Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit5870176

Browse files
authored
feat: Also log out of apps if they are hosted on the same domain (#4334)
* feat: Also log out of apps if they are hosted on the same domain* Update comment
1 parent06d7e36 commit5870176

File tree

1 file changed

+37
-11
lines changed

1 file changed

+37
-11
lines changed

‎coderd/users.go

Lines changed: 37 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1018,6 +1018,43 @@ func (api *API) postLogout(rw http.ResponseWriter, r *http.Request) {
10181018
}
10191019
http.SetCookie(rw,cookie)
10201020

1021+
// Delete the session token from database.
1022+
apiKey:=httpmw.APIKey(r)
1023+
err:=api.Database.DeleteAPIKeyByID(ctx,apiKey.ID)
1024+
iferr!=nil {
1025+
httpapi.Write(ctx,rw,http.StatusInternalServerError, codersdk.Response{
1026+
Message:"Internal error deleting API key.",
1027+
Detail:err.Error(),
1028+
})
1029+
return
1030+
}
1031+
1032+
// Deployments should not host app tokens on the same domain as the
1033+
// primary deployment. But in the case they are, we should also delete this
1034+
// token.
1035+
ifappCookie,_:=r.Cookie(httpmw.DevURLSessionTokenCookie);appCookie!=nil {
1036+
appCookieRemove:=&http.Cookie{
1037+
// MaxAge < 0 means to delete the cookie now.
1038+
MaxAge:-1,
1039+
Name:httpmw.DevURLSessionTokenCookie,
1040+
Path:"/",
1041+
Domain:"."+api.AccessURL.Hostname(),
1042+
}
1043+
http.SetCookie(rw,appCookieRemove)
1044+
1045+
id,_,err:=httpmw.SplitAPIToken(appCookie.Value)
1046+
iferr==nil {
1047+
err=api.Database.DeleteAPIKeyByID(ctx,id)
1048+
iferr!=nil {
1049+
// Don't block logout, just log any errors.
1050+
api.Logger.Warn(r.Context(),"failed to delete devurl token on logout",
1051+
slog.Error(err),
1052+
slog.F("id",id),
1053+
)
1054+
}
1055+
}
1056+
}
1057+
10211058
// This code should be removed after Jan 1 2023.
10221059
// This code logs out of the old session cookie before we renamed it
10231060
// if it is a valid coder token. Otherwise, this old cookie hangs around
@@ -1036,17 +1073,6 @@ func (api *API) postLogout(rw http.ResponseWriter, r *http.Request) {
10361073
}
10371074
}
10381075

1039-
// Delete the session token from database.
1040-
apiKey:=httpmw.APIKey(r)
1041-
err=api.Database.DeleteAPIKeyByID(ctx,apiKey.ID)
1042-
iferr!=nil {
1043-
httpapi.Write(ctx,rw,http.StatusInternalServerError, codersdk.Response{
1044-
Message:"Internal error deleting API key.",
1045-
Detail:err.Error(),
1046-
})
1047-
return
1048-
}
1049-
10501076
httpapi.Write(ctx,rw,http.StatusOK, codersdk.Response{
10511077
Message:"Logged out!",
10521078
})

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp