botris.social/femto-backend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

secure cookies fix

Browse source
This commit is contained in:
john 2025-05-20 11:02:54 +02:00
parent 6dfa49bd01
commit 88b8aa7429
4 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Femto.Api/Auth/CookieSettings.cs
View file

@ -2,6 +2,5 @@ namespace Femto.Api.Auth;
public class CookieSettings public class CookieSettings
{ {
public bool SameSite { get; set; }
public bool Secure { get; set; } public bool Secure { get; set; }
} }

2
Femto.Api/Auth/SessionAuthenticationHandler.cs
View file

@ -44,7 +44,7 @@ internal class SessionAuthenticationHandler(
var identity = new ClaimsIdentity(claims, this.Scheme.Name); var identity = new ClaimsIdentity(claims, this.Scheme.Name);
var principal = new ClaimsPrincipal(identity); var principal = new ClaimsPrincipal(identity);
this.Context.SetSession(result.Session, result.User, cookieOptions.Value); this.Context.SetSession(result.Session, result.User);
currentUserContext.CurrentUser = new CurrentUser( currentUserContext.CurrentUser = new CurrentUser(
result.User.Id, result.User.Id,
result.User.Username, result.User.Username,

4
Femto.Api/Controllers/Auth/AuthController.cs
View file

@ -28,7 +28,7 @@ public class AuthController(
{ {
var result = await authModule.Command(new LoginCommand(request.Username, request.Password)); var result = await authModule.Command(new LoginCommand(request.Username, request.Password));
HttpContext.SetSession(result.Session, result.User, cookieSettings.Value); HttpContext.SetSession(result.Session, result.User);
return new LoginResponse( return new LoginResponse(
result.User.Id, result.User.Id,
@ -44,7 +44,7 @@ public class AuthController(
new RegisterCommand(request.Username, request.Password, request.SignupCode) new RegisterCommand(request.Username, request.Password, request.SignupCode)
); );
HttpContext.SetSession(result.Session, result.User, cookieSettings.Value); HttpContext.SetSession(result.Session, result.User);
return new RegisterResponse( return new RegisterResponse(
result.User.Id, result.User.Id,

13
Femto.Api/Sessions/HttpContextSessionExtensions.cs
View file

@ -2,6 +2,7 @@ using System.Text.Json;
using System.Text.Json.Serialization; using System.Text.Json.Serialization;
using Femto.Api.Auth; using Femto.Api.Auth;
using Femto.Modules.Auth.Application.Dto; using Femto.Modules.Auth.Application.Dto;
using Microsoft.Extensions.Options;
namespace Femto.Api.Sessions; namespace Femto.Api.Sessions;
@ -10,12 +11,12 @@ internal static class HttpContextSessionExtensions
public static void SetSession( public static void SetSession(
this HttpContext httpContext, this HttpContext httpContext,
Session session, Session session,
UserInfo user, UserInfo user
CookieSettings cookieSettings
) )
{ {
var secure = cookieSettings.Secure; var cookieSettings = httpContext.RequestServices.GetService<IOptions<CookieSettings>>();
var sameSite = cookieSettings.SameSite ? SameSiteMode.Strict : SameSiteMode.Unspecified; var secure = cookieSettings?.Value.Secure ?? true;
var sameSite = secure ? SameSiteMode.None : SameSiteMode.Unspecified;
var expires = session.Expires; var expires = session.Expires;
httpContext.Response.Cookies.Append( httpContext.Response.Cookies.Append(
@ -42,8 +43,8 @@ internal static class HttpContextSessionExtensions
), ),
new CookieOptions new CookieOptions
{ {
Secure = cookieSettings.Secure, Secure = secure,
SameSite = cookieSettings.SameSite ? SameSiteMode.Strict : SameSiteMode.Unspecified, SameSite = sameSite,
Expires = session.Expires, Expires = session.Expires,
} }
); );