james/yarr
4
0
Fork 0
mirror of https://github.com/nkanaev/yarr.git synced 2025-10-13 23:39:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

auth cookie directives

Browse Source
This commit is contained in:
nkanaev
2025-09-23 17:24:22 +01:00
parent ebe7b130b8
commit b7895f6743
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
doc/changelog.md
View File

@@ -2,6 +2,7 @@
- (new) serve on unix socket (thanks to @rvighne) - (new) serve on unix socket (thanks to @rvighne)
- (fix) smooth scrolling on iOS (thanks to gatheraled) - (fix) smooth scrolling on iOS (thanks to gatheraled)
- (etc) cookie security measures (thanks to Tom Fitzhenry)
# v2.5 (2025-03-26) # v2.5 (2025-03-26)

5
src/server/auth/auth.go
View File

@@ -7,7 +7,6 @@ import (
"encoding/hex" "encoding/hex"
"net/http" "net/http"
"strings" "strings"
"time"
) )
func IsAuthenticated(req *http.Request, username, password string) bool { func IsAuthenticated(req *http.Request, username, password string) bool {
@@ -26,8 +25,10 @@ func Authenticate(rw http.ResponseWriter, username, password, basepath string) {
http.SetCookie(rw, &http.Cookie{ http.SetCookie(rw, &http.Cookie{
Name: "auth", Name: "auth",
Value: username + ":" + secret(username, password), Value: username + ":" + secret(username, password),
Expires: time.Now().Add(time.Hour * 24 * 7), // 1 week, MaxAge: 604800, // 1 week
Path: basepath, Path: basepath,
Secure: true,
SameSite: http.SameSiteLaxMode,
}) })
} }