diff options
| author | 2021-03-07 00:55:31 +0300 | |
|---|---|---|
| committer | 2021-03-07 00:55:31 +0300 | |
| commit | 8ef22e9bac402f12bb5f6e932ff67fd45b26433b (patch) | |
| tree | 8a7ab3c366cb5909b81cddbd8337cf15aa91cdd9 | |
| parent | Corrects Domain On Token Cookie (diff) | |
Switches Forwarded Protocol Header
Traefik forwards https traffic to http, which causes issues with the
protocol in a request's URL. This switch uses the protocol header to
correctly set the protocol.
Signed-off-by: Hassan Abouelela <[email protected]>
| -rw-r--r-- | backend/routes/auth/authorize.py | 16 | ||||
| -rw-r--r-- | backend/routes/forms/submit.py | 5 | 
2 files changed, 9 insertions, 12 deletions
| diff --git a/backend/routes/auth/authorize.py b/backend/routes/auth/authorize.py index 6a27c65..e782bcc 100644 --- a/backend/routes/auth/authorize.py +++ b/backend/routes/auth/authorize.py @@ -35,8 +35,7 @@ class AuthorizeResponse(BaseModel):  async def process_token(          bearer_token: dict, -        origin_url: str, -        request_url: Request.url +        request: Request  ) -> Union[AuthorizeResponse, AUTH_FAILURE]:      """Post a bearer token to Discord, and return a JWT and username."""      interaction_start = datetime.datetime.now() @@ -65,19 +64,20 @@ async def process_token(          "expiry": token_expiry.isoformat()      }) -    await set_response_token(response, origin_url, request_url, token, bearer_token["expires_in"]) +    await set_response_token(response, request, token, bearer_token["expires_in"])      return response  async def set_response_token(          response: responses.Response, -        origin_url: str, -        request_url: Request.url, +        request: Request,          new_token: str,          expiry: int  ) -> None:      """Helper that handles logic for updating a token in a set-cookie response.""" -    stripped_domain = f"{request_url.scheme}://{request_url.netloc}/" +    origin_url = request.headers.get("origin") +    protocol = request.headers.get("X-Forwarded-Proto") or "https" +    stripped_domain = f"{protocol}://{request.url.netloc}/"      if origin_url == constants.PRODUCTION_URL:          domain = stripped_domain @@ -123,7 +123,7 @@ class AuthorizeRoute(Route):          except httpx.HTTPStatusError:              return AUTH_FAILURE -        return await process_token(bearer_token, url, request.url) +        return await process_token(bearer_token, request)  class TokenRefreshRoute(Route): @@ -148,4 +148,4 @@ class TokenRefreshRoute(Route):          except httpx.HTTPStatusError:              return AUTH_FAILURE -        return await process_token(bearer_token, url, request.url) +        return await process_token(bearer_token, request) diff --git a/backend/routes/forms/submit.py b/backend/routes/forms/submit.py index ae98cfb..2624c98 100644 --- a/backend/routes/forms/submit.py +++ b/backend/routes/forms/submit.py @@ -75,11 +75,8 @@ class SubmitForm(Route):                      except ValueError:                          expiry = None -                    origin = request.headers.get("origin")                      expiry_seconds = (expiry - datetime.datetime.now()).seconds -                    await set_response_token( -                        response, origin, request.url, request.user.token, expiry_seconds -                    ) +                    await set_response_token(response, request, request.user.token, expiry_seconds)          except httpx.HTTPStatusError:              pass | 
