fix: remove the rest of the specific cookie handling.

muni-town · May 25, 2024 · 764f18f · 764f18f
1 parent 0fa1d7c
commit 764f18f
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 37 deletions.
diff --git a/.env.local b/.env.local
@@ -1,7 +1,6 @@
 BACKEND_URL="http://127.0.0.1:8080"
 BACKEND_SECRET="temporarydevelopmentkey"
 RAUTHY_URL="http://localhost:8921"
-PUBLIC_COOKIE_PREFIX="" # Set this to `__HOST-` in production
 RAUTHY_USERATTRIBUTES_API_KEY="userattributes$very_bad_secret_use_only_in_development_qH6udD97p1hEXOxqFWoZwxAjl"
 SMTP_HOST="localhost"
 SMTP_PORT="2525"

diff --git a/backend/src/auth.rs b/backend/src/auth.rs
@@ -2,7 +2,6 @@ use axum::{
     extract::{FromRequest, Request},
     BoxError,
 };
-use axum_extra::extract::CookieJar;
 use http::StatusCode;
 use serde::{Deserialize, Serialize};
 
@@ -21,39 +20,27 @@ where
     type Rejection = ();
 
     async fn from_request(req: Request, _: &S) -> Result<Self, Self::Rejection> {
-        let cookies = CookieJar::from_headers(req.headers());
-        let rauthy_session = cookies.get(&format!("{}RauthySession", ARGS.cookie_prefix));
         let session = async move {
-            if let Some(session) = rauthy_session {
-                let session_info = CLIENT
-                    .get(ARGS.rauthy_url.join("/auth/v1/oidc/sessioninfo").unwrap())
-                    .header(
-                        "Cookie",
-                        format!("{}RauthySession={}", ARGS.cookie_prefix, session.value()),
-                    )
-                    .send()
-                    .await?;
-                let session_info = session_info.json::<RauthySessionInfo>().await?;
-                let user_info = CLIENT
-                    .get(
-                        ARGS.rauthy_url
-                            .join(&format!("/auth/v1/users/{}", session_info.user_id))
-                            .unwrap(),
-                    )
-                    .header(
-                        "Cookie",
-                        format!("{}RauthySession={}", ARGS.cookie_prefix, session.value()),
-                    )
-                    .send()
-                    .await?;
-                let user_info = user_info.json::<RauthyUserInfo>().await?;
-                Ok::<_, reqwest::Error>(Some(RauthySession {
-                    info: session_info,
-                    user: user_info,
-                }))
-            } else {
-                Ok(None)
-            }
+            let session_info = CLIENT
+                .get(ARGS.rauthy_url.join("/auth/v1/oidc/sessioninfo").unwrap())
+                .headers(req.headers().clone())
+                .send()
+                .await?;
+            let session_info = session_info.json::<RauthySessionInfo>().await?;
+            let user_info = CLIENT
+                .get(
+                    ARGS.rauthy_url
+                        .join(&format!("/auth/v1/users/{}", session_info.user_id))
+                        .unwrap(),
+                )
+                .headers(req.headers().clone())
+                .send()
+                .await?;
+            let user_info = user_info.json::<RauthyUserInfo>().await?;
+            Ok::<_, reqwest::Error>(Some(RauthySession {
+                info: session_info,
+                user: user_info,
+            }))
         }
         .await;
         if let Err(e) = &session {

diff --git a/backend/src/main.rs b/backend/src/main.rs
@@ -21,9 +21,6 @@ pub struct Args {
     pub data_dir: PathBuf,
     #[arg(default_value = "http://localhost:8921", env)]
     pub rauthy_url: Url,
-    /// Set this to `__Host-` if using Rauthy in production with host-scope cookies
-    #[arg(default_value = "", env)]
-    pub cookie_prefix: String,
 }
 
 pub static ARGS: Lazy<Args> = Lazy::new(Args::parse);