rdelaage
/
miniflux-v2
mirror of https://github.com/miniflux/v2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add configurable HTTPS flag for secure cookie flag

This commit is contained in:
Frédéric Guillot 2017-12-28 20:34:18 -08:00
parent a63105e13b
commit 7c19febd73
8 changed files with 33 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config/config.go
View File

@ -26,7 +26,9 @@ const (
) )
// Config manages configuration parameters. // Config manages configuration parameters.
type Config struct{} type Config struct {
IsHTTPS bool
}
// Get returns a config parameter value. // Get returns a config parameter value.
func (c *Config) Get(key, fallback string) string { func (c *Config) Get(key, fallback string) string {
@ -51,5 +53,5 @@ func (c *Config) GetInt(key string, fallback int) int {
// NewConfig returns a new Config. // NewConfig returns a new Config.
func NewConfig() *Config { func NewConfig() *Config {
return &Config{} return &Config{IsHTTPS: os.Getenv("HTTPS") != ""}
} }

12
server/core/handler.go
View File

@ -8,6 +8,7 @@ import (
"net/http" "net/http"
"time" "time"
"github.com/miniflux/miniflux/config"
"github.com/miniflux/miniflux/helper" "github.com/miniflux/miniflux/helper"
"github.com/miniflux/miniflux/locale" "github.com/miniflux/miniflux/locale"
"github.com/miniflux/miniflux/logger" "github.com/miniflux/miniflux/logger"
@ -16,6 +17,7 @@ import (
"github.com/miniflux/miniflux/storage" "github.com/miniflux/miniflux/storage"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/tomasen/realip"
) )
// HandlerFunc is an application HTTP handler. // HandlerFunc is an application HTTP handler.
@ -23,6 +25,7 @@ type HandlerFunc func(ctx *Context, request *Request, response *Response)
// Handler manages HTTP handlers and middlewares. // Handler manages HTTP handlers and middlewares.
type Handler struct { type Handler struct {
cfg *config.Config
store *storage.Storage store *storage.Storage
translator *locale.Translator translator *locale.Translator
template *template.Engine template *template.Engine
@ -34,7 +37,11 @@ type Handler struct {
func (h *Handler) Use(f HandlerFunc) http.Handler { func (h *Handler) Use(f HandlerFunc) http.Handler {
return h.middleware.WrapFunc(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return h.middleware.WrapFunc(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
defer helper.ExecutionTime(time.Now(), r.URL.Path) defer helper.ExecutionTime(time.Now(), r.URL.Path)
logger.Debug("[HTTP] %s %s", r.Method, r.URL.Path) logger.Debug("[HTTP] %s %s %s", realip.RealIP(r), r.Method, r.URL.Path)
if r.Header.Get("X-Forwarded-Proto") == "https" {
h.cfg.IsHTTPS = true
}
ctx := NewContext(w, r, h.store, h.router, h.translator) ctx := NewContext(w, r, h.store, h.router, h.translator)
request := NewRequest(w, r) request := NewRequest(w, r)
@ -51,8 +58,9 @@ func (h *Handler) Use(f HandlerFunc) http.Handler {
} }
// NewHandler returns a new Handler. // NewHandler returns a new Handler.
func NewHandler(store *storage.Storage, router *mux.Router, template *template.Engine, translator *locale.Translator, middleware *middleware.Chain) *Handler { func NewHandler(cfg *config.Config, store *storage.Storage, router *mux.Router, template *template.Engine, translator *locale.Translator, middleware *middleware.Chain) *Handler {
return &Handler{ return &Handler{
cfg: cfg,
store: store, store: store,
translator: translator, translator: translator,
router: router, router: router,

5
server/core/request.go
View File

@ -36,11 +36,6 @@ func (r *Request) File(name string) (multipart.File, *multipart.FileHeader, erro
return r.request.FormFile(name) return r.request.FormFile(name)
} }
// IsHTTPS returns if the request is made over HTTPS.
func (r *Request) IsHTTPS() bool {
return r.request.URL.Scheme == "https"
}
// Cookie returns the cookie value. // Cookie returns the cookie value.
func (r *Request) Cookie(name string) string { func (r *Request) Cookie(name string) string {
cookie, err := r.request.Cookie(name) cookie, err := r.request.Cookie(name)

