Skip to content

Commit

Permalink
fix: login with http not working after having already logged in with …
Browse files Browse the repository at this point in the history
…https #398
  • Loading branch information
rejetto committed Nov 26, 2023
1 parent fb781de commit eb2dc7a
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 4 deletions.
6 changes: 3 additions & 3 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,15 @@ import { frontEndApis } from './frontEndApis'
import { logMw } from './log'
import { pluginsMiddleware } from './plugins'
import { throttler } from './throttler'
import { headRequests, gzipper, serveGuiAndSharedFiles, someSecurity, prepareState, paramsDecoder } from './middlewares'
import { headRequests, gzipper, serveGuiAndSharedFiles, someSecurity, prepareState, paramsDecoder, sessionMiddleware
} from './middlewares'
import './listen'
import './commands'
import { adminApis } from './adminApis'
import { defineConfig } from './config'
import { ok } from 'assert'
import _ from 'lodash'
import { randomId } from './misc'
import session from 'koa-session'
import { selfCheckMiddleware } from './selfCheck'
import { acmeMiddleware } from './acme'
import './geo'
Expand All @@ -32,7 +32,7 @@ const keys = process.env.COOKIE_SIGN_KEYS?.split(',')
export const app = new Koa({ keys })
app.use(someSecurity)
.use(acmeMiddleware)
.use(session({ key: 'hfs_$id', signed: true, rolling: true, sameSite: 'lax' }, app))
.use(sessionMiddleware)
.use(prepareState)
.use(geoFilter)
.use(selfCheckMiddleware)
Expand Down
12 changes: 11 additions & 1 deletion src/middlewares.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
// This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt

import compress from 'koa-compress'
import Koa from 'koa'
import Koa, { Middleware } from 'koa'
import { ADMIN_URI, API_URI, BUILD_TIMESTAMP, DEV,
HTTP_FORBIDDEN, HTTP_NOT_FOUND, HTTP_FOOL, HTTP_UNAUTHORIZED, HTTP_BAD_REQUEST, HTTP_METHOD_NOT_ALLOWED,
} from './const'
Expand All @@ -28,6 +28,8 @@ import { constants } from 'zlib'
import { baseUrl, getHttpsWorkingPort } from './listen'
import { defineConfig } from './config'
import { sendErrorPage } from './errorPages'
import session from 'koa-session'
import { app } from './index'

const forceHttps = defineConfig('force_https', true)
const ignoreProxies = defineConfig('ignore_proxies', false)
Expand Down Expand Up @@ -245,3 +247,11 @@ export const paramsDecoder: Koa.Middleware = async (ctx, next) => {
&& (tryJson(await stream2string(ctx.req)) || {})
await next()
}

export const sessionMiddleware: Middleware = (ctx, next) =>
session({
key: 'hfs_$id' + (ctx.secure ? '' : '_http'), // once https cookie is created, http cannot
signed: true,
rolling: true,
sameSite: 'lax'
}, app)(ctx, next)

0 comments on commit eb2dc7a

Please sign in to comment.