Fix cookies

Signed-off-by: Tobias de Bruijn <[email protected]>

frontend/src/main.ts

@@ -2,7 +2,7 @@ import { createApp } from 'vue'
 import { registerPlugins } from '@/plugins'
 import App from './App.vue'
 
-export const server = "http://flutter.localhost:8080";
+export const server = "http://fallacious-rooster.local:8080";
 
 // Vuetify missing type
 export type InputValidationRule = (v: string) => string | boolean;

frontend/src/scripts/core/fetch1.ts

@@ -4,9 +4,22 @@ import {ApiError} from "@/scripts/core/error";
 export async function fetch1(input: RequestInfo | URL, init?: RequestInit): Promise<Result<Response, ApiError>> {
   if (init) {
     init.credentials = "include";
+    if (init.headers) {
+      init.headers = {
+        ...init.headers,
+        'Access-Control-Allow-Credentials': "true",
+      }
+    } else {
+      init.headers = {
+        'Access-Control-Allow-Credentials': "true",
+      };
+    }
   } else {
     init = {
-      credentials: "include"
+      credentials: "include",
+      headers: {
+        'Access-Control-Allow-Credentials': "true",
+      },
     };
   }
 

server/.gitignore

@@ -1,2 +1,4 @@
 target/
 .idea/
+
+config.json

server/Cargo.toml

@@ -22,4 +22,4 @@ tracing-actix-web = "0.7.11"
 tracing-error = "0.2.0"
 tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
 clap = { version = "4.5.14", features = ["derive"] }
-actix-route-config = "0.1.1"
+actix-route-config = "0.1.1"

server/sample_config.json

@@ -1,22 +1,22 @@
 {
   "server": {
     "port": 8080,
-    "domain": "fallacious-rooster.localhost:8080"
+    "domain": "fallacious-rooster.local:8080"
   },
   "koala": {
     "koala_host": "http://koala.rails.local:3000",
     "client_id": "",
     "client_secret": "",
-    "redirect_uri": "http://fallacious-rooster.localhost:8080/api/oauth/callback"
+    "redirect_uri": "http://fallacious-rooster.local:8080/api/oauth/callback"
   },
   "email": {
     "from_email": "[email protected]",
     "from_name": "Studievereniging Sticky Anoniem Meldpunt",
     "smtp_relay": "smtp-relay.gmail.com"
   },
   "frontend": {
-    "home_page_url": "http://fallacious-rooster.localhost:3001/",
-    "domain": "fallacious-rooster.localhost:3001"
+    "home_page_url": "http://fallacious-rooster.local:3001/",
+    "domain": "fallacious-rooster.local:3001"
   },
   "local_storage": "./storage.json"
 }

server/src/email/template.rs

@@ -1,9 +1,9 @@
 use handlebars::{Handlebars, RenderError};
 use serde::Serialize;
 
-pub const TEMPLATE_REPORT_BOARD: &str = include_str!("./templates/report_board.handlebars");
+pub const TEMPLATE_REPORT_BOARD: &str = include_str!("templates/report_board.hbs");
 pub const TEMPLATE_CONFIDENTIAL_ADVISORS: &str =
-    include_str!("./templates/report_confidential_advisors.handlebars");
+    include_str!("templates/report_confidential_advisors.hbs");
 
 #[derive(Serialize)]
 pub struct ReportTemplate {

server/src/email/templates/report_board.hbs

@@ -0,0 +1,51 @@
+<html lang="en">
+<head>
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Oxygen&display=swap" rel="stylesheet">
+    <title>Sticky Anonymous Report</title>
+</head>
+<style>
+    .container {
+        display: flex;
+        flex-direction: row;
+        justify-content: center;
+    }
+
+    p {
+        font-family: 'Oxygen', sans-serif;
+    }
+
+    .banner {
+        background-color: #197052;
+        color: white;
+        padding: 8px
+    }
+</style>
+<body>
+    <div class="container">
+        <div class="content">
+            <h1 class="banner">New anonymous report</h1>
+
+            <p>
+                Hi,<br/>
+                <br/>
+                A new report has been submitted and sent to the board of Sticky.
+                <h3>Message</h3>
+                {{ message }}
+
+                <h3>Contact</h3>
+                {{#if contact_address }}
+                    The user has given the following email address if you want to contact them: {{ contact_address }}.
+                {{else}}
+                    The user has not given a contact address.
+                {{/if}}
+                <br/>
+                <br/>
+                Thanks,<br/>
+                Sticky
+            </p>
+        </div>
+    </div>
+</body>
+</html>

