summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTor Andersson <tor@ccxvii.net>2022-01-12 13:17:39 +0100
committerTor Andersson <tor@ccxvii.net>2022-01-12 13:52:46 +0100
commit8a76f509a89f94459d80c4e249a9b3b429e80276 (patch)
treeffa72fc576513bc0b55d1c12cf3cfb2ee8dee316
parent9a7e379d9db522091d08536270019e9ead7eb4f5 (diff)
downloadserver-8a76f509a89f94459d80c4e249a9b3b429e80276.tar.gz
Set Domain on cookie to allow www and no-www access with same login.
-rw-r--r--INSTALL.md1
-rw-r--r--server.js21
2 files changed, 15 insertions, 7 deletions
diff --git a/INSTALL.md b/INSTALL.md
index 1d1ecba..3771e27 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -38,6 +38,7 @@ Configure the server using the .env file:
NODE_ENV=production
SITE_NAME=YOUR_SITE_NAME
+SITE_HOST=YOUR_DOMAIN
SITE_URL=https://YOUR_DOMAIN
HTTP_PORT=8080
diff --git a/server.js b/server.js
index 4ee6168..d1f6ac8 100644
--- a/server.js
+++ b/server.js
@@ -14,6 +14,7 @@ require('dotenv').config();
const SITE_URL = process.env.SITE_URL || "http://localhost:8080";
const SITE_NAME = process.env.SITE_NAME || "Untitled";
+const SITE_HOST = process.env.SITE_HOST;
/*
* Main database.
@@ -34,7 +35,7 @@ function SQL(s) {
let mailer = null;
if (process.env.MAIL_HOST && process.env.MAIL_PORT && process.env.MAIL_FROM) {
- mailer = require('nodemailer').createTransport({
+ mailer = require("nodemailer").createTransport({
host: process.env.MAIL_HOST,
port: process.env.MAIL_PORT,
ignoreTLS: true
@@ -54,10 +55,16 @@ const login_sql_insert = SQL("insert into logins values (abs(random()) % (1<<48)
const login_sql_delete = SQL("delete from logins where sid = ?");
const login_sql_touch = SQL("update logins set expires = julianday() + 28 where sid = ? and expires < julianday() + 27");
+function make_cookie(sid, age) {
+ if (SITE_HOST)
+ return `login=${sid}; Path=/; Domain=${SITE_HOST}; Max-Age=${age}; HttpOnly`;
+ return `login=${sid}; Path=/; Max-Age=${age}; HttpOnly`;
+}
+
function login_cookie(req) {
let c = req.headers.cookie;
if (c) {
- let i = c.indexOf('login=');
+ let i = c.indexOf("login=");
if (i >= 0)
return parseInt(c.substring(i+6));
}
@@ -66,17 +73,17 @@ function login_cookie(req) {
function login_insert(res, user_id) {
let sid = login_sql_insert.get(user_id);
- res.setHeader('Set-Cookie', 'login=' + sid + '; Path=/; Max-Age=2419200');
+ res.setHeader("Set-Cookie", make_cookie(sid, 2419200));
}
function login_touch(res, sid) {
if (login_sql_touch.run(sid).changes === 1)
- res.setHeader('Set-Cookie', 'login=' + sid + '; Path=/; Max-Age=2419200');
+ res.setHeader("Set-Cookie", make_cookie(sid, 2419200));
}
function login_delete(res, sid) {
login_sql_delete.run(sid);
- res.setHeader('Set-Cookie', 'login=; Max-Age=0');
+ res.setHeader("Set-Cookie", make_cookie("", 0));
}
/*
@@ -85,9 +92,9 @@ function login_delete(res, sid) {
function set_static_headers(res, path) {
if (path.match(/\.(jpg|png|svg|webp|ico|woff2)/))
- res.setHeader('Cache-Control', 'max-age=86400');
+ res.setHeader("Cache-Control", "Max-Age=86400");
else
- res.setHeader('Cache-Control', 'max-age=0');
+ res.setHeader("Cache-Control", "Max-Age=0");
}
let app = express();