diff options
Diffstat (limited to 'internal/auth/auth.go')
| -rw-r--r-- | internal/auth/auth.go | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/internal/auth/auth.go b/internal/auth/auth.go index b9d224ae..5aa56ad0 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -21,6 +21,7 @@ import ( "gitlab.com/gitlab-org/gitlab-pages/internal/domain" "gitlab.com/gitlab-org/gitlab-pages/internal/httperrors" "gitlab.com/gitlab-org/gitlab-pages/internal/httptransport" + "gitlab.com/gitlab-org/gitlab-pages/internal/request" "golang.org/x/crypto/hkdf" ) @@ -33,6 +34,7 @@ const ( tokenContentTemplate = "client_id=%s&client_secret=%s&code=%s&grant_type=authorization_code&redirect_uri=%s" callbackPath = "/auth" authorizeProxyTemplate = "%s?domain=%s&state=%s" + authSessionMaxAge = 60 * 10 // 10 minutes ) // Auth handles authenticating users with GitLab API @@ -63,10 +65,10 @@ func (a *Auth) getSessionFromStore(r *http.Request) (*sessions.Session, error) { if session != nil { // Cookie just for this domain - session.Options = &sessions.Options{ - Path: "/", - HttpOnly: true, - } + session.Options.Path = "/" + session.Options.HttpOnly = true + session.Options.Secure = request.IsHTTPS(r) + session.Options.MaxAge = authSessionMaxAge } return session, err @@ -261,14 +263,14 @@ func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWrit } func getRequestAddress(r *http.Request) string { - if r.TLS != nil { + if request.IsHTTPS(r) { return "https://" + r.Host + r.RequestURI } return "http://" + r.Host + r.RequestURI } func getRequestDomain(r *http.Request) string { - if r.TLS != nil { + if request.IsHTTPS(r) { return "https://" + r.Host } return "http://" + r.Host @@ -545,7 +547,6 @@ func createCookieStore(storeSecret string) sessions.Store { // New when authentication supported this will be used to create authentication handler func New(pagesDomain string, storeSecret string, clientID string, clientSecret string, redirectURI string, gitLabServer string) *Auth { - return &Auth{ pagesDomain: pagesDomain, clientID: clientID, |