feat(homeserver): use full public key as cookie name

2025-12-31 12:54:35 +01:00 · 2024-12-20 13:00:53 +03:00
parent 738bff1ae1
commit fa2a7d2738
3 changed files with 5 additions and 12 deletions
--- a/pubky-homeserver/src/core/layers/authz.rs
+++ b/pubky-homeserver/src/core/layers/authz.rs
@@ -146,13 +146,9 @@ fn authorize(
    Err(Error::with_status(StatusCode::FORBIDDEN))
 }

-fn cookie_name(public_key: &PublicKey) -> String {
-    public_key.to_string().chars().take(8).collect::<String>()
-}
-
 pub fn session_secret_from_cookies(cookies: Cookies, public_key: &PublicKey) -> Option<String> {
    cookies
-        .get(&cookie_name(public_key))
+        .get(&public_key.to_string())
        .map(|c| c.value().to_string())
 }

@@ -162,7 +158,7 @@ fn session_secret_from_headers(headers: &HeaderMap, public_key: &PublicKey) -> O
        .get_all(header::COOKIE)
        .iter()
        .filter_map(|h| h.to_str().ok())
-        .find(|h| h.starts_with(&cookie_name(public_key)))
+        .find(|h| h.starts_with(&public_key.to_string()))
        .and_then(|h| {
            h.split(';')
                .next()
--- a/pubky-homeserver/src/core/routes/auth.rs
+++ b/pubky-homeserver/src/core/routes/auth.rs
@@ -103,10 +103,7 @@ pub async fn signin(

    wtxn.commit()?;

-    let mut cookie = Cookie::new(
-        public_key.to_string().chars().take(8).collect::<String>(),
-        session_secret,
-    );
+    let mut cookie = Cookie::new(public_key.to_string(), session_secret);

    cookie.set_path("/");

--- a/pubky/src/native/cookies.rs
+++ b/pubky/src/native/cookies.rs
@@ -12,7 +12,7 @@ pub struct CookieJar {
 impl CookieJar {
    pub(crate) fn store_session_after_signup(&self, response: &Response, pubky: &PublicKey) {
        for (header_name, header_value) in response.headers() {
-            let cookie_name = &pubky.to_string().chars().take(8).collect::<String>();
+            let cookie_name = &pubky.to_string();

            if header_name == "set-cookie"
                && header_value.as_ref().starts_with(cookie_name.as_bytes())
@@ -70,7 +70,7 @@ impl CookieStore for CookieJar {
            let host = url.host_str().unwrap_or("");

            if let Ok(public_key) = PublicKey::try_from(host) {
-                let cookie_name = public_key.to_string().chars().take(8).collect::<String>();
+                let cookie_name = public_key.to_string();

                return self.pubky_sessions.read().unwrap().get(host).map(|secret| {
                    HeaderValue::try_from(format!("{cookie_name}={secret}")).unwrap()