From fbd26d47ce81e03887e404b7043c4492a6ad8d15 Mon Sep 17 00:00:00 2001
From: Marco98 <Marco98@users.noreply.github.com>
Date: Wed, 24 Jul 2024 12:04:08 +0200
Subject: [PATCH] refactor: improve cookie handling

---
 pkg/proxy/handler.go  |  5 ++---
 pkg/proxy/sessions.go | 10 +++++++++-
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/pkg/proxy/handler.go b/pkg/proxy/handler.go
index 945dd86..4e7e07b 100644
--- a/pkg/proxy/handler.go
+++ b/pkg/proxy/handler.go
@@ -91,7 +91,7 @@ func (p *Proxy) proxyRequest(cluster string, host *config.Host, w http.ResponseW
 	req.ContentLength = r.ContentLength
 	p.copyHeaders(r.Header, req.Header)
 	if p.config.PassthroughAuth {
-		if err := p.addAuthCookie(cluster, r, req.Header); err != nil {
+		if err := p.mangleCookies(cluster, r, req.Header); err != nil {
 			return err
 		}
 	}
@@ -120,7 +120,6 @@ func (p *Proxy) copyHeaders(src http.Header, dst http.Header) {
 			if k == "Content-Length" ||
 				k == "Transfer-Encoding" ||
 				k == "Accept-Encoding" ||
-				(p.config.PassthroughAuth && k == "Cookie") ||
 				k == "Sec-Websocket-Version" ||
 				k == "Connection" ||
 				k == "Upgrade" ||
@@ -168,7 +167,7 @@ func (p *Proxy) proxyWebsocket(cluster string, host *config.Host, w http.Respons
 	bhead := http.Header{}
 	p.copyHeaders(r.Header, bhead)
 	if p.config.PassthroughAuth {
-		if err := p.addAuthCookie(cluster, r, bhead); err != nil {
+		if err := p.mangleCookies(cluster, r, bhead); err != nil {
 			return err
 		}
 	}
diff --git a/pkg/proxy/sessions.go b/pkg/proxy/sessions.go
index 29cd75a..8e6c229 100644
--- a/pkg/proxy/sessions.go
+++ b/pkg/proxy/sessions.go
@@ -187,7 +187,15 @@ func (p *Proxy) registerSession(log logrus.FieldLogger, sid uuid.UUID, cluster s
 	return nil
 }
 
-func (p *Proxy) addAuthCookie(cluster string, r *http.Request, h http.Header) error {
+func (p *Proxy) mangleCookies(cluster string, r *http.Request, h http.Header) error {
+	h.Del("Cookie")
+	for _, c := range r.Cookies() {
+		if c.Name != "PVEAuthCookie" &&
+			c.Name != clusterCookieName &&
+			c.Name != sessionCookieName {
+			h.Add("Cookie", c.String())
+		}
+	}
 	rsid, err := r.Cookie(sessionCookieName)
 	if errors.Is(err, http.ErrNoCookie) {
 		return nil