From fa2a7d273878c8696bd45c701c52062c543da574 Mon Sep 17 00:00:00 2001
From: nazeh <ar.nazeh@gmail.com>
Date: Fri, 20 Dec 2024 13:00:53 +0300
Subject: [PATCH] feat(homeserver): use full public key as cookie name

---
 pubky-homeserver/src/core/layers/authz.rs | 8 ++------
 pubky-homeserver/src/core/routes/auth.rs  | 5 +----
 pubky/src/native/cookies.rs               | 4 ++--
 3 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/pubky-homeserver/src/core/layers/authz.rs b/pubky-homeserver/src/core/layers/authz.rs
index d8cc5dd..d357fba 100644
--- a/pubky-homeserver/src/core/layers/authz.rs
+++ b/pubky-homeserver/src/core/layers/authz.rs
@@ -146,13 +146,9 @@ fn authorize(
     Err(Error::with_status(StatusCode::FORBIDDEN))
 }
 
-fn cookie_name(public_key: &PublicKey) -> String {
-    public_key.to_string().chars().take(8).collect::<String>()
-}
-
 pub fn session_secret_from_cookies(cookies: Cookies, public_key: &PublicKey) -> Option<String> {
     cookies
-        .get(&cookie_name(public_key))
+        .get(&public_key.to_string())
         .map(|c| c.value().to_string())
 }
 
@@ -162,7 +158,7 @@ fn session_secret_from_headers(headers: &HeaderMap, public_key: &PublicKey) -> O
         .get_all(header::COOKIE)
         .iter()
         .filter_map(|h| h.to_str().ok())
-        .find(|h| h.starts_with(&cookie_name(public_key)))
+        .find(|h| h.starts_with(&public_key.to_string()))
         .and_then(|h| {
             h.split(';')
                 .next()
diff --git a/pubky-homeserver/src/core/routes/auth.rs b/pubky-homeserver/src/core/routes/auth.rs
index 8cffc88..3eecccf 100644
--- a/pubky-homeserver/src/core/routes/auth.rs
+++ b/pubky-homeserver/src/core/routes/auth.rs
@@ -103,10 +103,7 @@ pub async fn signin(
 
     wtxn.commit()?;
 
-    let mut cookie = Cookie::new(
-        public_key.to_string().chars().take(8).collect::<String>(),
-        session_secret,
-    );
+    let mut cookie = Cookie::new(public_key.to_string(), session_secret);
 
     cookie.set_path("/");
 
diff --git a/pubky/src/native/cookies.rs b/pubky/src/native/cookies.rs
index 03ca907..d57bb00 100644
--- a/pubky/src/native/cookies.rs
+++ b/pubky/src/native/cookies.rs
@@ -12,7 +12,7 @@ pub struct CookieJar {
 impl CookieJar {
     pub(crate) fn store_session_after_signup(&self, response: &Response, pubky: &PublicKey) {
         for (header_name, header_value) in response.headers() {
-            let cookie_name = &pubky.to_string().chars().take(8).collect::<String>();
+            let cookie_name = &pubky.to_string();
 
             if header_name == "set-cookie"
                 && header_value.as_ref().starts_with(cookie_name.as_bytes())
@@ -70,7 +70,7 @@ impl CookieStore for CookieJar {
             let host = url.host_str().unwrap_or("");
 
             if let Ok(public_key) = PublicKey::try_from(host) {
-                let cookie_name = public_key.to_string().chars().take(8).collect::<String>();
+                let cookie_name = public_key.to_string();
 
                 return self.pubky_sessions.read().unwrap().get(host).map(|secret| {
                     HeaderValue::try_from(format!("{cookie_name}={secret}")).unwrap()