Docker/AdventureLog
Docker/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-07-19 12:59:36 +02:00
Code Issues Releases Activity

fix: update session cookie domain handling for IP addresses and improve frontend URL configuration

Browse source
This commit is contained in:
Sean Morley 2025-01-14 09:38:38 -05:00
parent ef44836328
commit e8f2c7ea81
3 changed files with 42 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

26
backend/server/main/settings.py
View file

@ -13,6 +13,7 @@ import os
from dotenv import load_dotenv from dotenv import load_dotenv
from os import getenv from os import getenv
from pathlib import Path from pathlib import Path
from urllib.parse import urlparse
# Load environment variables from .env file # Load environment variables from .env file
load_dotenv() load_dotenv()
@ -127,14 +128,23 @@ USE_L10N = True
USE_TZ = True USE_TZ = True
SESSION_COOKIE_SAMESITE = None FRONTEND_URL = getenv('FRONTEND_URL', 'http://localhost:3000')
SESSION_COOKIE_SECURE = getenv('FRONTEND_URL', 'http://localhost:3000').startswith('https://')
from urllib.parse import urlparse SESSION_COOKIE_SAMESITE = None
SESSION_COOKIE_SECURE = FRONTEND_URL.startswith('https')
parsed_url = urlparse(FRONTEND_URL)
hostname = parsed_url.hostname
is_ip_address = hostname.replace('.', '').isdigit()
if is_ip_address:
# Do not set a domain for IP addresses
SESSION_COOKIE_DOMAIN = None
else:
# Calculate the cookie domain for valid domain names
domain_parts = hostname.split('.')
SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) > 1 else hostname
frontend_url = getenv('FRONTEND_URL', 'http://localhost:3000')
parsed_url = urlparse(frontend_url)
domain_parts = parsed_url.hostname.split('.')
SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) > 1 else parsed_url.hostname
# Static files (CSS, JavaScript, Images) # Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.7/howto/static-files/ # https://docs.djangoproject.com/en/1.7/howto/static-files/
@ -190,8 +200,6 @@ ACCOUNT_SIGNUP_FORM_CLASS = 'users.form_overrides.CustomSignupForm'
SESSION_SAVE_EVERY_REQUEST = True SESSION_SAVE_EVERY_REQUEST = True
FRONTEND_URL = getenv('FRONTEND_URL', 'http://localhost:3000')
# Set login redirect URL to the frontend # Set login redirect URL to the frontend
LOGIN_REDIRECT_URL = FRONTEND_URL LOGIN_REDIRECT_URL = FRONTEND_URL

22
frontend/src/routes/+page.server.ts
View file

@ -46,24 +46,26 @@ export const actions: Actions = {
// Determine the proper cookie domain // Determine the proper cookie domain
const hostname = event.url.hostname; const hostname = event.url.hostname;
const domainParts = hostname.split('.'); const domainParts = hostname.split('.');
const isIPAddress = /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname);
let cookieDomain: string | undefined = undefined; let cookieDomain: string | undefined = undefined;
if (domainParts.length > 2) { if (!isIPAddress) {
// For subdomains like app.mydomain.com -> .mydomain.com // Handle domain names
cookieDomain = '.' + domainParts.slice(-2).join('.'); if (domainParts.length > 2) {
} else if (domainParts.length === 2) { // For subdomains like app.mydomain.com -> .mydomain.com
// For root domains like mydomain.com -> .mydomain.com cookieDomain = '.' + domainParts.slice(-2).join('.');
cookieDomain = '.' + hostname; } else if (domainParts.length === 2) {
} else { // For root domains like mydomain.com -> .mydomain.com
// For localhost or single-part domains (e.g., "localhost") cookieDomain = '.' + hostname;
cookieDomain = undefined; // Do not set the domain }
} }
// No domain is set for IP addresses or single-part hostnames like "localhost"
// Delete the session cookie // Delete the session cookie
event.cookies.delete('sessionid', { event.cookies.delete('sessionid', {
path: '/', path: '/',
secure: event.url.protocol === 'https:', secure: event.url.protocol === 'https:',
domain: cookieDomain domain: cookieDomain // Undefined for IP addresses, used for domain names
}); });
if (res.status === 401) { if (res.status === 401) {

23
frontend/src/routes/login/+page.server.ts
View file

@ -116,16 +116,19 @@ function handleSuccessfulLogin(event: RequestEvent, response: Response) {
const domainParts = hostname.split('.'); const domainParts = hostname.split('.');
let cookieDomain: string | undefined = undefined; let cookieDomain: string | undefined = undefined;
if (domainParts.length > 2) { // Check if hostname is an IP address
// For subdomains like app.mydomain.com -> .mydomain.com const isIPAddress = /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname);
cookieDomain = '.' + domainParts.slice(-2).join('.');
} else if (domainParts.length === 2) { if (!isIPAddress) {
// For root domains like mydomain.com -> .mydomain.com if (domainParts.length > 2) {
cookieDomain = '.' + hostname; // For subdomains like app.mydomain.com -> .mydomain.com
} else { cookieDomain = '.' + domainParts.slice(-2).join('.');
// For localhost or single-part domains (e.g., "localhost") } else if (domainParts.length === 2) {
cookieDomain = undefined; // Do not set the domain // For root domains like mydomain.com -> .mydomain.com
cookieDomain = '.' + hostname;
}
} }
// Do not set a domain for IP addresses or single-part hostnames
console.log('Setting sessionid cookie with domain:', cookieDomain); console.log('Setting sessionid cookie with domain:', cookieDomain);
@ -135,7 +138,7 @@ function handleSuccessfulLogin(event: RequestEvent, response: Response) {
sameSite: 'lax', sameSite: 'lax',
secure: event.url.protocol === 'https:', secure: event.url.protocol === 'https:',
expires: new Date(expiryString), expires: new Date(expiryString),
domain: cookieDomain // Set the domain dynamically domain: cookieDomain // Set the domain dynamically or omit if undefined
}); });
} }
} }