Make secure cookies working

nablaone · nablaone · commit 8e1639318a4f · 2024-10-22T11:54:08.000+02:00
diff --git a/quesma/quesma/ui/console_routes.go b/quesma/quesma/ui/console_routes.go
@@ -8,6 +8,7 @@ import (
 	"encoding/json"
 	"errors"
 	"github.com/gorilla/mux"
+	"github.com/gorilla/securecookie"
 	"github.com/gorilla/sessions"
 	"github.com/markbates/goth"
 	"github.com/markbates/goth/gothic"
@@ -29,6 +30,10 @@ var uiFs embed.FS
 
 const quesmaSessionName = "quesma-session"
 
+func init() {
+	gothic.Store = sessions.NewCookieStore(securecookie.GenerateRandomKey(32))
+}
+
 func authCallbackHandler(w http.ResponseWriter, r *http.Request) {
 	user, err := gothic.CompleteUserAuth(w, r)
 	if err != nil {
@@ -247,7 +252,9 @@ func (qmc *QuesmaManagementConsole) initPprof(router *mux.Router) {
 	router.HandleFunc("/debug/pprof/trace", pprof.Trace)
 }
 
-var store = sessions.NewCookieStore([]byte("test"))
+var authKey = securecookie.GenerateRandomKey(64)
+var encryptionKey = securecookie.GenerateRandomKey(32)
+var store = sessions.NewCookieStore(authKey, encryptionKey)
 
 func authMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