18
server/middleware/session.go
View File

@ -8,6 +8,7 @@ import (
"context" "context"
"net/http" "net/http"
"github.com/miniflux/miniflux/config"
"github.com/miniflux/miniflux/logger" "github.com/miniflux/miniflux/logger"
"github.com/miniflux/miniflux/model" "github.com/miniflux/miniflux/model"
"github.com/miniflux/miniflux/server/cookie" "github.com/miniflux/miniflux/server/cookie"
@ -16,25 +17,26 @@ import (
// SessionMiddleware represents a session middleware. // SessionMiddleware represents a session middleware.
type SessionMiddleware struct { type SessionMiddleware struct {
cfg *config.Config
store *storage.Storage store *storage.Storage
} }
// Handler execute the middleware. // Handler execute the middleware.
func (t *SessionMiddleware) Handler(next http.Handler) http.Handler { func (s *SessionMiddleware) Handler(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
var err error var err error
session := t.getSessionValueFromCookie(r) session := s.getSessionValueFromCookie(r)
if session == nil { if session == nil {
logger.Debug("[Middleware:Session] Session not found") logger.Debug("[Middleware:Session] Session not found")
session, err = t.store.CreateSession() session, err = s.store.CreateSession()
if err != nil { if err != nil {
logger.Error("[Middleware:Session] %v", err) logger.Error("[Middleware:Session] %v", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }
http.SetCookie(w, cookie.New(cookie.CookieSessionID, session.ID, r.URL.Scheme == "https")) http.SetCookie(w, cookie.New(cookie.CookieSessionID, session.ID, s.cfg.IsHTTPS))
} else { } else {
logger.Debug("[Middleware:Session] %s", session) logger.Debug("[Middleware:Session] %s", session)
} }
@ -61,13 +63,13 @@ func (t *SessionMiddleware) Handler(next http.Handler) http.Handler {
}) })
} }
func (t *SessionMiddleware) getSessionValueFromCookie(r *http.Request) *model.Session { func (s *SessionMiddleware) getSessionValueFromCookie(r *http.Request) *model.Session {
sessionCookie, err := r.Cookie(cookie.CookieSessionID) sessionCookie, err := r.Cookie(cookie.CookieSessionID)
if err == http.ErrNoCookie { if err == http.ErrNoCookie {
return nil return nil
} }
session, err := t.store.Session(sessionCookie.Value) session, err := s.store.Session(sessionCookie.Value)
if err != nil { if err != nil {
logger.Error("[Middleware:Session] %v", err) logger.Error("[Middleware:Session] %v", err)
return nil return nil
@ -77,6 +79,6 @@ func (t *SessionMiddleware) getSessionValueFromCookie(r *http.Request) *model.Se
} }
// NewSessionMiddleware returns a new SessionMiddleware. // NewSessionMiddleware returns a new SessionMiddleware.
func NewSessionMiddleware(s *storage.Storage) *SessionMiddleware { func NewSessionMiddleware(cfg *config.Config, store *storage.Storage) *SessionMiddleware {
return &SessionMiddleware{store: s} return &SessionMiddleware{cfg, store}
} }

