Include port number in token

2025-08-03 11:25:29 -04:00 · 2020-06-01 13:50:51 +00:00 · 2020-06-01 13:50:51 +00:00 · e214e00dfb
commit e214e00dfb
parent 9b5aea223d
3 changed files with 13 additions and 5 deletions
--- a/src/handlers/auth_handler.cr
+++ b/src/handlers/auth_handler.cr
@ -9,7 +9,9 @@ class AuthHandler < Kemal::Handler
  def call(env)
    return call_next(env) if request_path_startswith env, ["/login", "/logout"]

-    cookie = env.request.cookies.find { |c| c.name == "token" }
+    cookie = env.request.cookies.find do |c|
+      c.name == "token-#{Config.current.port}"
+    end
    if cookie.nil? || !@storage.verify_token cookie.value
      return redirect env, "/login"
    end
--- a/src/routes/main.cr
+++ b/src/routes/main.cr
@ -9,7 +9,9 @@ class MainRouter < Router

    get "/logout" do |env|
      begin
-        cookie = env.request.cookies.find { |c| c.name == "token" }.not_nil!
+        cookie = env.request.cookies.find do |c|
+          c.name == "token-#{Config.current.port}"
+        end.not_nil!
        @context.storage.logout cookie.value
      rescue e
        @context.error "Error when attempting to log out: #{e}"
@ -24,7 +26,7 @@ class MainRouter < Router
        password = env.params.body["password"]
        token = @context.storage.verify_user(username, password).not_nil!

-        cookie = HTTP::Cookie.new "token", token
+        cookie = HTTP::Cookie.new "token-#{Config.current.port}", token
        cookie.path = Config.current.base_url
        cookie.expires = Time.local.shift years: 1
        env.response.cookies << cookie
--- a/src/util.cr
+++ b/src/util.cr
@ -6,7 +6,9 @@ UPLOAD_URL_PREFIX = "/uploads"
 macro layout(name)
  base_url = Config.current.base_url
  begin
-    cookie = env.request.cookies.find { |c| c.name == "token" }
+    cookie = env.request.cookies.find do |c|
+      c.name == "token-#{Config.current.port}"
+    end
    is_admin = false
    unless cookie.nil?
      is_admin = @context.storage.verify_admin cookie.value
@ -26,7 +28,9 @@ end
 macro get_username(env)
  # if the request gets here, it has gone through the auth handler, and
  #   we can be sure that a valid token exists, so we can use not_nil! here
-  cookie = {{env}}.request.cookies.find { |c| c.name == "token" }.not_nil!
+  cookie = {{env}}.request.cookies.find do |c|
+    c.name == "token-#{Config.current.port}"
+  end.not_nil!
  (@context.storage.verify_token cookie.value).not_nil!
 end