support setting uc openapi session (#6347)

erda-project · May 15, 2024 · d3625c4 · d3625c4
1 parent 026f7c0
commit d3625c4
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 10 deletions.
diff --git a/cmd/erda-server/bootstrap.yaml b/cmd/erda-server/bootstrap.yaml
@@ -169,6 +169,8 @@ openapi-auth-uc:
   uc_redirect_addrs: "${SELF_PUBLIC_ADDR}"
   session_cookie_name: "${SESSION_COOKIE_NAME:OPENAPISESSION}"
   session_cookie_domain: "${COOKIE_DOMAIN}"
+  cookie_max_age: "${UC_COOKIE_MAX_AGE:7d}"
+  cookie_same_site: "${UC_COOKIE_SAME_SITE:2}"
 openapi-auth-password:
   _enable: ${UC_ENABLED:true}
   weight: 50

diff --git a/internal/core/openapi/openapi-ng/auth/uc-session/login.go b/internal/core/openapi/openapi-ng/auth/uc-session/login.go
@@ -65,14 +65,19 @@ func (p *provider) LoginCallback(rw http.ResponseWriter, r *http.Request) {
 		http.Error(rw, err.Error(), http.StatusUnauthorized)
 		return
 	}
-
-	http.SetCookie(rw, &http.Cookie{
+	cookie := &http.Cookie{
 		Name:     p.Cfg.SessionCookieName,
 		Value:    sessionID,
 		Domain:   p.getSessionDomain(r.Host),
 		HttpOnly: true,
 		Secure:   scheme == "https",
-	})
+		SameSite: http.SameSite(p.Cfg.CookieSameSite),
+	}
+	if p.Cfg.CookieMaxAge > 0 {
+		cookie.Expires = time.Now().Add(p.Cfg.CookieMaxAge)
+	}
+
+	http.SetCookie(rw, cookie)
 	http.Redirect(rw, r, referer, http.StatusFound)
 }
 

diff --git a/internal/core/openapi/openapi-ng/auth/uc-session/provider.go b/internal/core/openapi/openapi-ng/auth/uc-session/provider.go
@@ -18,6 +18,7 @@ import (
 	"fmt"
 	"net/http"
 	"strings"
+	"time"
 
 	"github.com/go-redis/redis"
 
@@ -29,13 +30,16 @@ import (
 )
 
 type config struct {
-	Weight               int64    `file:"weight" default:"100"`
-	RedirectAfterLogin   string   `file:"redirect_after_login"`
-	ClientID             string   `file:"client_id"`
-	UCAddr               string   `file:"uc_addr"`
-	UCRedirectAddrs      []string `file:"uc_redirect_addrs"`
-	SessionCookieName    string   `file:"session_cookie_name"`
-	SessionCookieDomains []string `file:"session_cookie_domain"`
+	Weight               int64         `file:"weight" default:"100"`
+	RedirectAfterLogin   string        `file:"redirect_after_login"`
+	ClientID             string        `file:"client_id"`
+	UCAddr               string        `file:"uc_addr"`
+	UCRedirectAddrs      []string      `file:"uc_redirect_addrs"`
+	SessionCookieName    string        `file:"session_cookie_name"`
+	SessionCookieDomains []string      `file:"session_cookie_domain"`
+	CookieMaxAge         time.Duration `file:"cookie_max_age" default:"24h" desc:"max age of the cookie. optional."`
+	// CookieSameSite default set to 2, which is `lax`, more options see https://github.com/golang/go/blob/619b419a4b1506bde1aa7e833898f2f67fd0e83e/src/net/http/cookie.go#L52-L57
+	CookieSameSite int `file:"cookie_same_site" default:"2" desc:"indicates if cookie is SameSite. optional."`
 }
 
 // +provider