Support for Cookie authentication (#390)
- Added support for cookie authentication (authorization header will have priority) - Removed local storage token management from UI - cookie hardening (sameSite, httpOnly, secure) - login endpoint sets cookie via header, logout endpoint expires cookie - Refactor Routes and ProtectedRoutes components, improvement on the way application check if user session is valid Future improvements - look for all places in backend that returns 401 unauthorized, and destroy session there (not a priority since cookie its invalid anyway) - Downloading objects in object browser can be simplified since is just a GET request and users will be authenticated via Cookies, no need to craft additional requests
This commit is contained in:
Lenin Alevski
GitHub
@@ -21,6 +21,7 @@ import (
|
||||
"fmt"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/minio/minio/pkg/certs"
|
||||
"github.com/minio/minio/pkg/env"
|
||||
@@ -41,6 +42,8 @@ var TLSPort = "9443"
|
||||
// TLSRedirect console tls redirect rule
|
||||
var TLSRedirect = "off"
|
||||
|
||||
var SessionDuration = 45 * time.Minute
|
||||
|
||||
func getAccessKey() string {
|
||||
return env.Get(ConsoleAccessKey, "minioadmin")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user