Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix: 解决登录之后 cookie 没有刷新的漏洞
  • Loading branch information
zhengkunwang223 committed Jan 11, 2023
1 parent 0c6774b commit 1e9c550
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 11 deletions.
4 changes: 2 additions & 2 deletions internal/api/v1/session/profile.go
Expand Up @@ -7,7 +7,7 @@ import (
"github.com/kataras/iris/v12/context"
)

func (h Handler) UpdateProfile() iris.Handler {
func (h *Handler) UpdateProfile() iris.Handler {
return func(ctx *context.Context) {
var req ProfileSetter
if err := ctx.ReadJSON(&req); err != nil {
Expand Down Expand Up @@ -50,7 +50,7 @@ func (h Handler) UpdateProfile() iris.Handler {
ctx.Values().Set("data", "ok")
}
}
func (h Handler) UpdatePassword() iris.Handler {
func (h *Handler) UpdatePassword() iris.Handler {
return func(ctx *context.Context) {
var pass PasswordSetter
if err := ctx.ReadJSON(&pass); err != nil {
Expand Down
15 changes: 8 additions & 7 deletions internal/api/v1/session/session.go
Expand Up @@ -76,11 +76,6 @@ func (h *Handler) IsLogin() iris.Handler {
return
}
} else {
if err := session.Man.ShiftExpiration(ctx); err != nil {
ctx.StatusCode(iris.StatusInternalServerError)
ctx.Values().Set("message", fmt.Errorf("shift expiration falied, err: %v", err))
return
}
ctx.StatusCode(iris.StatusOK)
ctx.Values().Set("data", loginUser != nil)
}
Expand Down Expand Up @@ -167,8 +162,14 @@ func (h *Handler) Login() iris.Handler {
ctx.Values().Set("token", token)
return
default:
session := server.SessionMgr.Start(ctx)
session.Set("profile", profile)
sId := ctx.GetCookie(server.SessionCookieName)
if sId != "" {
ctx.RemoveCookie(server.SessionCookieName)
ctx.Request().Header.Del("Cookie")
}
sess := server.SessionMgr.Start(ctx)
ctx.SetCookieKV(server.SessionCookieName, sess.ID())
sess.Set("profile", profile)
}

ctx.StatusCode(iris.StatusOK)
Expand Down
4 changes: 2 additions & 2 deletions internal/server/server.go
Expand Up @@ -31,7 +31,7 @@ import (
"github.com/sirupsen/logrus"
)

const sessionCookieName = "SESS_COOKIE_KUBEPI"
const SessionCookieName = "SESS_COOKIE_KUBEPI"

var SessionMgr *sessions.Sessions

Expand Down Expand Up @@ -149,7 +149,7 @@ func (e *KubePiServer) setUpStaticFile() {
}

func (e *KubePiServer) setUpSession() {
SessionMgr = sessions.New(sessions.Config{Cookie: sessionCookieName, AllowReclaim: true, Expires: time.Duration(e.config.Spec.Session.Expires) * time.Hour})
SessionMgr = sessions.New(sessions.Config{Cookie: SessionCookieName, AllowReclaim: true, Expires: time.Duration(e.config.Spec.Session.Expires) * time.Hour})
e.rootRoute.Use(SessionMgr.Handler())
}

Expand Down

0 comments on commit 1e9c550

Please sign in to comment.