Initial Commit

40b648bb · Hendrik Heneke · 40b648bb · 40b648bb · 40b648bb · 40b648bb
Commit 40b648bb authored Jul 09, 2020 by Hendrik Heneke
11 changed files
--- a/.gitignore
+++ b/.gitignore
+.idea
+node_modules
--- a/cert.key
+++ b/cert.key
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+9zypqkFogkkv
+PCPBhB6bCekXGWxW+8AUQO1nW04NtNLJrrMWeoTmLWXdMGkk9VzWZ9XWedRvu8eh
+UpHudfaXcS7OtISsD+2n8pQzdWisHTZX9EaiOXb1LSATkfbww6zK6GgZcb09BJP0
+Ka+EX2fnAcNjZbV3fMusAes3aqnFJhE4DvTXDW0Cok3lf8L8ndi+b9UZx5ji9UUZ
+y+3XWe6dlhBVfY0NDfw8gGjqsNMc6zMsKyLtxHNb2JHEoooiCr3VEYQTZB8j1qO0
+F0AjBspyBYaCjJE9gePGkCA0OrrSYJ0fyzyq0mTbfIKho5rzCFuje1O0rpBBDAnx
+uh9VjPYRAgMBAAECggEAUtUVGBcElhtlOTrh24++YsuSsnVRnA1JDL/4+gsNuT5E
+7Dx96/Mq8FiixaW5BdHz+gBCLezca7bM6bnSGNhMJPZwMjL1FVk3YdED3apAw99L
+8iy/8p/wbHqtXi/DKD4IFl9mwBqo1e3Fa3QlcMqdXANUyCmW5ARap/qRF5GJoDyZ
+OtFrqeN7mbedfUfHdUg4X5MJRaMc+4qDaHWQ6spduczrW4V3smpCN4trmsoI3iWY
+2vjcIxOBuiTFG8pgc2R8US1srGc4H+6BZwStN8h5G2rgcI0YSPnL1sbKqI+rz2oq
+jSeFyPnPbPG1NdV8pQG4lJvPC8Hqft0SWEfRIUFwQKBgQDyiuG5fD1XeZ6WAUqD
+cAmZtrTvdV3VLop4UqMl1csaJknZdZgzH6z2WRUVXuDfM141k5oceJC4S/K6lK1u
+zyIuW6vH5ErTZmwHDT8IOy6uIbHqPkoDYEgDDzZQfByhEzGhvwLxQwQM4xWGAlTA
+M2iDA3tnWPza2zPfhYrFDGp7WQKBgQDJj7/yDAf8asEH001eDN/p6W6KZGhMzIeO
+FO5lI+cGf8sJp2WWhHlb9wS+O5E9zQ2W5p60IUF74euOizJw8QKNkW0szLJJMvEd
+iwac2nlIjxPFhF/eXShmVcLkl0DitEvJfjvuiu/HF9A6w4t0XZKPEuFaf8kyRK9b
+PSjzQ3ReQKBgQCo+DpDN5ugilkCFgosQWxeyxuIS1LAhrjvFFsWq7fgEtaWCcer
+riCYSv1WMxAkTywN1TOjLBdeXYLPm26r6N/ePf0RuCis2AjgbMkB2gEuTMke8KAt
+c/EXOIzVS3HCgZWtIl5RaCe1Nqqy/oK+l9HynAVnvWYCrn2X9ff0SS8RmQKBgBt4
+gAyZHy2DzzMl1VGQJ6RVsD8kWCK/bWor6CHYts/n8uAp9GqDO5cRH5BdxfnKTKPY
+YqDiN26O5+/RgNprvpFU1LBaZaIcU0hXfls6W3VMKsGsvPQtdigcYCePhcRgFkQr
+9DcasHtN/49Cv2ropeTiCdyvtdgoDE5Yq973P37hAoGBAPBwyxVbfmbbNAZho9zZ
+5jDvHLC/N5+W/YVwWb8RA6Rdw4Uqz2Y8KoaZtaOBOtqkgusbrgEUl4CT0AaxQV5i
+jlpeTjKMa2Y+0Enz2P0jveEuic0kGS/A5Qe41qu+Scc4FZ07eX9u8FCgjhp7/geZ
+sLcwfG/CMfEtsQN+Ywu9EceI
+-----END PRIVATE KEY-----
--- a/cert.pem
+++ b/cert.pem
+-----BEGIN CERTIFICATE-----
+MIID4TCCAsmgAwIBAgIJAN53KBSNeZ9dMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV
+BAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjENMAsGA1UE
+CgwEVGVzdDERMA8GA1UECwwIU2FtZVNpdGUxFzAVBgNVBAMMDnNpdGUuZG9tYWlu
+LmRlMB4XDTIwMDcwOTA3NTY1MVoXDTIyMDcwOTA3NTY1MVowajELMAkGA1UEBhMC
+REUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMQ0wCwYDVQQKDARU
+ZXN0MREwDwYDVQQLDAhTYW1lU2l0ZTEXMBUGA1UEAwwOc2l0ZS5kb21haW4uZGUw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+9zypqkFogkkvPCPBhB6b
+CekXGWxW+8AUQO1nW04NtNLJrrMWeoTmLWXdMGkk9VzWZ9XWedRvu8ehUpHudfaX
+cS7OtISsD+2n8pQzdWisHTZX9EaiOXb1LSATkfbww6zK6GgZcb09BJP0Ka+EX2fn
+AcNjZbV3fMusAes3aqnFJhE4DvTXDW0Cok3lf8L8ndi+b9UZx5ji9UUZy+3XWe6d
+lhBVfY0NDfw8gGjqsNMc6zMsKyLtxHNb2JHEoooiCr3VEYQTZB8j1qO0F0AjBspy
