diff options
| author | Christine Dodrill <me@christine.website> | 2019-01-26 10:32:56 -0800 |
|---|---|---|
| committer | Christine Dodrill <me@christine.website> | 2019-01-26 10:32:56 -0800 |
| commit | e1f9dd089da6eb098e010ef7498036a8ecb2c1ae (patch) | |
| tree | cb2d7bd055a7bb53d8d7a0f6414f160e4dbcf690 /idp/idpmiddleware | |
| parent | a89b2c8a1f577f4b7d025671627683cddddbd8a4 (diff) | |
| download | x-e1f9dd089da6eb098e010ef7498036a8ecb2c1ae.tar.xz x-e1f9dd089da6eb098e010ef7498036a8ecb2c1ae.zip | |
idp/idpmiddleware: fix
Diffstat (limited to 'idp/idpmiddleware')
| -rw-r--r-- | idp/idpmiddleware/middleware.go | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/idp/idpmiddleware/middleware.go b/idp/idpmiddleware/middleware.go index 5a2bdc9..35edc8c 100644 --- a/idp/idpmiddleware/middleware.go +++ b/idp/idpmiddleware/middleware.go @@ -24,7 +24,13 @@ func hash(data string, salt string) string { return fmt.Sprintf("%x", output) } -var bootTime = time.Now() +var ( + globalSalt string +) + +func init() { + globalSalt = hash(uuid.New(), uuid.New()) +} func verify(ctx context.Context, idpServer, state, code string) *http.Request { u, err := url.Parse(idpServer) @@ -111,7 +117,7 @@ func Protect(idpServer, me, selfURL string) func(next http.Handler) http.Handler ln.Log(ctx, ln.Info("setting cookie")) http.SetCookie(w, &http.Cookie{ Name: "within-x-idpmiddleware", - Value: hash(me, bootTime.String()), + Value: hash(me, globalSalt), HttpOnly: true, Expires: time.Now().Add(900 * time.Hour), Path: "/", @@ -129,7 +135,7 @@ func Protect(idpServer, me, selfURL string) func(next http.Handler) http.Handler } cookie, err := r.Cookie("within-x-idpmiddleware") - if err != nil || cookie.Value != hash(me, bootTime.String()) { + if err != nil || cookie.Value != hash(me, globalSalt) { u, err := url.Parse(idpServer) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) |