diff options
| author | Christopher Speller <crspeller@gmail.com> | 2018-02-20 12:49:45 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-02-20 12:49:45 -0800 |
| commit | 75d9a3a3b99d0acafb6783a721a35ab1ccdd8d9d (patch) | |
| tree | e362a6a112af73c8b5d9c7739753751429903a26 | |
| parent | febc129ecaa2a0ca8c6f8deeac654cb296b2b436 (diff) | |
| download | chat-75d9a3a3b99d0acafb6783a721a35ab1ccdd8d9d.tar.gz chat-75d9a3a3b99d0acafb6783a721a35ab1ccdd8d9d.tar.bz2 chat-75d9a3a3b99d0acafb6783a721a35ab1ccdd8d9d.zip | |
MM-8681 Adding config settings necessary for using CloudFront. (#8307)
* Adding config settings nessisary for using CloudFront.
* Adding new config settings to diagnostics.
| -rw-r--r-- | api4/user.go | 1 | ||||
| -rw-r--r-- | app/config.go | 10 | ||||
| -rw-r--r-- | app/diagnostics.go | 2 | ||||
| -rw-r--r-- | app/login.go | 3 | ||||
| -rw-r--r-- | config/default.json | 2 | ||||
| -rw-r--r-- | i18n/en.json | 4 | ||||
| -rw-r--r-- | model/config.go | 20 | ||||
| -rw-r--r-- | utils/config.go | 1 |
8 files changed, 43 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index cfb2a5b3f..165e5aa9a 100644 --- a/api4/user.go +++ b/api4/user.go @@ -1076,6 +1076,7 @@ func attachDeviceId(c *Context, w http.ResponseWriter, r *http.Request) { MaxAge: maxAge, Expires: expiresAt, HttpOnly: true, + Domain: c.App.GetCookieDomain(), Secure: secure, } diff --git a/app/config.go b/app/config.go index b4925e8fb..a9cd84d90 100644 --- a/app/config.go +++ b/app/config.go @@ -12,6 +12,7 @@ import ( "encoding/base64" "encoding/json" "fmt" + "net/url" "runtime/debug" l4g "github.com/alecthomas/log4go" @@ -254,3 +255,12 @@ func (a *App) Desanitize(cfg *model.Config) { cfg.SqlSettings.DataSourceSearchReplicas[i] = actual.SqlSettings.DataSourceSearchReplicas[i] } } + +func (a *App) GetCookieDomain() string { + if *a.Config().ServiceSettings.AllowCookiesForSubdomains { + if siteURL, err := url.Parse(*a.Config().ServiceSettings.SiteURL); err == nil { + return siteURL.Hostname() + } + } + return "" +} diff --git a/app/diagnostics.go b/app/diagnostics.go index 6d83d3a89..12553afc8 100644 --- a/app/diagnostics.go +++ b/app/diagnostics.go @@ -243,6 +243,8 @@ func (a *App) trackConfig() { "isdefault_image_proxy_type": isDefault(*cfg.ServiceSettings.ImageProxyType, ""), "isdefault_image_proxy_url": isDefault(*cfg.ServiceSettings.ImageProxyURL, ""), "isdefault_image_proxy_options": isDefault(*cfg.ServiceSettings.ImageProxyOptions, ""), + "websocket_url": isDefault(*cfg.ServiceSettings.WebsocketURL, ""), + "allow_cookies_for_subdomains": *cfg.ServiceSettings.AllowCookiesForSubdomains, }) a.SendDiagnostic(TRACK_CONFIG_TEAM, map[string]interface{}{ diff --git a/app/login.go b/app/login.go index ecc0f0163..e01566bcd 100644 --- a/app/login.go +++ b/app/login.go @@ -113,6 +113,7 @@ func (a *App) DoLogin(w http.ResponseWriter, r *http.Request, user *model.User, secure = true } + domain := a.GetCookieDomain() expiresAt := time.Unix(model.GetMillis()/1000+int64(maxAge), 0) sessionCookie := &http.Cookie{ Name: model.SESSION_COOKIE_TOKEN, @@ -121,6 +122,7 @@ func (a *App) DoLogin(w http.ResponseWriter, r *http.Request, user *model.User, MaxAge: maxAge, Expires: expiresAt, HttpOnly: true, + Domain: domain, Secure: secure, } @@ -130,6 +132,7 @@ func (a *App) DoLogin(w http.ResponseWriter, r *http.Request, user *model.User, Path: "/", MaxAge: maxAge, Expires: expiresAt, + Domain: domain, Secure: secure, } diff --git a/config/default.json b/config/default.json index 934635cb9..52413215e 100644 --- a/config/default.json +++ b/config/default.json @@ -1,6 +1,7 @@ { "ServiceSettings": { "SiteURL": "http://localhost:8065", + "WebsocketURL": "", "LicenseFileLocation": "", "ListenAddress": ":8065", "ConnectionSecurity": "", @@ -32,6 +33,7 @@ "EnforceMultifactorAuthentication": false, "EnableUserAccessTokens": false, "AllowCorsFrom": "", + "AllowCookiesForSubdomains": false, "SessionLengthWebInDays": 30, "SessionLengthMobileInDays": 30, "SessionLengthSSOInDays": 30, diff --git a/i18n/en.json b/i18n/en.json index 1d0381a69..3911516f1 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -4963,6 +4963,10 @@ "translation": "Site URL must be a valid URL and start with http:// or https://" }, { + "id": "model.config.is_valid.websocket_url.app_error", + "translation": "Websocket URL must be a valid URL and start with ws:// or wss://" + }, + { "id": "model.config.is_valid.site_url_email_batching.app_error", "translation": "Unable to enable email batching when SiteURL isn't set." }, diff --git a/model/config.go b/model/config.go index 898099d12..1b916fe13 100644 --- a/model/config.go +++ b/model/config.go @@ -165,6 +165,7 @@ const ( type ServiceSettings struct { SiteURL *string + WebsocketURL *string LicenseFileLocation *string ListenAddress *string ConnectionSecurity *string @@ -196,6 +197,7 @@ type ServiceSettings struct { EnforceMultifactorAuthentication *bool EnableUserAccessTokens *bool AllowCorsFrom *string + AllowCookiesForSubdomains *bool SessionLengthWebInDays *int SessionLengthMobileInDays *int SessionLengthSSOInDays *int @@ -232,6 +234,10 @@ func (s *ServiceSettings) SetDefaults() { s.SiteURL = NewString(SERVICE_SETTINGS_DEFAULT_SITE_URL) } + if s.WebsocketURL == nil { + s.WebsocketURL = NewString("") + } + if s.LicenseFileLocation == nil { s.LicenseFileLocation = NewString("") } @@ -388,6 +394,10 @@ func (s *ServiceSettings) SetDefaults() { s.AllowCorsFrom = NewString(SERVICE_SETTINGS_DEFAULT_ALLOW_CORS_FROM) } + if s.AllowCookiesForSubdomains == nil { + s.AllowCookiesForSubdomains = NewBool(false) + } + if s.WebserverMode == nil { s.WebserverMode = NewString("gzip") } else if *s.WebserverMode == "regular" { @@ -1778,6 +1788,10 @@ func (o *Config) IsValid() *AppError { return NewAppError("Config.IsValid", "model.config.is_valid.cluster_email_batching.app_error", nil, "", http.StatusBadRequest) } + if len(*o.ServiceSettings.SiteURL) == 0 && *o.ServiceSettings.AllowCookiesForSubdomains { + return NewAppError("Config.IsValid", "Allowing cookies for subdomains requires SiteURL to be set.", nil, "", http.StatusBadRequest) + } + if err := o.TeamSettings.isValid(); err != nil { return err } @@ -2085,6 +2099,12 @@ func (ss *ServiceSettings) isValid() *AppError { } } + if len(*ss.WebsocketURL) != 0 { + if _, err := url.ParseRequestURI(*ss.WebsocketURL); err != nil { + return NewAppError("Config.IsValid", "model.config.is_valid.websocket_url.app_error", nil, "", http.StatusBadRequest) + } + } + if len(*ss.ListenAddress) == 0 { return NewAppError("Config.IsValid", "model.config.is_valid.listen_address.app_error", nil, "", http.StatusBadRequest) } diff --git a/utils/config.go b/utils/config.go index a855733a7..0d3047c5d 100644 --- a/utils/config.go +++ b/utils/config.go @@ -353,6 +353,7 @@ func GenerateClientConfig(c *model.Config, diagnosticId string, license *model.L props["BuildEnterpriseReady"] = model.BuildEnterpriseReady props["SiteURL"] = strings.TrimRight(*c.ServiceSettings.SiteURL, "/") + props["WebsocketURL"] = strings.TrimRight(*c.ServiceSettings.WebsocketURL, "/") props["SiteName"] = c.TeamSettings.SiteName props["EnableTeamCreation"] = strconv.FormatBool(c.TeamSettings.EnableTeamCreation) props["EnableUserCreation"] = strconv.FormatBool(c.TeamSettings.EnableUserCreation) |