+BYaCjJE9gePGkCA0OrrSYJ0fyzyq0mTbfIKho5rzCFuje1O0rpBBDAnxuh9VjPYR
+AgMBAAGjgYkwgYYwCwYDVR0PBAQDAgQwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMGIG
+A1UdEQRbMFmCDnNpdGUuZG9tYWluLmRlghNhdXRoLnNpdGUuZG9tYWluLmRlghhh
+LXRlc3QuYXp1cmV3ZWJzaXRlcy5uZXSCGGItdGVzdC5henVyZXdlYnNpdGVzLm5l
+dDANBgkqhkiG9w0BAQsFAAOCAQEAWCGMcpTnrgwhkgA21UjrLnxDIRyfgcYRebU4
+gqxLl8z6CcKo5xOiUv9M95VDgSB4qsCVQVxe/Z0OB2qArEiQXpnpHdeZxX7YLHc+
+OUEP1OTWiwO7EsTof8kwM8Ri1xHbjyf+IqBVfMpBUAu+AkFE1f7YgngeaKtbnEED
+VLrbsxVSmfdcFiQrClRSRFpZJdRcKKEsQgM+1/0PNEbVxOBfQDGrBWu9RuLK6sz0
+6JV0b88HNU1i+jFYVVxC4imF9I3Zprfhy6Lj4Htsgr9IgiHWvYABTpyUz9jnOhAq
+UjahaUYRkmLQmX9kVtPf5KG8Qq1HzblA8KAYlYKUwVR2Eqwb9A==
+-----END CERTIFICATE-----
--- a/index.js
+++ b/index.js
+const express = require('express');
+const app = express();
+const cors = require('cors');
+const cookieParser = require('cookie-parser');
+const https = require('https');
+const fs = require('fs');
+const {argv} = require('yargs');
+
+const sameSite = {
+	ui: 'https://site.domain.de',
+	auth: 'https://auth.site.domain.de'
+};
+
+const crossSite = {
+	ui: 'https://test-a.azurewebsites.net',
+	auth: 'https://test-b.azurewebsites.net'
+};
+
+const isCrossSite = argv['cross-site'];
+const site = isCrossSite ? crossSite : sameSite;
+
+const corsMiddleware = cors({
+	origin: site.ui,
+	credentials: true,
+});
+
+app.set('views', './views');
+app.set('view engine', 'pug');
+app.use(express.static('public'))
+app.use(corsMiddleware);
+app.use(cookieParser());
+
+app.options('*', corsMiddleware)
+
+const viewModel = {
+	site,
+	cross: isCrossSite
+};
+
+app.get(
+	'/',
+	(req, res) => {
+		res.render('index', viewModel);
+	}
+);
+
+app.get(
+	'/check-cookies',
+	(req, res) => {
+		res.render('check-cookies', viewModel);
+	}
+);
+
+app.get(
+	'/set-cookies',
+	(req, res) => {
+		res.cookie('test-lax', 'lax-value', {sameSite: 'lax', secure: true});
+		res.cookie('test-strict', 'strict-value', {sameSite: 'strict', secure: true});
+		res.cookie('test-empty', 'empty-value', {secure: true});
+		res.cookie('test-none', 'none-value', {sameSite: 'none', secure: true});
+
+		res.header('Location', site.ui);
+		res.sendStatus(302);
+	}
+);
+
+app.get(
+	'/same-site-cookies',
+	(req, res) => {
+		const val = ['test-lax', 'test-strict', 'test-empty', 'test-none'].reduce((prev, cur) => {
+			prev[cur] = !!req.cookies[cur];
+			return prev;
+		}, {});
+		res.json(val);
+	}
+);
+
+const sslOptions = {
+	key: fs.readFileSync('cert.key'),
+	cert: fs.readFileSync('cert.pem')
+};
+
+const banner = `
+SameSite Testing Application
+============================
+
+Add 
+
+ - site.domain.de
+ - auth.site.domain.de
+ - a-test.azurewebsites.net
+ - b-test.azurewebsites.net
+
+to your local hosts file, pointing to localhost.
