From 09058914b0ec3987257b66e2d71985475f32e956 Mon Sep 17 00:00:00 2001
From: Jeremy Wall <jeremy@marzhillstudios.com>
Date: Mon, 2 Jan 2023 17:55:44 -0600
Subject: [PATCH] Add domain to the authentication cookie

---
 Cargo.lock              | 10 +++++-----
 kitchen/src/web/auth.rs |  4 +++-
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 1b59d29..d1126a2 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -165,7 +165,7 @@ dependencies = [
  "anyhow",
  "async-lock",
  "async-trait",
- "base64 0.13.1",
+ "base64 0.13.0",
  "bincode",
  "blake3",
  "chrono",
@@ -292,7 +292,7 @@ checksum = "f9770f9a9147b2324066609acb5495538cb25f973129663fba2658ba7ed69407"
 dependencies = [
  "async-trait",
  "axum-core",
- "base64 0.13.1",
+ "base64 0.13.0",
  "http",
 ]
 
@@ -1064,7 +1064,7 @@ version = "0.3.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4cff78e5788be1e0ab65b04d306b2ed5092c815ec97ec70f4ebd5aee158aa55d"
 dependencies = [
- "base64 0.13.1",
+ "base64 0.13.0",
  "bitflags",
  "bytes",
  "headers-core",
@@ -1831,7 +1831,7 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0864aeff53f8c05aa08d86e5ef839d3dfcf07aeba2db32f12db0ef716e87bd55"
 dependencies = [
- "base64 0.13.1",
+ "base64 0.13.0",
 ]
 
 [[package]]
@@ -2396,7 +2396,7 @@ version = "0.3.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3c530c8675c1dbf98facee631536fa116b5fb6382d7dd6dc1b118d970eafe3ba"
 dependencies = [
- "base64 0.13.1",
+ "base64 0.13.0",
  "bitflags",
  "bytes",
  "futures-core",
diff --git a/kitchen/src/web/auth.rs b/kitchen/src/web/auth.rs
index aa29f66..a0cd9cc 100644
--- a/kitchen/src/web/auth.rs
+++ b/kitchen/src/web/auth.rs
@@ -16,7 +16,7 @@ use std::sync::Arc;
 
 use async_session::{Session, SessionStore};
 use axum::{
-    extract::Extension,
+    extract::{Extension, Host},
     http::{header, HeaderMap, StatusCode},
 };
 use axum_auth::AuthBasic;
@@ -38,6 +38,7 @@ impl From<UserCreds> for api::AccountResponse {
 #[instrument(skip_all, fields(user=%auth.0.0))]
 pub async fn handler(
     auth: AuthBasic,
+    Host(domain): Host,
     Extension(session_store): Extension<Arc<storage::SqliteStore>>,
 ) -> (StatusCode, HeaderMap, axum::Json<api::AccountResponse>) {
     // NOTE(jwall): It is very important that you do **not** log the password
@@ -93,6 +94,7 @@ pub async fn handler(
         // 3. Construct the Session Cookie.
         let cookie = Cookie::build(storage::AXUM_SESSION_COOKIE_NAME, cookie_value)
             .same_site(SameSite::Strict)
+            .domain(domain)
             .secure(true)
             .path("/")
             .finish();