Skip to content

Commit

Permalink
fix: [Task]: 认证cookies支持二级域名 #6949
Browse files Browse the repository at this point in the history
  • Loading branch information
@baozhoutao
baozhoutao committed Aug 2, 2024
1 parent 1667f4f commit 09cf828
Show file tree
Hide file tree
Showing 10 changed files with 76 additions and 49 deletions.
1 change: 1 addition & 0 deletions packages/auth/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
"dependencies": {
"@steedos/cachers": "2.7.4-beta.8",
"@steedos/objectql": "2.7.4-beta.8",
"@steedos/utils": "2.7.4-beta.8",
"bcryptjs": "^2.4.3",
"cookies": "^0.8.0",
"express": "^4.16.4",
Expand Down
31 changes: 19 additions & 12 deletions packages/auth/src/utils/index.ts
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,14 @@
/*
* @Author: [email protected]
* @Date: 2024-06-16 17:46:33
* @LastEditors: [email protected]
* @LastEditTime: 2024-08-02 10:55:54
* @Description:
*/
import crypto = require('crypto');
import { default as Random } from './random';
import { getSteedosSchema } from '@steedos/objectql';
const Cookies = require('cookies');
import { setCookie, clearCookie } from '@steedos/utils';

export const hashLoginToken = function (loginToken) {
const hash = crypto.createHash('sha256');
Expand Down Expand Up @@ -43,19 +50,17 @@ export const insertHashedLoginToken = async function (userId, hashedToken) {
return await userObject.update(userId, data);
}



export const setAuthCookies = function (req, res, userId, authToken, spaceId?) {
let cookies = new Cookies(req, res);
let options = {
maxAge: 90 * 60 * 60 * 24 * 1000,
httpOnly: true,
overwrite: true
}
cookies.set("X-User-Id", userId, options);
cookies.set("X-Auth-Token", authToken, options);
setCookie(req, res, "X-User-Id", userId, options as any);
setCookie(req, res, "X-Auth-Token", authToken, options as any)

if (spaceId) {
cookies.set("X-Space-Id", spaceId, options);
setCookie(req, res, "X-Space-Id", spaceId, options as any);
// cookies.set("X-Space-Token", spaceId + ',' + authToken, options);
}

Expand All @@ -64,16 +69,18 @@ export const setAuthCookies = function (req, res, userId, authToken, spaceId?) {


export const clearAuthCookies = function (req, res) {
let cookies = new Cookies(req, res);
let options = {
maxAge: 0,
httpOnly: true,
overwrite: true
}
cookies.set("X-User-Id", null, options);
cookies.set("X-Auth-Token", null, options);
cookies.set("X-Access-Token", null, options);
cookies.set("X-Space-Token", null, options);

clearCookie(req, res, "X-User-Id", options as any)
clearCookie(req, res, "X-Auth-Token", options as any)

clearCookie(req, res, "X-Access-Token", options as any)
clearCookie(req, res, "X-Space-Token", options as any)

return;
}

Expand Down
4 changes: 3 additions & 1 deletion packages/utils/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,9 @@
"@steedos/odata-v4-mongodb": "2.5.11-beta.10",
"clone": "^2.1.2",
"mingo": "^6.0.5",
"underscore": "1.5.2"
"underscore": "1.5.2",
"cookies": "^0.8.0",
"psl": "1.9.0"
},
"author": "",
"license": "ISC",
Expand Down
34 changes: 34 additions & 0 deletions packages/utils/src/cookies.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
const Cookies = require('cookies');
const psl = require('psl');

const useSubdomainCookies = process.env.STEEDOS_AUTH_USE_SUBDOMAIN_COOKIES === 'true';

// 从请求的 Host 头中提取二级域名部分
function getSubdomain(host) {
const parsed = psl.parse(host);
if (parsed && parsed.domain) {
return parsed.domain;
}
return host;
}

export function setCookie(req, res, name, value, options = {domain: null, maxAge: 0, httpOnly: true, overwrite: true}) {
const cookies = new Cookies(req, res);
const host = req.headers.host;
if(host && useSubdomainCookies && psl.isValid(host)){
const domain = getSubdomain(host);
options.domain = `.${domain}`; // 动态设置二级域名
}
cookies.set(name, value, options);
}

export function clearCookie(req, res, name, options = {domain: null, maxAge: 0, httpOnly: true, overwrite: true}) {
const cookies = new Cookies(req, res);
const host = req.headers.host;
if(host && useSubdomainCookies && psl.isValid(host)){
const domain = getSubdomain(host);
options.domain = `.${domain}`; // 动态设置二级域名
}
options.maxAge = 0; // 通过将 maxAge 设置为 0 来清除 cookie
cookies.set(name, null, options);
}
4 changes: 3 additions & 1 deletion packages/utils/src/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,16 @@
* @Author: [email protected]
* @Date: 2023-08-06 14:44:51
* @LastEditors: [email protected]
* @LastEditTime: 2024-04-14 13:58:40
* @LastEditTime: 2024-08-02 10:22:51
* @Description:
*/

