X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=lib%2Fsession-manager.js;h=2d3d96cd10706e07512ee3d908a6d849adb829b5;hb=refs%2Fheads%2Fmaster;hp=7b33d8600b986cde34eab5dcf87a7a37b9aae150;hpb=9c8e775e5ab96a1788f535760bfa72205c430d15;p=squeep-authentication-module diff --git a/lib/session-manager.js b/lib/session-manager.js index 7b33d86..4635547 100644 --- a/lib/session-manager.js +++ b/lib/session-manager.js @@ -8,7 +8,7 @@ const { Communication: IndieAuthCommunication } = require('@squeep/indieauth-helper'); const { MysteryBox } = require('@squeep/mystery-box'); const { TOTP } = require('@squeep/totp'); -const { randomUUID } = require('crypto'); +const { randomUUID } = require('node:crypto'); const common = require('./common'); const Enum = require('./enum'); const Template = require('./template'); @@ -35,6 +35,7 @@ class SessionManager { * @param {string[]} options.authenticator.authnEnabled authentication methods enabled * @param {number=} options.authenticator.inactiveSessionLifespanSeconds session timeout * @param {boolean} options.authenticator.secureAuthOnly allow only https + * @param {string=} options.authenticator.sessionCookieSameSite sameSite setting for session cookie, default Lax * @param {object=} options.dingus dingus options * @param {string=} options.dingus.proxyPrefix prefix on route paths * @param {string} options.dingus.selfBaseUrl base url @@ -47,6 +48,8 @@ class SessionManager { this.db = authenticator.db; // TODO: take db arg in next major version bump this.options = options; this.proxyPrefix = options.dingus?.proxyPrefix ?? ''; + this.secureAuthOnly = options.authenticator.secureAuthOnly ?? true; + this.sameSite = options.authenticator.sessionCookieSameSite || 'Lax'; this.indieAuthCommunication = new IndieAuthCommunication(logger, options); this.mysteryBox = new MysteryBox(options); this.mysteryBox.on('statistics', common.mysteryBoxLogger(logger, _fileScope(this.constructor.name))); @@ -67,8 +70,8 @@ class SessionManager { const secureSession = session && await this.mysteryBox.pack(session) || '""'; common.addCookie(res, cookieName, secureSession, { httpOnly: true, - sameSite: 'Lax', - secure: this.options.authenticator.secureAuthOnly, + sameSite: this.sameSite, + secure: this.secureAuthOnly, maxAge: session && maxAge || 0, path, }); @@ -229,6 +232,7 @@ class SessionManager { } await this._sessionCookieSet(res, session); + res.setHeader(Enum.Header.SetLogin, Enum.LoginState.LoggedIn); res.setHeader(Enum.Header.Location, authorizationEndpoint.href); res.statusCode = 302; // Found res.end(); @@ -318,6 +322,7 @@ class SessionManager { authenticatedIdentifier: state.authenticatedIdentifier, }; await this._sessionCookieSet(res, ctx.session); + res.setHeader(Enum.Header.SetLogin, Enum.LoginState.LoggedIn); res.statusCode = 302; res.setHeader(Enum.Header.Location, state.redirect); res.end(); @@ -397,6 +402,7 @@ class SessionManager { authenticatedIdentifier: ctx.authenticationId, }; await this._sessionCookieSet(res, ctx.session); + res.setHeader(Enum.Header.SetLogin, Enum.LoginState.LoggedIn); res.statusCode = 302; res.setHeader(Enum.Header.Location, redirect); res.end(); @@ -415,6 +421,7 @@ class SessionManager { this.logger.debug(_scope, 'called', { ctx }); await this._sessionCookieClear(res); + res.setHeader(Enum.Header.SetLogin, Enum.LoginState.LoggedOut); const redirect = ctx.queryParams['r'] || './'; @@ -536,6 +543,7 @@ class SessionManager { }; await this._sessionCookieSet(res, ctx.session); + res.setHeader(Enum.Header.SetLogin, Enum.LoginState.LoggedIn); res.statusCode = 302; res.setHeader(Enum.Header.Location, redirect); res.end(); @@ -604,7 +612,7 @@ class SessionManager { await this._otpDisable(dbCtx, ctx, authData); return; - case 'confirm': + case 'confirm': await this._otpConfirm(dbCtx, ctx); return;