[bugfix] Convert IDNs to punycode before using as session name (#458)
* convert hostname to punycode for session name * test punycode
This commit is contained in:
parent
af97d6bb7e
commit
7883dd5499
|
@ -31,6 +31,7 @@ import (
|
||||||
"github.com/spf13/viper"
|
"github.com/spf13/viper"
|
||||||
"github.com/superseriousbusiness/gotosocial/internal/config"
|
"github.com/superseriousbusiness/gotosocial/internal/config"
|
||||||
"github.com/superseriousbusiness/gotosocial/internal/db"
|
"github.com/superseriousbusiness/gotosocial/internal/db"
|
||||||
|
"golang.org/x/net/idna"
|
||||||
)
|
)
|
||||||
|
|
||||||
// SessionOptions returns the standard set of options to use for each session.
|
// SessionOptions returns the standard set of options to use for each session.
|
||||||
|
@ -61,7 +62,14 @@ func SessionName() (string, error) {
|
||||||
return "", fmt.Errorf("could not derive hostname without port from %s://%s", protocol, host)
|
return "", fmt.Errorf("could not derive hostname without port from %s://%s", protocol, host)
|
||||||
}
|
}
|
||||||
|
|
||||||
return fmt.Sprintf("gotosocial-%s", strippedHostname), nil
|
// make sure IDNs are converted to punycode or the cookie library breaks:
|
||||||
|
// see https://en.wikipedia.org/wiki/Punycode
|
||||||
|
punyHostname, err := idna.New().ToASCII(strippedHostname)
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("could not convert %s to punycode: %s", strippedHostname, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return fmt.Sprintf("gotosocial-%s", punyHostname), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func useSession(ctx context.Context, sessionDB db.Session, engine *gin.Engine) error {
|
func useSession(ctx context.Context, sessionDB db.Session, engine *gin.Engine) error {
|
||||||
|
|
|
@ -82,6 +82,15 @@ func (suite *SessionTestSuite) TestDeriveSessionOK() {
|
||||||
suite.Equal("gotosocial-example.org", sessionName)
|
suite.Equal("gotosocial-example.org", sessionName)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (suite *SessionTestSuite) TestDeriveSessionIDNOK() {
|
||||||
|
viper.Set(config.Keys.Protocol, "https")
|
||||||
|
viper.Set(config.Keys.Host, "fóid.org")
|
||||||
|
|
||||||
|
sessionName, err := router.SessionName()
|
||||||
|
suite.NoError(err)
|
||||||
|
suite.Equal("gotosocial-xn--fid-gna.org", sessionName)
|
||||||
|
}
|
||||||
|
|
||||||
func TestSessionTestSuite(t *testing.T) {
|
func TestSessionTestSuite(t *testing.T) {
|
||||||
suite.Run(t, &SessionTestSuite{})
|
suite.Run(t, &SessionTestSuite{})
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue