outposts/proxy: fix securecookie: the value is too long again, since it can happen even with filesystem storage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-13 13:33:20 +01:00
parent ff03db61a8
commit aa321196d7
1 changed files with 11 additions and 2 deletions

View File

@ -2,6 +2,7 @@ package application
import ( import (
"fmt" "fmt"
"math"
"os" "os"
"strconv" "strconv"
@ -27,14 +28,22 @@ func (a *Application) getStore(p api.ProxyOutpostConfig) sessions.Store {
a.log.Info("using redis session backend") a.log.Info("using redis session backend")
store = rs store = rs
} else { } else {
cs := sessions.NewFilesystemStore(os.TempDir(), []byte(*p.CookieSecret)) dir := os.TempDir()
cs := sessions.NewFilesystemStore(dir, []byte(*p.CookieSecret))
cs.Options.Domain = *p.CookieDomain cs.Options.Domain = *p.CookieDomain
// https://github.com/markbates/goth/commit/7276be0fdf719ddff753f3574ef0f967e4a5a5f7
// set the maxLength of the cookies stored on the disk to a larger number to prevent issues with:
// securecookie: the value is too long
// when using OpenID Connect , since this can contain a large amount of extra information in the id_token
// Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk
cs.MaxLength(math.MaxInt64)
if p.TokenValidity.IsSet() { if p.TokenValidity.IsSet() {
t := p.TokenValidity.Get() t := p.TokenValidity.Get()
// Add one to the validity to ensure we don't have a session with indefinite length // Add one to the validity to ensure we don't have a session with indefinite length
cs.Options.MaxAge = int(*t) + 1 cs.Options.MaxAge = int(*t) + 1
} }
a.log.Info("using filesystem session backend") a.log.WithField("dir", dir).Info("using filesystem session backend")
store = cs store = cs
} }
return store return store