diff options
| author |  Hassan Abouelela <[email protected]> | 2021-03-07 00:55:31 +0300 |
|---|---|---|
| committer | Hassan Abouelela <[email protected]> | 2021-03-07 00:55:31 +0300 |
| commit | 8ef22e9bac402f12bb5f6e932ff67fd45b26433b (patch) | |
| tree | 8a7ab3c366cb5909b81cddbd8337cf15aa91cdd9 /backend | |
| parent | Corrects Domain On Token Cookie (diff) | |
Switches Forwarded Protocol Header
Traefik forwards https traffic to http, which causes issues with the
protocol in a request's URL. This switch uses the protocol header to
correctly set the protocol.
Signed-off-by: Hassan Abouelela <[email protected]>
Diffstat (limited to 'backend')
| -rw-r--r-- | backend/routes/auth/authorize.py | 16 | ||||
| -rw-r--r-- | backend/routes/forms/submit.py | 5 |
2 files changed, 9 insertions, 12 deletions
diff --git a/backend/routes/auth/authorize.py b/backend/routes/auth/authorize.py index 6a27c65..e782bcc 100644 --- a/backend/routes/auth/authorize.py +++ b/backend/routes/auth/authorize.py @@ -35,8 +35,7 @@ class AuthorizeResponse(BaseModel): async def process_token( bearer_token: dict, - origin_url: str, - request_url: Request.url + request: Request ) -> Union[AuthorizeResponse, AUTH_FAILURE]: """Post a bearer token to Discord, and return a JWT and username.""" interaction_start = datetime.datetime.now() @@ -65,19 +64,20 @@ async def process_token( "expiry": token_expiry.isoformat() }) - await set_response_token(response, origin_url, request_url, token, bearer_token["expires_in"]) + await set_response_token(response, request, token, bearer_token["expires_in"]) return response async def set_response_token( response: responses.Response, - origin_url: str, - request_url: Request.url, + request: Request, new_token: str, expiry: int ) -> None: """Helper that handles logic for updating a token in a set-cookie response.""" - stripped_domain = f"{request_url.scheme}://{request_url.netloc}/" + origin_url = request.headers.get("origin") + protocol = request.headers.get("X-Forwarded-Proto") or "https" + stripped_domain = f"{protocol}://{request.url.netloc}/" if origin_url == constants.PRODUCTION_URL: domain = stripped_domain @@ -123,7 +123,7 @@ class AuthorizeRoute(Route): except httpx.HTTPStatusError: return AUTH_FAILURE - return await process_token(bearer_token, url, request.url) + return await process_token(bearer_token, request) class TokenRefreshRoute(Route): @@ -148,4 +148,4 @@ class TokenRefreshRoute(Route): except httpx.HTTPStatusError: return AUTH_FAILURE - return await process_token(bearer_token, url, request.url) + return await process_token(bearer_token, request) diff --git a/backend/routes/forms/submit.py b/backend/routes/forms/submit.py index ae98cfb..2624c98 100644 --- a/backend/routes/forms/submit.py +++ b/backend/routes/forms/submit.py @@ -75,11 +75,8 @@ class SubmitForm(Route): except ValueError: expiry = None - origin = request.headers.get("origin") expiry_seconds = (expiry - datetime.datetime.now()).seconds - await set_response_token( - response, origin, request.url, request.user.token, expiry_seconds - ) + await set_response_token(response, request, request.user.token, expiry_seconds) except httpx.HTTPStatusError: pass |