fix: set cookies better

2021-08-20 02:59:11 -04:00 · 2021-08-20 02:59:11 -04:00 · 79437deb17
parent 47abf311e1
commit 79437deb17
3 changed files with 166 additions and 3 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -120,6 +120,12 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"

+[[package]]
+name = "base-x"
+version = "0.2.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4521f3e3d031370679b3b140beb36dfe4801b09ac77e30c61941f97df3ef28b"
+
 [[package]]
 name = "base64"
 version = "0.13.0"
@ -213,7 +219,7 @@ dependencies = [
 "num-integer",
 "num-traits",
 "serde",
- "time",
+ "time 0.1.43",
 "winapi",
 ]

@ -226,6 +232,7 @@ dependencies = [
 "askama_warp",
 "cached",
 "chrono",
+ "cookie",
 "futures",
 "irc",
 "parking_lot",
@ -242,6 +249,23 @@ dependencies = [
 "warp",
 ]

+[[package]]
+name = "const_fn"
+version = "0.4.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f92cfa0fd5690b3cf8c1ef2cabbd9b7ef22fa53cf5e1f92b05103f6d5d1cf6e7"
+
+[[package]]
+name = "cookie"
+version = "0.15.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d5f1c7727e460397e56abc4bddc1d49e07a1ad78fc98eb2e1c8f032a58a2f80d"
+dependencies = [
+ "percent-encoding",
+ "time 0.2.27",
+ "version_check",
+]
+
 [[package]]
 name = "core-foundation"
 version = "0.9.1"
@ -311,6 +335,12 @@ dependencies = [
 "generic-array",
 ]

+[[package]]
+name = "discard"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "212d0f5754cb6769937f4501cc0e67f4f4483c8d2c3e1e922ee9edbe4ab4c7c0"
+
 [[package]]
 name = "displaydoc"
 version = "0.2.3"
@ -602,7 +632,7 @@ dependencies = [
 "http",
 "mime",
 "sha-1",
- "time",
+ "time 0.1.43",
 ]

 [[package]]
@ -1318,6 +1348,15 @@ dependencies = [
 "winapi",
 ]

+[[package]]
+name = "rustc_version"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a"
+dependencies = [
+ "semver",
+]
+
 [[package]]
 name = "rustls"
 version = "0.19.1"
@ -1416,6 +1455,21 @@ dependencies = [
 "libc",
 ]

+[[package]]
+name = "semver"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403"
+dependencies = [
+ "semver-parser",
+]
+
+[[package]]
+name = "semver-parser"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"
+
 [[package]]
 name = "serde"
 version = "1.0.127"
@ -1516,6 +1570,12 @@ dependencies = [
 "opaque-debug",
 ]

+[[package]]
+name = "sha1"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2579985fda508104f7587689507983eadd6a6e84dd35d6d115361f530916fa0d"
+
 [[package]]
 name = "signal-hook-registry"
 version = "1.4.0"
@ -1562,12 +1622,70 @@ version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"

+[[package]]
+name = "standback"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e113fb6f3de07a243d434a56ec6f186dfd51cb08448239fe7bcae73f87ff28ff"
+dependencies = [
+ "version_check",
+]
+
 [[package]]
 name = "static_assertions"
 version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"

+[[package]]
+name = "stdweb"
+version = "0.4.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d022496b16281348b52d0e30ae99e01a73d737b2f45d38fed4edf79f9325a1d5"
+dependencies = [
+ "discard",
+ "rustc_version",
+ "stdweb-derive",
+ "stdweb-internal-macros",
+ "stdweb-internal-runtime",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "stdweb-derive"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c87a60a40fccc84bef0652345bbbbbe20a605bf5d0ce81719fc476f5c03b50ef"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "serde",
+ "serde_derive",
+ "syn",
+]
+
+[[package]]
+name = "stdweb-internal-macros"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "58fa5ff6ad0d98d1ffa8cb115892b6e69d67799f6763e162a1c9db421dc22e11"
+dependencies = [
+ "base-x",
+ "proc-macro2",
+ "quote",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "sha1",
+ "syn",
+]
+
+[[package]]
+name = "stdweb-internal-runtime"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "213701ba3370744dcd1a12960caa4843b3d68b4d1c0a5d575e0d65b2ee9d16c0"
+
 [[package]]
 name = "strsim"
 version = "0.10.0"
@ -1635,6 +1753,44 @@ dependencies = [
 "winapi",
 ]

+[[package]]
+name = "time"
+version = "0.2.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4752a97f8eebd6854ff91f1c1824cd6160626ac4bd44287f7f4ea2035a02a242"
+dependencies = [
+ "const_fn",
+ "libc",
+ "standback",
+ "stdweb",
+ "time-macros",
+ "version_check",
+ "winapi",
+]
+
+[[package]]
+name = "time-macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "957e9c6e26f12cb6d0dd7fc776bb67a706312e7299aed74c8dd5b17ebb27e2f1"
+dependencies = [
+ "proc-macro-hack",
+ "time-macros-impl",
+]
+
+[[package]]
+name = "time-macros-impl"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fd3c141a1b43194f3f56a1411225df8646c55781d5f26db825b3d98507eb482f"
+dependencies = [
+ "proc-macro-hack",
+ "proc-macro2",
+ "quote",
+ "standback",
+ "syn",
+]
+
 [[package]]
 name = "tinyvec"
 version = "1.3.1"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -11,6 +11,7 @@ askama = { version = "0.10", features = ["with-warp"] }
 askama_warp = "0.11"
 cached = { version = "0.25", default-features = false }
 chrono = "0.4"
+cookie = { version = "0.15", features = ["percent-encode"] }
 futures = "0.3"
 irc = "0.15"
 parking_lot = "0.11"
--- a/src/app/web/route/access_token.rs
+++ b/src/app/web/route/access_token.rs
@ -1,3 +1,4 @@
+use cookie::{Cookie, SameSite};
 use warp::{
    Filter, Reply,
    filters::BoxedFilter,
@ -30,10 +31,15 @@ fn access_token_submit() -> BoxedFilter<(impl Reply, )> {
                Some(token) => token,
                None => return Err(warp::reject::custom(CustomRejection::InvalidForm)),
            };
+            let cookie = Cookie::build("access_token", token)
+                .same_site(SameSite::Lax)
+                .secure(true)
+                .http_only(true)
+                .finish();
            Ok(warp::reply::with_header(
                warp::redirect(Uri::from_static("/")),
                "Set-Cookie",
-                format!("access_token={}; SameSite=Lax; Secure; HttpOnly", token),
+                cookie.encoded().to_string(),
            ))
        })
        .boxed()