gh_mirrors/1Panel
1
0
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2025-01-19 08:19:15 +08:00
Code

fix: Cookie 启用 httponly (#3941)

Browse Source
This commit is contained in:
ssongliu 2024-02-21 19:06:28 +08:00 committed by GitHub
parent 2475c82a63
commit 50a83e7e11
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
backend/app/service/auth.go
View File

@ -133,7 +133,7 @@ func (u *AuthService) generateSession(c *gin.Context, name, authMethod string) (
sessionUser, err := global.SESSION.Get(sID) sessionUser, err := global.SESSION.Get(sID)
if err != nil { if err != nil {
sID = uuid.New().String() sID = uuid.New().String()
c.SetCookie(constant.SessionName, sID, 0, "", "", httpsSetting.Value == "enable", false) c.SetCookie(constant.SessionName, sID, 0, "", "", httpsSetting.Value == "enable", true)
err := global.SESSION.Set(sID, sessionUser, lifeTime) err := global.SESSION.Set(sID, sessionUser, lifeTime)
if err != nil { if err != nil {
return nil, err return nil, err
@ -154,7 +154,7 @@ func (u *AuthService) LogOut(c *gin.Context) error {
} }
sID, _ := c.Cookie(constant.SessionName) sID, _ := c.Cookie(constant.SessionName)
if sID != "" { if sID != "" {
c.SetCookie(constant.SessionName, sID, -1, "", "", httpsSetting.Value == "enable", false) c.SetCookie(constant.SessionName, sID, -1, "", "", httpsSetting.Value == "enable", true)
err := global.SESSION.Delete(sID) err := global.SESSION.Delete(sID)
if err != nil { if err != nil {
return err return err

4
backend/app/service/setting.go
View File

@ -199,7 +199,7 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
_ = os.Remove(path.Join(secretDir, "server.crt")) _ = os.Remove(path.Join(secretDir, "server.crt"))
_ = os.Remove(path.Join(secretDir, "server.key")) _ = os.Remove(path.Join(secretDir, "server.key"))
sID, _ := c.Cookie(constant.SessionName) sID, _ := c.Cookie(constant.SessionName)
c.SetCookie(constant.SessionName, sID, 0, "", "", false, false) c.SetCookie(constant.SessionName, sID, 0, "", "", false, true)
go func() { go func() {
_, err := cmd.Exec("systemctl restart 1panel.service") _, err := cmd.Exec("systemctl restart 1panel.service")
@ -294,7 +294,7 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
} }
sID, _ := c.Cookie(constant.SessionName) sID, _ := c.Cookie(constant.SessionName)
c.SetCookie(constant.SessionName, sID, 0, "", "", true, false) c.SetCookie(constant.SessionName, sID, 0, "", "", true, true)
go func() { go func() {
time.Sleep(1 * time.Second) time.Sleep(1 * time.Second)
_, err := cmd.Exec("systemctl restart 1panel.service") _, err := cmd.Exec("systemctl restart 1panel.service")