server/src/email/templates/report_confidential_advisors.hbs

@@ -0,0 +1,51 @@
+<html lang="en">
+<head>
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Oxygen&display=swap" rel="stylesheet">
+    <title>Sticky Anonymous Report</title>
+</head>
+<style>
+    .container {
+        display: flex;
+        flex-direction: row;
+        justify-content: center;
+    }
+
+    p {
+        font-family: 'Oxygen', sans-serif;
+    }
+
+    .banner {
+        background-color: #197052;
+        color: white;
+        padding: 8px
+    }
+</style>
+<body>
+<div class="container">
+    <div class="content">
+        <h1 class="banner">New anonymous report</h1>
+
+        <p>
+            Hi,<br/>
+            <br/>
+            A new report has been submitted and sent to the confidential advisor.
+        <h3>Message</h3>
+        {{ message }}
+
+        <h3>Contact</h3>
+        {{#if contact_address }}
+            The user has given the following email address if you want to contact them: {{ contact_address }}.
+        {{else}}
+            The user has not given a contact address.
+        {{/if}}
+        <br/>
+        <br/>
+        Thanks,<br/>
+        Sticky
+        </p>
+    </div>
+</div>
+</body>
+</html>

server/src/file/config.rs

@@ -21,6 +21,7 @@ pub struct FrontendConfig {
 pub struct ServerConfig {
     #[serde(default = "default_port")]
     pub port: u16,
+    pub domain: String,
 }
 
 #[derive(Debug, Default, Clone, Deserialize, Serialize)]
@@ -48,6 +49,7 @@ impl Default for ServerConfig {
     fn default() -> Self {
         Self {
             port: default_port(),
+            domain: String::default(),
         }
     }
 }

server/src/server/mod.rs

@@ -18,6 +18,7 @@ pub async fn run_server(
     let port = config.server.port;
 
     let storage = WStorage::new(MutAppStorage(RwLock::new(storage)));
+    let host = config.server.domain.clone();
     HttpServer::new(move || {
         App::new()
             .wrap(Cors::permissive())
@@ -28,6 +29,7 @@ pub async fn run_server(
             .configure(routes::Router::configure)
     })
     .bind(format!("0.0.0.0:{port}"))?
+    .server_hostname(&host)
     .run()
     .await?;
 

server/src/server/types/redirect.rs

@@ -28,7 +28,7 @@ impl Responder for Redirect {
     type Body = BoxBody;
 
     fn respond_to(self, _: &HttpRequest) -> HttpResponse<Self::Body> {
-        let mut builder = HttpResponse::TemporaryRedirect();
+        let mut builder = HttpResponse::Found();
         builder.append_header((
             HeaderName::from_static("location"),
             HeaderValue::from_str(&self.to).unwrap(),

server/src/server/types/set_cookie.rs

@@ -1,4 +1,4 @@
-use actix_web::cookie::Cookie;
+use actix_web::cookie::{Cookie, Expiration, SameSite};
 use actix_web::{HttpRequest, HttpResponse, Responder};
 
 pub struct SetCookie<T: Responder> {
@@ -24,8 +24,17 @@ impl<T: Responder> Responder for SetCookie<T> {
         let mut response = self.inner.respond_to(req);
         let mut cookie = Cookie::new(self.cookie_name, self.cookie_value);
         cookie.set_path("/");
-        response.add_cookie(&cookie).unwrap();
+        cookie.set_http_only(true);
+        cookie.set_expires(Expiration::Session);
+
+        if cfg!(debug_assertions) {
+            cookie.set_same_site(Some(SameSite::Lax));
+        } else {
+            cookie.set_same_site(Some(SameSite::None));
+            cookie.set_secure(false);
+        }
 
+        response.add_cookie(&cookie).unwrap();
         response
     }
 }