fix set-cookie string (#3)

dadleyy · Dec 11, 2021 · 6f88993 · 6f88993
1 parent 9e6c8aa
commit 6f88993
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 17 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/workspace/bankah/Cargo.toml b/workspace/bankah/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "bankah"
-version = "0.3.0"
+version = "0.3.1"
 edition = "2018"
 
 [dependencies]

diff --git a/workspace/stickbot/Cargo.toml b/workspace/stickbot/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "stickbot"
-version = "0.3.0"
+version = "0.3.1"
 edition = "2018"
 
 [lib]

diff --git a/workspace/stickbot/src/routes/auth.rs b/workspace/stickbot/src/routes/auth.rs
@@ -6,7 +6,12 @@ use crate::constants;
 use crate::db;
 use crate::web::{cookie as get_cookie, Body, Error, Redirect, Request, Response, Result, Url};
 
-const COOKIE_FLAGS: &'static str = "Max-Age: 600; Path=/; SameSite=Strict; HttpOnly";
+#[cfg(debug_assertions)]
+const COOKIE_SET_FLAGS: &'static str = "Max-Age=600; Path=/; SameSite=Strict; HttpOnly";
+
+#[cfg(not(debug_assertions))]
+const COOKIE_SET_FLAGS: &'static str = "Max-Age=600; Path=/; SameSite=Strict; HttpOnly; Secure";
+
 const COOKIE_CLEAR_FLAGS: &'static str = "Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/; SameSite=Strict; HttpOnly";
 
 #[derive(Debug, Deserialize, Serialize, Clone)]
@@ -186,16 +191,6 @@ pub async fn complete(request: Request) -> Result {
 
   let jwt = auth::Claims::for_player(&user.sub, &player.id.to_string()).encode()?;
 
-  // With our player created, we're ready to store the token in our session and move along.
-  let cookie = format!("{}={}; {}", constants::STICKBOT_COOKIE_NAME, jwt, COOKIE_FLAGS);
-
-  let destination = std::env::var(constants::STICKBOT_ONCORE_URL_ENV)
-    .ok()
-    .unwrap_or_else(|| {
-      log::warn!("missing stickbot oncore url environment variable");
-      "/auth/identify".into()
-    });
-
   let cmd = kramer::Command::Hashes(kramer::HashCommand::Set(
     constants::STICKBOT_SESSION_STORE,
     kramer::Arity::One((&jwt, player.id.to_string())),
@@ -207,6 +202,17 @@ pub async fn complete(request: Request) -> Result {
     error
   })?;
 
+  // With our player created, we're ready to store the token in our session and move along.
+  let cookie = format!("{}={}; {}", constants::STICKBOT_COOKIE_NAME, jwt, COOKIE_SET_FLAGS);
+  log::debug!("cookie string - '{}'", cookie);
+
+  let destination = std::env::var(constants::STICKBOT_ONCORE_URL_ENV)
+    .ok()
+    .unwrap_or_else(|| {
+      log::warn!("missing stickbot oncore url environment variable");
+      "/auth/identify".into()
+    });
+
   // TODO - determine where to send the user. Once the web UI is created, we will send the user to some login page
   // where an attempt will be made to fetch identity information using the newly-set cookie.
   let response = Response::builder(302)

diff --git a/workspace/twowaiyo/Cargo.toml b/workspace/twowaiyo/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "twowaiyo"
-version = "0.3.0"
+version = "0.3.1"
 edition = "2018"
 
 [lib]