From 1b2a9d1af7a11ce5812b9ff21df5e1ad4fd9530a Mon Sep 17 00:00:00 2001
From: Philippe Loctaux <p@philippeloctaux.com>
Date: Sat, 18 Mar 2023 16:43:33 +0100
Subject: [PATCH] ezidam: store refresh token in cookie

---
 crates/ezidam/src/routes/oauth/redirect.rs | 15 +++++++++++++++
 crates/refresh_tokens/src/database.rs      |  3 ++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/crates/ezidam/src/routes/oauth/redirect.rs b/crates/ezidam/src/routes/oauth/redirect.rs
index 8684e7d..13822c4 100644
--- a/crates/ezidam/src/routes/oauth/redirect.rs
+++ b/crates/ezidam/src/routes/oauth/redirect.rs
@@ -5,6 +5,8 @@ use hash::SecretString;
 use jwt::database::Key;
 use jwt::{JwtClaims, PrivateKey};
 use refresh_tokens::RefreshToken;
+use rocket::http::{Cookie, CookieJar, SameSite};
+use rocket::time::Duration;
 use rocket::{get, UriDisplayQuery};
 use rocket_client_addr::ClientRealAddr;
 use settings::Settings;
@@ -21,6 +23,7 @@ pub async fn redirect_page(
     mut db: Connection<Database>,
     redirect_request: RedirectRequest<'_>,
     ip_address: &ClientRealAddr,
+    cookie_jar: &CookieJar<'_>,
 ) -> Result<Page> {
     let mut transaction = db.begin().await?;
 
@@ -72,15 +75,27 @@ pub async fn redirect_page(
     // Generate refresh token
     let refresh_token = task::spawn_blocking(|| SecretString::new(64)).await?;
 
+    // Refresh token duration in days
+    let refresh_token_duration = 21;
+
     // Insert refresh token in database
     RefreshToken::insert(
         &mut transaction,
         refresh_token.as_ref(),
         ip_address.get_ipv6_string().as_str(),
         user.id(),
+        refresh_token_duration,
     )
     .await?;
 
+    // Add refresh token as a cookie
+    let mut cookie = Cookie::new("refresh_token", refresh_token.as_ref().to_string());
+    cookie.set_secure(true);
+    cookie.set_http_only(true);
+    cookie.set_same_site(SameSite::Strict);
+    cookie.set_max_age(Duration::days(refresh_token_duration));
+    cookie_jar.add(cookie);
+
     // Get latest key from database
     let key = Key::get_most_recent(&mut transaction)
         .await?
diff --git a/crates/refresh_tokens/src/database.rs b/crates/refresh_tokens/src/database.rs
index d2ca171..1dd5dae 100644
--- a/crates/refresh_tokens/src/database.rs
+++ b/crates/refresh_tokens/src/database.rs
@@ -28,8 +28,9 @@ impl RefreshToken {
         token: &str,
         ip_address: &str,
         user: &UserID,
+        duration_days: i64,
     ) -> Result<Option<()>, Error> {
-        let expires_at = Utc::now() + Duration::days(21);
+        let expires_at = Utc::now() + Duration::days(duration_days);
 
         Ok(DatabaseRefreshTokens::insert(
             conn,