From e214e00dfb2e13bc1be9300f08ac819bd37f3fa9 Mon Sep 17 00:00:00 2001
From: Alex Ling <hkalexling@gmail.com>
Date: Mon, 1 Jun 2020 13:50:51 +0000
Subject: [PATCH] Include port number in token

---
 src/handlers/auth_handler.cr | 4 +++-
 src/routes/main.cr           | 6 ++++--
 src/util.cr                  | 8 ++++++--
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/handlers/auth_handler.cr b/src/handlers/auth_handler.cr
index afa17df..a64c83d 100644
--- a/src/handlers/auth_handler.cr
+++ b/src/handlers/auth_handler.cr
@@ -9,7 +9,9 @@ class AuthHandler < Kemal::Handler
   def call(env)
     return call_next(env) if request_path_startswith env, ["/login", "/logout"]
 
-    cookie = env.request.cookies.find { |c| c.name == "token" }
+    cookie = env.request.cookies.find do |c|
+      c.name == "token-#{Config.current.port}"
+    end
     if cookie.nil? || !@storage.verify_token cookie.value
       return redirect env, "/login"
     end
diff --git a/src/routes/main.cr b/src/routes/main.cr
index 7b05fd1..3dc4b40 100644
--- a/src/routes/main.cr
+++ b/src/routes/main.cr
@@ -9,7 +9,9 @@ class MainRouter < Router
 
     get "/logout" do |env|
       begin
-        cookie = env.request.cookies.find { |c| c.name == "token" }.not_nil!
+        cookie = env.request.cookies.find do |c|
+          c.name == "token-#{Config.current.port}"
+        end.not_nil!
         @context.storage.logout cookie.value
       rescue e
         @context.error "Error when attempting to log out: #{e}"
@@ -24,7 +26,7 @@ class MainRouter < Router
         password = env.params.body["password"]
         token = @context.storage.verify_user(username, password).not_nil!
 
-        cookie = HTTP::Cookie.new "token", token
+        cookie = HTTP::Cookie.new "token-#{Config.current.port}", token
         cookie.path = Config.current.base_url
         cookie.expires = Time.local.shift years: 1
         env.response.cookies << cookie
diff --git a/src/util.cr b/src/util.cr
index 36a7791..5146fde 100644
--- a/src/util.cr
+++ b/src/util.cr
@@ -6,7 +6,9 @@ UPLOAD_URL_PREFIX = "/uploads"
 macro layout(name)
   base_url = Config.current.base_url
   begin
-    cookie = env.request.cookies.find { |c| c.name == "token" }
+    cookie = env.request.cookies.find do |c|
+      c.name == "token-#{Config.current.port}"
+    end
     is_admin = false
     unless cookie.nil?
       is_admin = @context.storage.verify_admin cookie.value
@@ -26,7 +28,9 @@ end
 macro get_username(env)
   # if the request gets here, it has gone through the auth handler, and
   #   we can be sure that a valid token exists, so we can use not_nil! here
-  cookie = {{env}}.request.cookies.find { |c| c.name == "token" }.not_nil!
+  cookie = {{env}}.request.cookies.find do |c|
+    c.name == "token-#{Config.current.port}"
+  end.not_nil!
   (@context.storage.verify_token cookie.value).not_nil!
 end