mirror of
https://github.com/seanmorley15/AdventureLog.git
synced 2025-07-18 20:39:36 +02:00
fix: update session cookie domain handling for IP addresses and improve frontend URL configuration
This commit is contained in:
Sean Morley
parent
ef44836328
commit
e8f2c7ea81
3 changed files with 42 additions and 29 deletions
|
|
@ -13,6 +13,7 @@ import os
|
|||
from dotenv import load_dotenv
|
||||
from os import getenv
|
||||
from pathlib import Path
|
||||
from urllib.parse import urlparse
|
||||
# Load environment variables from .env file
|
||||
load_dotenv()
|
||||
|
||||
|
|
@ -127,14 +128,23 @@ USE_L10N = True
|
|||
|
||||
USE_TZ = True
|
||||
|
||||
SESSION_COOKIE_SAMESITE = None
|
||||
SESSION_COOKIE_SECURE = getenv('FRONTEND_URL', 'http://localhost:3000').startswith('https://')
|
||||
from urllib.parse import urlparse
|
||||
FRONTEND_URL = getenv('FRONTEND_URL', 'http://localhost:3000')
|
||||
|
||||
SESSION_COOKIE_SAMESITE = None
|
||||
|
||||
SESSION_COOKIE_SECURE = FRONTEND_URL.startswith('https')
|
||||
|
||||
parsed_url = urlparse(FRONTEND_URL)
|
||||
hostname = parsed_url.hostname
|
||||
is_ip_address = hostname.replace('.', '').isdigit()
|
||||
if is_ip_address:
|
||||
# Do not set a domain for IP addresses
|
||||
SESSION_COOKIE_DOMAIN = None
|
||||
else:
|
||||
# Calculate the cookie domain for valid domain names
|
||||
domain_parts = hostname.split('.')
|
||||
SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) > 1 else hostname
|
||||
|
||||
frontend_url = getenv('FRONTEND_URL', 'http://localhost:3000')
|
||||
parsed_url = urlparse(frontend_url)
|
||||
domain_parts = parsed_url.hostname.split('.')
|
||||
SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) > 1 else parsed_url.hostname
|
||||
|
||||
# Static files (CSS, JavaScript, Images)
|
||||
# https://docs.djangoproject.com/en/1.7/howto/static-files/
|
||||
|
|
@ -190,8 +200,6 @@ ACCOUNT_SIGNUP_FORM_CLASS = 'users.form_overrides.CustomSignupForm'
|
|||
|
||||
SESSION_SAVE_EVERY_REQUEST = True
|
||||
|
||||
FRONTEND_URL = getenv('FRONTEND_URL', 'http://localhost:3000')
|
||||
|
||||
# Set login redirect URL to the frontend
|
||||
LOGIN_REDIRECT_URL = FRONTEND_URL
|
||||
|
||||
|
|
|
|||
|
|
@ -46,24 +46,26 @@ export const actions: Actions = {
|
|||
// Determine the proper cookie domain
|
||||
const hostname = event.url.hostname;
|
||||
const domainParts = hostname.split('.');
|
||||
const isIPAddress = /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname);
|
||||
let cookieDomain: string | undefined = undefined;
|
||||
|
||||
if (domainParts.length > 2) {
|
||||
// For subdomains like app.mydomain.com -> .mydomain.com
|
||||
cookieDomain = '.' + domainParts.slice(-2).join('.');
|
||||
} else if (domainParts.length === 2) {
|
||||
// For root domains like mydomain.com -> .mydomain.com
|
||||
cookieDomain = '.' + hostname;
|
||||
} else {
|
||||
// For localhost or single-part domains (e.g., "localhost")
|
||||
cookieDomain = undefined; // Do not set the domain
|
||||
if (!isIPAddress) {
|
||||
// Handle domain names
|
||||
if (domainParts.length > 2) {
|
||||
// For subdomains like app.mydomain.com -> .mydomain.com
|
||||
cookieDomain = '.' + domainParts.slice(-2).join('.');
|
||||
} else if (domainParts.length === 2) {
|
||||
// For root domains like mydomain.com -> .mydomain.com
|
||||
cookieDomain = '.' + hostname;
|
||||
}
|
||||
}
|
||||
// No domain is set for IP addresses or single-part hostnames like "localhost"
|
||||
|
||||
// Delete the session cookie
|
||||
event.cookies.delete('sessionid', {
|
||||
path: '/',
|
||||
secure: event.url.protocol === 'https:',
|
||||
domain: cookieDomain
|
||||
domain: cookieDomain // Undefined for IP addresses, used for domain names
|
||||
});
|
||||
|
||||
if (res.status === 401) {
|
||||
|
|
|
|||
|
|
@ -116,16 +116,19 @@ function handleSuccessfulLogin(event: RequestEvent, response: Response) {
|
|||
const domainParts = hostname.split('.');
|
||||
let cookieDomain: string | undefined = undefined;
|
||||
|
||||
if (domainParts.length > 2) {
|
||||
// For subdomains like app.mydomain.com -> .mydomain.com
|
||||
cookieDomain = '.' + domainParts.slice(-2).join('.');
|
||||
} else if (domainParts.length === 2) {
|
||||
// For root domains like mydomain.com -> .mydomain.com
|
||||
cookieDomain = '.' + hostname;
|
||||
} else {
|
||||
// For localhost or single-part domains (e.g., "localhost")
|
||||
cookieDomain = undefined; // Do not set the domain
|
||||
// Check if hostname is an IP address
|
||||
const isIPAddress = /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname);
|
||||
|
||||
if (!isIPAddress) {
|
||||
if (domainParts.length > 2) {
|
||||
// For subdomains like app.mydomain.com -> .mydomain.com
|
||||
cookieDomain = '.' + domainParts.slice(-2).join('.');
|
||||
} else if (domainParts.length === 2) {
|
||||
// For root domains like mydomain.com -> .mydomain.com
|
||||
cookieDomain = '.' + hostname;
|
||||
}
|
||||
}
|
||||
// Do not set a domain for IP addresses or single-part hostnames
|
||||
|
||||
console.log('Setting sessionid cookie with domain:', cookieDomain);
|
||||
|
||||
|
|
@ -135,7 +138,7 @@ function handleSuccessfulLogin(event: RequestEvent, response: Response) {
|
|||
sameSite: 'lax',
|
||||
secure: event.url.protocol === 'https:',
|
||||
expires: new Date(expiryString),
|
||||
domain: cookieDomain // Set the domain dynamically
|
||||
domain: cookieDomain // Set the domain dynamically or omit if undefined
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue