From 632aa5e441a1b2a95e6f6c90f698ba8d69dfcea5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=99=BE=E9=87=8C=28barry=29?= <kooksee@163.com>
Date: Fri, 12 Jul 2024 18:48:29 +0800
Subject: [PATCH] fix: barry 2024-07-12 18:48:29

---
 server/service.go | 39 +++++++++++++++++++++++++++++++++------
 1 file changed, 33 insertions(+), 6 deletions(-)

diff --git a/server/service.go b/server/service.go
index a891e44d..35f75451 100644
--- a/server/service.go
+++ b/server/service.go
@@ -700,6 +700,31 @@ func (m authMiddleware) ServeHTTP(writer http.ResponseWriter, request *http.Requ
 		return
 	}
 
+	name := request.URL.Query().Get("name")
+	domain := strings.SplitN(request.Host, ".", 2)[0]
+	if name == fmt.Sprintf("%s.%s", forwardCookieName, domain) {
+		var expiredAt = time.Now().Add(time.Hour)
+		var expiredAtValue = request.URL.Query().Get("expiredAt")
+		if ee, err := strconv.ParseInt(expiredAtValue, 10, 64); err == nil {
+			expiredAt = time.Unix(ee, 0)
+		} else {
+			err = fmt.Errorf("failed to parse expiredAt field, expiredAt=%s", expiredAtValue)
+			writer.WriteHeader(http.StatusBadRequest)
+			writer.Write([]byte(err.Error()))
+			return
+		}
+
+		http.SetCookie(writer, &http.Cookie{
+			Name:    name,
+			Value:   request.URL.Query().Get("value"),
+			Path:    "/",
+			Domain:  request.Host,
+			Expires: expiredAt,
+		})
+		http.Redirect(writer, request, "/", http.StatusTemporaryRedirect)
+		return
+	}
+
 	setCookie := strings.TrimSpace(request.Header.Get(setCookieHeader))
 	if setCookie != "" {
 		var cc Cookie
@@ -722,18 +747,20 @@ func (m authMiddleware) ServeHTTP(writer http.ResponseWriter, request *http.Requ
 		}
 
 		http.SetCookie(writer, &http.Cookie{
-			Name:    cc.Name,
-			Value:   cc.Value,
-			Path:    "/",
-			Domain:  request.Host,
-			Expires: expiredAt,
+			Name:     cc.Name,
+			Value:    cc.Value,
+			Path:     "/",
+			Domain:   request.Host,
+			Expires:  expiredAt,
+			Secure:   true,
+			SameSite: http.SameSiteNoneMode,
+			HttpOnly: true,
 		})
 		writer.WriteHeader(http.StatusOK)
 		writer.Write([]byte("ok"))
 		return
 	}
 
-	var domain = strings.SplitN(request.Host, ".", 2)[0]
 	var cookieName = fmt.Sprintf("%s.%s", forwardCookieName, domain)
 	cookie, err := request.Cookie(cookieName)
 	if err != nil {