SuperSeriousBusiness/GoToSocial
1
1
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial synced 2025-06-05 21:59:39 +02:00
Code Issues Projects Releases Wiki Activity

[bugfix] Convert IDNs to punycode before using as session name (#458)

Browse Source 
* convert hostname to punycode for session name

* test punycode
This commit is contained in:
tobi
2022-04-16 13:09:42 +02:00
committed by GitHub
parent af97d6bb7e
commit 7883dd5499
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/router/session.go
View File

@@ -31,6 +31,7 @@ import (
"github.com/spf13/viper"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/db"
"golang.org/x/net/idna"
)
// SessionOptions returns the standard set of options to use for each session.
@@ -61,7 +62,14 @@ func SessionName() (string, error) {
return "", fmt.Errorf("could not derive hostname without port from %s://%s", protocol, host)
}
return fmt.Sprintf("gotosocial-%s", strippedHostname), nil
// make sure IDNs are converted to punycode or the cookie library breaks:
// see https://en.wikipedia.org/wiki/Punycode
punyHostname, err := idna.New().ToASCII(strippedHostname)
if err != nil {
return "", fmt.Errorf("could not convert %s to punycode: %s", strippedHostname, err)
}
return fmt.Sprintf("gotosocial-%s", punyHostname), nil
}
func useSession(ctx context.Context, sessionDB db.Session, engine *gin.Engine) error {