header_timeout": time.Duration(0),
"write_timeout": time.Duration(0),
"idle_timeout": time.Duration(0),
"base_url": "http://localhost/",
"base_url": "http://localhost:8080/",
"dsn": "postgres://postgres:postgres@127.0.0.1:5432/postgres?connect_timeout=1&sslmode=disable",
"open_conn": 1,
"idle_conn": 1,
@@ -1,17 +1,17 @@
### API v1

GET http://localhost:8080/api/v1/tracker/instruction
Cookie: session=41ca5e09-3ce2-4094-b108-3ecc257c6fa4
Cookie: session=10000000-2000-4000-8000-160000000000
X-Request-ID: 10000000-2000-4000-8000-160000000000

###

POST http://localhost:8080/api/v1/tracker/fingerprint
Content-Type: application/x-www-form-urlencoded
Cookie: session=41ca5e09-3ce2-4094-b108-3ecc257c6fa4
Cookie: session=10000000-2000-4000-8000-160000000000
X-Request-ID: 10000000-2000-4000-8000-160000000000

fingerprint=ee657834d1ff745af85141252ee0e435
fingerprint=a96f3e8efd95cb47f16185c1c887cbad

### Static

@@ -0,0 +1,22 @@
package main

import "net/http"

func main() {
_ = http.ListenAndServe(":9000", http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
_, _ = rw.Write([]byte(`
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Passport</title>
<script src="//cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/1.8.6/fingerprint2.min.js"></script>
</head>
<body>
<h1>Demo Page</h1>
<script src="//localhost:8080/api/v1/tracker/instruction"></script>
</body>
</html>
`))
}))
}
@@ -18,7 +18,10 @@ func NewRouter(api router.Server) http.Handler {
r.Use(middleware.Logger)

r.Route("/api/v1/tracker", func(r chi.Router) {
r.Use(cors.New(cors.Options{AllowCredentials: true}).Handler)
r.Use(cors.New(cors.Options{
AllowOriginFunc: func(origin string) bool { return true },
AllowCredentials: true,
}).Handler)
r.Route("/instruction", func(r chi.Router) {
r.Use(middleware.NoCache)
r.Get("/", api.GetTrackerInstructionV1)
@@ -1,12 +1,12 @@
package server

import (
"html/template"
"io"
"io/ioutil"
"log"
"net/http"
"net/url"
"text/template"

"github.com/kamilsk/passport/pkg/config"
"github.com/kamilsk/passport/pkg/errors"
@@ -35,8 +35,8 @@ type Server struct {
// GetTrackerInstructionV1 is responsible for `GET /api/v1/tracker/instruction` request handling.
func (s *Server) GetTrackerInstructionV1(rw http.ResponseWriter, req *http.Request) {
cookie, err := req.Cookie(sessionKey)
if err != nil || !cookie.HttpOnly || !cookie.Secure {
cookie = &http.Cookie{Name: sessionKey, Secure: true, HttpOnly: true}
if err != nil {
cookie = &http.Cookie{Name: sessionKey, HttpOnly: true, Secure: s.baseURL.Scheme == "https"}
}

response := s.service.HandleTrackerInstructionV1(tracker.InstructionRequest{EncryptedSession: cookie.Value})
@@ -75,20 +75,15 @@ func (s *Server) PostTrackerFingerprintV1(rw http.ResponseWriter, req *http.Requ
}()
cookie, err := req.Cookie(sessionKey)
if err != nil {
// issue #19: Safari sends cookies in `demo-cross-origin`-mode, but doesn't send it in production
// Related articles:
// - https://blog.mozilla.org/futurereleases/2018/08/30/changing-our-approach-to-anti-tracking/
// - https://webkit.org/blog/7675/intelligent-tracking-prevention/
log.Printf("\n\n[CRITICAL] cookie not found, skip this request (%q)\n\n", req.UserAgent())
rw.WriteHeader(http.StatusAccepted)
_, _ = io.Copy(ioutil.Discard, req.Body)
_ = req.Body.Close()
return
}
if !cookie.HttpOnly || !cookie.Secure {
// issue #22: prevent cookie manipulation
log.Printf("\n\n[CRITICAL] cookie is not safe, skip this request (%+v)\n\n", *cookie)
_, _ = io.Copy(ioutil.Discard, req.Body)
_ = req.Body.Close()
return
}

request := tracker.FingerprintRequest{EncryptedSession: cookie.Value, Header: req.Header}
if err := req.ParseForm(); err != nil {

Some generated files are not rendered by default. Learn more.

Oops, something went wrong.

Some generated files are not rendered by default. Learn more.

Oops, something went wrong.
@@ -26,16 +26,15 @@
counter++;

// TODO https://github.com/github/fetch
let data = new FormData();
data.append('fingerprint', payload.fingerprint);
let data = new URLSearchParams(payload);
fetch(
new Request(
config.endpoint,
{method: 'POST', body: data, credentials: 'include'}
)
)
.then(response => {
if (response.status === 200) {
if (response.status >= 200 && response.status < 300) {
synced = true;
ctx.fingerprint = payload.fingerprint;
log('sender has synced a payload');
@@ -45,19 +44,6 @@
lock = false;
log(informer + ' has sent a notification to ' + config.endpoint);
});
// sender({
// type: 'POST',
// url: config.endpoint,
// data: JSON.stringify(payload),
// contentType: 'application/json; charset=utf-8',
// xhrFields: { withCredentials: true },
// success: function () {
// synced = true;
// ctx.fingerprint = payload.fingerprint;
// log('sender has synced a payload');
// },
// complete: function () { lock = false; log(informer + ' has sent a notification to ' + config.endpoint); }
// });
}

let corrector = setInterval((function () {

0 comments on commit 738e15a

Please sign in to comment.