8
server/routes.go
View File

@ -33,17 +33,17 @@ func getRoutes(cfg *config.Config, store *storage.Storage, feedHandler *feed.Han
feverController := fever.NewController(store) feverController := fever.NewController(store)
uiController := ui_controller.NewController(cfg, store, pool, feedHandler, opml.NewHandler(store)) uiController := ui_controller.NewController(cfg, store, pool, feedHandler, opml.NewHandler(store))
apiHandler := core.NewHandler(store, router, templateEngine, translator, middleware.NewChain( apiHandler := core.NewHandler(cfg, store, router, templateEngine, translator, middleware.NewChain(
middleware.NewBasicAuthMiddleware(store).Handler, middleware.NewBasicAuthMiddleware(store).Handler,
)) ))
feverHandler := core.NewHandler(store, router, templateEngine, translator, middleware.NewChain( feverHandler := core.NewHandler(cfg, store, router, templateEngine, translator, middleware.NewChain(
middleware.NewFeverMiddleware(store).Handler, middleware.NewFeverMiddleware(store).Handler,
)) ))
uiHandler := core.NewHandler(store, router, templateEngine, translator, middleware.NewChain( uiHandler := core.NewHandler(cfg, store, router, templateEngine, translator, middleware.NewChain(
middleware.NewUserSessionMiddleware(store, router).Handler, middleware.NewUserSessionMiddleware(store, router).Handler,
middleware.NewSessionMiddleware(store).Handler, middleware.NewSessionMiddleware(cfg, store).Handler,
)) ))
router.Handle("/fever/", feverHandler.Use(feverController.Handler)) router.Handle("/fever/", feverHandler.Use(feverController.Handler))

2
server/server.go
View File

@ -38,6 +38,7 @@ func startServer(cfg *config.Config, handler *mux.Router) *http.Server {
} }
if certDomain != "" && certCache != "" { if certDomain != "" && certCache != "" {
cfg.IsHTTPS = true
server.Addr = ":https" server.Addr = ":https"
certManager := autocert.Manager{ certManager := autocert.Manager{
Cache: autocert.DirCache(certCache), Cache: autocert.DirCache(certCache),
@ -51,6 +52,7 @@ func startServer(cfg *config.Config, handler *mux.Router) *http.Server {
}() }()
} else if certFile != "" && keyFile != "" { } else if certFile != "" && keyFile != "" {
server.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12} server.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12}
cfg.IsHTTPS = true
go func() { go func() {
logger.Info(`Listening on "%s" by using certificate "%s" and key "%s"`, server.Addr, certFile, keyFile) logger.Info(`Listening on "%s" by using certificate "%s" and key "%s"`, server.Addr, certFile, keyFile)

4
server/ui/controller/login.go
View File

@ -59,7 +59,7 @@ func (c *Controller) CheckLogin(ctx *core.Context, request *core.Request, respon
logger.Info("[Controller:CheckLogin] username=%s just logged in", authForm.Username) logger.Info("[Controller:CheckLogin] username=%s just logged in", authForm.Username)
response.SetCookie(cookie.New(cookie.CookieUserSessionID, sessionToken, request.IsHTTPS())) response.SetCookie(cookie.New(cookie.CookieUserSessionID, sessionToken, c.cfg.IsHTTPS))
response.Redirect(ctx.Route("unread")) response.Redirect(ctx.Route("unread"))
} }
@ -71,6 +71,6 @@ func (c *Controller) Logout(ctx *core.Context, request *core.Request, response *
logger.Error("[Controller:Logout] %v", err) logger.Error("[Controller:Logout] %v", err)
} }
response.SetCookie(cookie.Expired(cookie.CookieUserSessionID, request.IsHTTPS())) response.SetCookie(cookie.Expired(cookie.CookieUserSessionID, c.cfg.IsHTTPS))
response.Redirect(ctx.Route("login")) response.Redirect(ctx.Route("login"))
} }

2
server/ui/controller/oauth2.go
View File

@ -118,7 +118,7 @@ func (c *Controller) OAuth2Callback(ctx *core.Context, request *core.Request, re
logger.Info("[Controller:OAuth2Callback] username=%s just logged in", user.Username) logger.Info("[Controller:OAuth2Callback] username=%s just logged in", user.Username)
response.SetCookie(cookie.New(cookie.CookieUserSessionID, sessionToken, request.IsHTTPS())) response.SetCookie(cookie.New(cookie.CookieUserSessionID, sessionToken, c.cfg.IsHTTPS))
response.Redirect(ctx.Route("unread")) response.Redirect(ctx.Route("unread"))
} }