Include port number in token

2025-08-05 12:25:32 -04:00 · 2020-06-01 13:50:51 +00:00 · 2020-06-01 13:50:51 +00:00 · e214e00dfb
commit e214e00dfb
parent 9b5aea223d
3 changed files with 13 additions and 5 deletions
--- a/src/handlers/auth_handler.cr
+++ b/src/handlers/auth_handler.cr
@ -9,7 +9,9 @@ class AuthHandler < Kemal::Handler
  def call(env)
    return call_next(env) if request_path_startswith env, ["/login", "/logout"]
-    cookie = env.request.cookies.find { |c| c.name == "token" }
+    cookie = env.request.cookies.find do |c|
      c.name == "token-#{Config.current.port}"
    end
    if cookie.nil? || !@storage.verify_token cookie.value
      return redirect env, "/login"
    end
--- a/src/routes/main.cr
+++ b/src/routes/main.cr
@ -9,7 +9,9 @@ class MainRouter < Router
    get "/logout" do |env|
      begin
-        cookie = env.request.cookies.find { |c| c.name == "token" }.not_nil!
+        cookie = env.request.cookies.find do |c|
          c.name == "token-#{Config.current.port}"
        end.not_nil!
        @context.storage.logout cookie.value
      rescue e
        @context.error "Error when attempting to log out: #{e}"
@ -24,7 +26,7 @@ class MainRouter < Router
        password = env.params.body["password"]
        token = @context.storage.verify_user(username, password).not_nil!
-        cookie = HTTP::Cookie.new "token", token
+        cookie = HTTP::Cookie.new "token-#{Config.current.port}", token
        cookie.path = Config.current.base_url
        cookie.expires = Time.local.shift years: 1
        env.response.cookies << cookie
--- a/src/util.cr
+++ b/src/util.cr
@ -6,7 +6,9 @@ UPLOAD_URL_PREFIX = "/uploads"
 macro layout(name)
  base_url = Config.current.base_url
  begin
-    cookie = env.request.cookies.find { |c| c.name == "token" }
+    cookie = env.request.cookies.find do |c|
      c.name == "token-#{Config.current.port}"
    end
    is_admin = false
    unless cookie.nil?
      is_admin = @context.storage.verify_admin cookie.value
@ -26,7 +28,9 @@ end
 macro get_username(env)
  # if the request gets here, it has gone through the auth handler, and
  #   we can be sure that a valid token exists, so we can use not_nil! here
-  cookie = {{env}}.request.cookies.find { |c| c.name == "token" }.not_nil!
+  cookie = {{env}}.request.cookies.find do |c|
    c.name == "token-#{Config.current.port}"
  end.not_nil!
  (@context.storage.verify_token cookie.value).not_nil!
 end