zotan/AutheliaMultiDomainProxy
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
AutheliaMultiDomainProxy/Controllers/CookieProxyController.cs
Laura Hausmann b530eb1e5e
Initial commit
2023-03-28 22:05:01 +02:00

46 lines
2.1 KiB
C#
Raw Blame History

using System.Web;
using AutheliaMultiDomainProxy.Backend;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Net.Http.Headers;
using SameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode;
namespace AutheliaMultiDomainProxy.Controllers;
[Controller]
public class CookieProxyController : Controller {
[Produces("text/html", "text/plain")]
[Route("/api/cookieproxy_stage_one")]
public IActionResult StageOne([FromQuery] string dstDomain, [FromQuery] string tgt) {
if (!Request.Cookies.ContainsKey("authelia_session")
|| string.IsNullOrWhiteSpace(dstDomain)
|| !Vars.PermittedDstDomains.Contains(dstDomain)
|| string.IsNullOrWhiteSpace(tgt)) {
return BadRequest("Bad request.");
}
var targetUrl =
$"https://{Vars.AuthProxySubdomain}.{dstDomain}/api/cookieproxy_stage_two?dstDomain={HttpUtility.UrlEncode(dstDomain)}&tgt={HttpUtility.UrlEncode(tgt)}";
return Content($"Redirecting to cookie proxy (stage two) on the destination domain... <form method=\"POST\" action=\"{targetUrl}\"> <input type=\"hidden\" name=\"cookie\" value=\"{Request.Cookies["authelia_session"]}\"><button type=\"submit\">Click here</button> if you are not redirected automatically</form><script>document.querySelector(\"form\").submit();</script>", "text/html");
}
[HttpPost]
[Produces("text/html", "text/plain")]
[Route("/api/cookieproxy_stage_two")]
public IActionResult StageTwo([FromQuery] string dstDomain, [FromQuery] string tgt, [FromForm] string cookie) {
if (string.IsNullOrWhiteSpace(dstDomain) || !Vars.PermittedDstDomains.Contains(dstDomain) || string.IsNullOrWhiteSpace(cookie) || string.IsNullOrWhiteSpace(tgt)) {
return BadRequest("Bad request.");
}
Response.Cookies.Append(Vars.CookieName, cookie,
new CookieOptions {
Expires = DateTimeOffset.Now + TimeSpan.FromDays(365),
SameSite = SameSiteMode.Lax,
Secure = true,
HttpOnly = true,
Domain = dstDomain
});
Response.Redirect(tgt);
return Content($"Cookie set. Redirecting... <a href=\"{tgt}\">Click here if you are not redirected automatically</a>", "text/html");
}
}
Reference in a new issue View git blame Copy permalink