[pdm-devel] [PATCH proxmox v5 04/21] auth-api: extend `AuthContext` with prefixed cookie name
Shannon Sterz
s.sterz at proxmox.com
Tue Mar 4 15:42:30 CET 2025
this adds the function `prefixed_auth_cookie_name` to the
`AuthContext` trait. said function can be used by users of this crate
to modify the expected prefix of the auth cookie. most products
should be able to use the default of `__Host-` though, so this also
adds a default implementation.
Signed-off-by: Shannon Sterz <s.sterz at proxmox.com>
---
proxmox-auth-api/src/api/mod.rs | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/proxmox-auth-api/src/api/mod.rs b/proxmox-auth-api/src/api/mod.rs
index a6f9d425..b75c8602 100644
--- a/proxmox-auth-api/src/api/mod.rs
+++ b/proxmox-auth-api/src/api/mod.rs
@@ -1,7 +1,7 @@
use std::future::Future;
use std::net::IpAddr;
use std::pin::Pin;
-use std::sync::Mutex;
+use std::sync::{Mutex, OnceLock};
use anyhow::{format_err, Error};
use percent_encoding::percent_decode_str;
@@ -84,6 +84,16 @@ pub trait AuthContext: Send + Sync {
let _ = (userid, password, path, privs, port);
Ok(None)
}
+
+ /// The auth cookie with a prefix. Usually this will be `__Host-`. However, products that don't
+ /// want a prefix or need a different one such as `__Secure-` should override the default
+ /// implementation.
+ ///
+ /// See: <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#cookie_prefixes>
+ fn prefixed_auth_cookie_name(&self) -> &'static str {
+ static HOST_COOKIE: OnceLock<String> = OnceLock::new();
+ HOST_COOKIE.get_or_init(|| format!("__Host-{}", self.auth_cookie_name()))
+ }
}
/// When verifying TFA challenges we need to be able to update the TFA config without interference
--
2.39.5
More information about the pdm-devel
mailing list