From a8e84be28e6977f156bf31d41d040946441c2251 Mon Sep 17 00:00:00 2001 From: Sean Morley Date: Mon, 13 Jan 2025 19:34:19 -0500 Subject: [PATCH] docs: update known issues for Redirect URI and authorization callback URL in Authentik and GitHub configurations fix: enhance session cookie deletion logic with dynamic domain handling --- .../configuration/social_auth/authentik.md | 5 ---- .../docs/configuration/social_auth/github.md | 5 ---- frontend/src/routes/+page.server.ts | 30 +++++++++++++++++-- 3 files changed, 28 insertions(+), 12 deletions(-) diff --git a/documentation/docs/configuration/social_auth/authentik.md b/documentation/docs/configuration/social_auth/authentik.md index 99cf93e..6bc62d9 100644 --- a/documentation/docs/configuration/social_auth/authentik.md +++ b/documentation/docs/configuration/social_auth/authentik.md @@ -15,11 +15,6 @@ To enable Authentik as an identity provider, the administrator must first config 1. Log in to Authentik and navigate to the `Providers` page and create a new provider. 2. Select `OAuth2/OpenID Provider` as the provider type. 3. Name it `AdventureLog` or any other name you prefer. - -::: warning -Known issue: The `Redirect URI` should use `http` even if your site uses `https`. This is a known issue with AdventureLog and will be fixed in a future release. -::: - 4. Set the `Redirect URI` of type `Regex` to `^http:///accounts/oidc/.*$` where `` is the URL of your AdventureLog Server service. 5. Copy the `Client ID` and `Client Secret` generated by Authentik, you will need these to configure AdventureLog. 6. Create an application in Authentik and assign the provider to it, name the `slug` `adventurelog` or any other name you prefer. diff --git a/documentation/docs/configuration/social_auth/github.md b/documentation/docs/configuration/social_auth/github.md index 7d3df5d..2239dc7 100644 --- a/documentation/docs/configuration/social_auth/github.md +++ b/documentation/docs/configuration/social_auth/github.md @@ -15,11 +15,6 @@ To enable GitHub as an identity provider, the administrator must first configure - Application Name: `AdventureLog` or any other name you prefer. - Homepage URL: `` where `` is the URL of your AdventureLog Frontend service. - Application Description: `AdventureLog` or any other description you prefer. - - ::: warning - Known issue: The uthorization callback URL should use `http` even if your site uses `https`. This is a known issue with AdventureLog and will be fixed in a future release. - ::: - - Authorization callback URL: `http:///accounts/github/login/callback/` where `` is the URL of your AdventureLog Backend service. - If you want the logo, you can find it [here](https://adventurelog.app/adventurelog.png). diff --git a/frontend/src/routes/+page.server.ts b/frontend/src/routes/+page.server.ts index b379a8c..2987b88 100644 --- a/frontend/src/routes/+page.server.ts +++ b/frontend/src/routes/+page.server.ts @@ -3,6 +3,7 @@ import { redirect, type Actions } from '@sveltejs/kit'; import { themes } from '$lib'; import { fetchCSRFToken } from '$lib/index.server'; import type { PageServerLoad } from './$types'; +import { log } from 'console'; const serverEndpoint = PUBLIC_SERVER_URL || 'http://localhost:8000'; @@ -41,8 +42,33 @@ export const actions: Actions = { }, credentials: 'include' }); - if (res.status == 401) { - event.cookies.delete('sessionid', { path: '/', secure: event.url.protocol === 'https:' }); + + // Determine the proper cookie domain + const hostname = event.url.hostname; + const domainParts = hostname.split('.'); + let cookieDomain: string | undefined = undefined; + + if (domainParts.length > 2) { + // For subdomains like app.mydomain.com -> .mydomain.com + cookieDomain = '.' + domainParts.slice(-2).join('.'); + } else if (domainParts.length === 2) { + // For root domains like mydomain.com -> .mydomain.com + cookieDomain = '.' + hostname; + } else { + // For localhost or single-part domains (e.g., "localhost") + cookieDomain = undefined; // Do not set the domain + } + + console.log('Deleting sessionid cookie with domain:', cookieDomain); + + // Delete the session cookie + event.cookies.delete('sessionid', { + path: '/', + secure: event.url.protocol === 'https:', + domain: cookieDomain + }); + + if (res.status === 401) { return redirect(302, '/login'); } else { return redirect(302, '/');