SuperSeriousBusiness/GoToSocial
1
1
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial synced 2025-06-05 21:59:39 +02:00
Code Issues Projects Releases Wiki Activity
Files
ca12742a7ac0aec95fc0d7897e54a2272a68c34f
GoToSocial/internal/api/util/cookie.go
kim 31628019fe [chore] tweak NoLLaMas proof-of-work algorithm (#4090) 
# Description

- tweaks the NoLLaMas proof-of-work algorithm to further granularity on time spent computing solutions
- standardizes GoToSocial cookie security directive setting in a CookiePolicy{} type

## Checklist

- [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md).
- [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat.
- [x] I/we have not leveraged AI to create the proposed changes.
- [x] I/we have performed a self-review of added code.
- [x] I/we have written code that is legible and maintainable by others.
- [x] I/we have commented the added code, particularly in hard-to-understand areas.
- [ ] I/we have made any necessary changes to documentation.
- [ ] I/we have added tests that cover new code.
- [ ] I/we have run tests and they pass locally with the changes.
- [x] I/we have run `go fmt ./...` and `golangci-lint run`.

Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4090
Co-authored-by: kim <grufwub@gmail.com>
Co-committed-by: kim <grufwub@gmail.com>
2025-04-29 13:57:26 +00:00

84 lines
2.5 KiB
Go
Raw Blame History

// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package util
import (
"net/http"
"net/url"
"code.superseriousbusiness.org/gotosocial/internal/config"
"code.superseriousbusiness.org/gotosocial/internal/log"
"github.com/gin-gonic/gin"
)
// CookiePolicy encompasses a number
// of security related cookie directives
// of which we want to be set consistently
// on all cookies administered by us.
type CookiePolicy struct {
Domain string
SameSite http.SameSite
HTTPOnly bool
Secure bool
}
// NewCookiePolicy will return a new CookiePolicy{}
// object setup according to current instance config.
func NewCookiePolicy() CookiePolicy {
var sameSite http.SameSite
switch s := config.GetAdvancedCookiesSamesite(); s {
case "strict":
sameSite = http.SameSiteStrictMode
case "lax":
sameSite = http.SameSiteLaxMode
default:
log.Warnf(nil, "%s set to %s which is not recognized, defaulting to 'lax'", config.AdvancedCookiesSamesiteFlag(), s)
sameSite = http.SameSiteLaxMode
}
return CookiePolicy{
Domain: config.GetHost(),
// https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
SameSite: sameSite,
// forbid javascript from
// inspecting cookie
HTTPOnly: true,
// only set secure cookie directive over https
Secure: (config.GetProtocol() == "https"),
}
}
// SetCookie will set the given cookie details according to currently configured CookiePolicy{}.
func (p *CookiePolicy) SetCookie(c *gin.Context, name, value string, maxAge int, path string) {
if path == "" {
path = "/"
}
http.SetCookie(c.Writer, &http.Cookie{
Name: name,
Value: url.QueryEscape(value),
MaxAge: maxAge,
Path: path,
Domain: p.Domain,
SameSite: p.SameSite,
Secure: p.Secure,
HttpOnly: p.HTTPOnly,
})
}
Reference in New Issue View Git Blame Copy Permalink