ef0f45527a
If the user is hosting the dashboard in the same domain as their blog (with a nginx suburi, for example), the two session cookies clash; logging into one service logs you out of the other. With this patch, both have separate names. Fixes https://gitlab.com/commento/commento-ce/issues/49
38 lines
861 B
Go
38 lines
861 B
Go
package main
|
|
|
|
import (
|
|
"net/http"
|
|
"time"
|
|
)
|
|
|
|
func commenterTokenNew() (string, error) {
|
|
commenterToken, err := randomHex(32)
|
|
if err != nil {
|
|
logger.Errorf("cannot create commenterToken: %v", err)
|
|
return "", errorInternal
|
|
}
|
|
|
|
statement := `
|
|
INSERT INTO
|
|
commenterSessions (commenterToken, creationDate)
|
|
VALUES ($1, $2 );
|
|
`
|
|
_, err = db.Exec(statement, commenterToken, time.Now().UTC())
|
|
if err != nil {
|
|
logger.Errorf("cannot insert new commenterToken: %v", err)
|
|
return "", errorInternal
|
|
}
|
|
|
|
return commenterToken, nil
|
|
}
|
|
|
|
func commenterTokenNewHandler(w http.ResponseWriter, r *http.Request) {
|
|
commenterToken, err := commenterTokenNew()
|
|
if err != nil {
|
|
writeBody(w, response{"success": false, "message": err.Error()})
|
|
return
|
|
}
|
|
|
|
writeBody(w, response{"success": true, "commenterToken": commenterToken})
|
|
}
|