fix (canary): canary cookie compat

mickael-kerjean · mickael-kerjean · commit 53b12f9c9719 · 2024-10-16T01:49:57.000+11:00
diff --git a/server/common/recovery.go b/server/common/recovery.go
@@ -0,0 +1,20 @@
+package common
+
+import (
+	"net/http"
+)
+
+// previous cookie configuration in canary release of 2024/10 break existing cookie and
+// can introduce weird error when a user has things in cache.
+// this code will deprecate early 2025
+func RecoverFromBadCookie(res http.ResponseWriter) {
+	http.SetCookie(res, &http.Cookie{
+		Name:     "auth",
+		Value:    "",
+		MaxAge:   -1,
+		HttpOnly: true,
+		SameSite: http.SameSiteStrictMode,
+		Path:     WithBase("/api/"),
+		Secure:   false,
+	})
+}
diff --git a/server/middleware/session.go b/server/middleware/session.go
@@ -60,6 +60,7 @@ func SessionStart(fn HandlerFunc) HandlerFunc {
 		}
 		ctx.Authorization = _extractAuthorization(req)
 		if ctx.Session, err = _extractSession(req, ctx); err != nil {
+			RecoverFromBadCookie(res)
 			SendErrorResult(res, err)
 			return
 		}
@@ -282,7 +283,7 @@ func _extractSession(req *http.Request, ctx *App) (map[string]string, error) {
 		str, err = DecryptString(SECRET_KEY_DERIVATE_FOR_USER, ctx.Share.Auth)
 		if err != nil {
 			// This typically happen when changing the secret key
-			return session, nil
+			return session, ErrInternal
 		}
 		err = json.Unmarshal([]byte(str), &session)
 		if IsDirectory(ctx.Share.Path) {
@@ -310,7 +311,7 @@ func _extractSession(req *http.Request, ctx *App) (map[string]string, error) {
 	if err != nil {
 		// This typically happen when changing the secret key
 		Log.Debug("middleware::session decrypt error '%s'", err.Error())
-		return session, nil
+		return session, ErrInternal
 	}
 	if err = json.Unmarshal([]byte(str), &session); err != nil {
 		return session, err

Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,7 @@ func SessionStart(fn HandlerFunc) HandlerFunc {`
`60`	`60`	`}`
`61`	`61`	`ctx.Authorization = _extractAuthorization(req)`
`62`	`62`	`if ctx.Session, err = _extractSession(req, ctx); err != nil {`
	`63`	`+ RecoverFromBadCookie(res)`
`63`	`64`	`SendErrorResult(res, err)`
`64`	`65`	`return`
`65`	`66`	`}`
`@@ -282,7 +283,7 @@ func _extractSession(req http.Request, ctx App) (map[string]string, error) {`
`282`	`283`	`str, err = DecryptString(SECRET_KEY_DERIVATE_FOR_USER, ctx.Share.Auth)`
`283`	`284`	`if err != nil {`
`284`	`285`	`// This typically happen when changing the secret key`
`285`		`- return session, nil`
	`286`	`+ return session, ErrInternal`
`286`	`287`	`}`
`287`	`288`	`err = json.Unmarshal([]byte(str), &session)`
`288`	`289`	`if IsDirectory(ctx.Share.Path) {`
`@@ -310,7 +311,7 @@ func _extractSession(req http.Request, ctx App) (map[string]string, error) {`
`310`	`311`	`if err != nil {`
`311`	`312`	`// This typically happen when changing the secret key`
`312`	`313`	`Log.Debug("middleware::session decrypt error '%s'", err.Error())`
`313`		`- return session, nil`
	`314`	`+ return session, ErrInternal`
`314`	`315`	`}`
`315`	`316`	`if err = json.Unmarshal([]byte(str), &session); err != nil {`
`316`	`317`	`return session, err`