From 5903d52755b9eefd0e0f6e5e889949b3f0ba77d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=F0=9F=90=99PiperYxzzy?= <piper@yxzzy.wtf>
Date: Sun, 1 May 2022 13:37:01 +0200
Subject: [PATCH] Restrict the cookie to the /adm and /sec paths appropriately

---
 controllers/core/core.go | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/controllers/core/core.go b/controllers/core/core.go
index 6c8b18b..22f2133 100644
--- a/controllers/core/core.go
+++ b/controllers/core/core.go
@@ -24,8 +24,6 @@ type signup struct {
 }
 
 const JwtHeader = "jwt"
-const ServicePath = "TODOPATH"
-const ServiceDomain = "TODODOMAIN"
 
 func UserSignup() gin.HandlerFunc {
 	return func(c *gin.Context) {
@@ -55,7 +53,7 @@ func UserSignup() gin.HandlerFunc {
 			}
 		} else {
 			// Send verification
-			go util.SendEmail("Verify Email", "TODO: generate verification token", u.Email)
+			go util.SendEmail("Verify Email", "TODO: generateverification token", u.Email)
 		}
 
 		c.JSON(http.StatusOK, util.NextMsg{Next: "verification pending"})
@@ -85,7 +83,7 @@ func UserLogin() gin.HandlerFunc {
 		}
 
 		jwt, maxAge := u.GetJwt()
-		c.SetCookie(JwtHeader, jwt, maxAge, ServicePath, ServiceDomain, true, true)
+		c.SetCookie(JwtHeader, jwt, maxAge, "/v1/sec/", "", true, true)
 	}
 }
 
@@ -117,7 +115,7 @@ func AdminLogin() gin.HandlerFunc {
 		}
 
 		jwt, maxAge := a.GetJwt()
-		c.SetCookie(JwtHeader, jwt, maxAge, ServicePath, ServiceDomain, true, true)
+		c.SetCookie(JwtHeader, jwt, maxAge, "/v1/adm", "", true, true)
 	}
 }