export * from './queryMetadata';
export * from './defaultsDeep';
export * from './settings'

export * from './cookies';

export async function sleep(ms) {
return new Promise(resolve => setTimeout(resolve, ms));
}
Expand Down
20 changes: 3 additions & 17 deletions services/service-ancillary/main/default/routers/dingtalk.router.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ const fs = require('fs');
const steedosConfig = objectql.getSteedosConfig();
const steedosSchema = objectql.getSteedosSchema();
const auth = require("@steedos/auth");
const { clearCookie } = require('@steedos/utils');

//钉钉文档:http://ddtalk.github.io/dingTalkDoc/?spm=a3140.7785475.0.0.p5bAUd#2-回调接口(分为五个回调类型)

Expand All @@ -15,23 +16,8 @@ const auth = require("@steedos/auth");


clearAuthCookies = function(req, res) {
let cookies, uri;
cookies = new Cookies(req, res);
cookies.set("X-User-Id");
cookies.set("X-Auth-Token");
if (req.headers.origin) {
uri = new URI(req.headers.origin);
} else if (req.headers.referer) {
uri = new URI(req.headers.referer);
}
cookies.set("X-User-Id", "", {
domain: uri != null ? uri.domain() : void 0,
overwrite: true
});
return cookies.set("X-Auth-Token", "", {
domain: uri != null ? uri.domain() : void 0,
overwrite: true
});
clearCookie(req, res, 'X-User-Id');
clearCookie(req, res, 'X-Auth-Token');
};

// Accounts.destroyToken
Expand Down
20 changes: 3 additions & 17 deletions services/service-ancillary/main/default/routers/qywx.router.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ const objectql = require('@steedos/objectql');
const xmlparser = require('express-xml-bodyparser');
const xml2js = require('xml2js');
const fetch = require('node-fetch');
const { clearCookie } = require('@steedos/utils');

const qywxSync = {
write: async function (content) {
Expand Down Expand Up @@ -540,23 +541,8 @@ let getAbsoluteUrl = function (url) {
};

let clearAuthCookies = function (req, res) {
var cookies, uri;
cookies = new Cookies(req, res);
cookies.set("X-User-Id");
cookies.set("X-Auth-Token");
if (req.headers.origin) {
uri = new URI(req.headers.origin);
} else if (req.headers.referer) {
uri = new URI(req.headers.referer);
}
cookies.set("X-User-Id", "", {
domain: uri != null ? uri.domain() : void 0,
overwrite: true
});
return cookies.set("X-Auth-Token", "", {
domain: uri != null ? uri.domain() : void 0,
overwrite: true
});
clearCookie(req, res, 'X-User-Id');
clearCookie(req, res, 'X-Auth-Token');
};

destroyToken = async function (userId, loginToken) {
Expand Down
1 change: 1 addition & 0 deletions services/service-ancillary/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
},
"license": "ISC",
"dependencies": {
"@steedos/utils": "2.7.4-beta.8",
"express": "^4.17.1",
"express-xml-bodyparser": "0.3.0",
"xml2js": "0.4.23"
Expand Down
8 changes: 8 additions & 0 deletions services/service-plugin-amis/public/tailwind/tailwind-steedos.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,10 @@
position: absolute
}

.relative {
position: relative
}

.sticky {
position: sticky
}
Expand All @@ -75,6 +79,10 @@
left: 0px
}

.isolate {
isolation: isolate
}

.z-20 {
z-index: 20
}
Expand Down
2 changes: 1 addition & 1 deletion yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15308,7 +15308,7 @@ pseudomap@^1.0.2:
resolved "https://registry.yarnpkg.com/pseudomap/-/pseudomap-1.0.2.tgz#f052a28da70e618917ef0a8ac34c1ae5a68286b3"
integrity sha512-b/YwNhb8lk1Zz2+bXXpS/LK9OisiZZ1SNsSLxN1x2OXVEhW2Ckr/7mWE5vrC1ZTiJlD9g19jWszTmJsB+oEpFQ==

psl@^1.1.28:
psl@1.9.0, psl@^1.1.28:
version "1.9.0"
resolved "https://registry.yarnpkg.com/psl/-/psl-1.9.0.tgz#d0df2a137f00794565fcaf3b2c00cd09f8d5a5a7"
integrity sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag==
Expand Down

0 comments on commit 09cf828

Please sign in to comment.