+
+=> ======================================================
+=> Do not forget to remove these entries after testing !=
+=> ======================================================
+
+Application is currently listening at
+
+	${site.ui}
+	
+in
+
+	${isCrossSite ? 'cross-site' : 'same-site'} mode.
+`;
+
+https.createServer(sslOptions, app).listen(
+	443,
+	() => {
+		console.log(banner)
+	}
+);
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
+{
+  "name": "same-site",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "same-site": "node index.js",
+    "cross-site": "node index.js --cross-site",
+    "create-cert": "openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout cert.key -out cert.pem -config req.conf -extensions 'v3_req'"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "cookie-parser": "^1.4.5",
+    "cors": "^2.8.5",
+    "express": "^4.17.1",
+    "https": "^1.0.0",
+    "pug": "^3.0.0",
+    "yargs": "^15.4.0"
+  }
+}
--- a/public/check-cookies.js
+++ b/public/check-cookies.js
+function checkCookies(host) {
+	fetch(host + '/same-site-cookies',
+		{
+			mode: 'cors',
+			credentials: 'include'
+		})
+		.then(response => {
+			if (response.ok) {
+				return response.json();
+			} else {
+				alert('Error in response');
+				return;
+			}
+		})
+		.then(data => {
+			if (typeof data === 'object') {
+				const received = Object.keys(data).filter(key => data[key]);
+				alert('Cookies received:\r\n\r\n' + received.join('\r\n'));
+			} else {
+				alert('No cookies received');
+			}
+		});
+}
--- a/req.conf
+++ b/req.conf
+[req]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+C = DE
+ST = Berlin
+L = Berlin
+O = Test
+OU = SameSite
+CN = site.domain.de
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = site.domain.de
+DNS.2 = auth.site.domain.de
+DNS.3 = a-test.azurewebsites.net
+DNS.4 = b-test.azurewebsites.net
--- a/views/_menu.pug
+++ b/views/_menu.pug
+p
+    a(href=site.ui)='UI Site Index • '
+    a(href=site.auth)='Auth Site Index • '
+    a(href=site.auth + '/set-cookies')='Set Cookies • '
+    a(href=site.ui + '/check-cookies') Check Cookies
--- a/views/check-cookies.pug
+++ b/views/check-cookies.pug
+html
+  head
+    title='SameSite Test'
+    script(src='check-cookies.js')
+  body
+    include _menu.pug
+    p Four cookies have been set by #{site.auth}:
+    ul
+        li test-lax, samesite=lax
+        li test-empty
+        li test-strict, samesite=strict
+        li test-none, samesite=none
+    if cross
+        p
+            strong Cross-Site Mode
+
+        p Expected Cookies:
+        ul
+            li test-none
+            li test-empty (maybe, only some browsers)
+    else
+        p
+            strong Same-Site Mode
+
+        p Expected Cookies: all
+    p
+        button(onClick=`javascript:checkCookies('${site.auth}')`) Check Cookies
--- a/views/index.pug
+++ b/views/index.pug
+html
+  head
+    title='SameSite Test'
+  body
+    include _menu.pug
+
+    p Steps
+    nl
+        li visit UI site index (you are here!)
+        li visit AUTH site index (to accept certificate)
+        li visit Set Cookies
+        li visit Check Cookies
+