Defer cors to host/middleware/user code

4 files changed, 25 insertions, 70 deletions

diff --git a/libs/VNLib.Plugins.Sessions.OAuth/src/Endpoints/AccessTokenEndpoint.cs b/libs/VNLib.Plugins.Sessions.OAuth/src/Endpoints/AccessTokenEndpoint.cs
index 9f0f35d..a867152 100644
--- a/libs/VNLib.Plugins.Sessions.OAuth/src/Endpoints/AccessTokenEndpoint.cs
+++ b/libs/VNLib.Plugins.Sessions.OAuth/src/Endpoints/AccessTokenEndpoint.cs
@@ -54,11 +54,11 @@ namespace VNLib.Plugins.Sessions.OAuth.Endpoints
         private readonly Task<ReadOnlyJsonWebKey?> JWTVerificationKey;
 
         //override protection settings to allow most connections to authenticate
+        ///<inheritdoc/>
         protected override ProtectionSettings EndpointProtectionSettings { get; } = new()
         {
             DisableBrowsersOnly = true,
-            DisableSessionsRequired = true,
-            DisableVerifySessionCors = true
+            DisableSessionsRequired = true
         };
 
         public AccessTokenEndpoint(PluginBase pbase, IConfigScope config)
@@ -120,8 +120,8 @@ namespace VNLib.Plugins.Sessions.OAuth.Endpoints
                     }
 
                     //Convert the clientid and secret to lowercase
-                    clientId = clientId.ToLower();
-                    secret = secret.ToLower();
+                    clientId = clientId.ToLower(null);
+                    secret = secret.ToLower(null);
 
                     //Convert secret to private string that is unreferrenced
                     using PrivateString secretPv = new(secret, false);
diff --git a/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionProvider.cs b/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionProvider.cs
index cc550de..d099e3c 100644
--- a/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionProvider.cs
+++ b/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionProvider.cs
@@ -48,7 +48,7 @@ namespace VNLib.Plugins.Sessions.OAuth
     /// Provides OAuth2 session management
     /// </summary>
     [ConfigurationName(O2SessionProviderEntry.OAUTH2_CONFIG_KEY)]
-    internal sealed class OAuth2SessionProvider : ISessionProvider, ITokenManager, IApplicationTokenFactory
+    internal sealed class OAuth2SessionProvider : ISessionProvider, ITokenManager, IApplicationTokenFactory, IIntervalScheduleable
     {        
         private static readonly SessionHandle Skip = new(null, FileProcessArgs.VirtualSkip, null);
 
@@ -68,6 +68,9 @@ namespace VNLib.Plugins.Sessions.OAuth
             _tokenFactory = plugin.GetOrCreateSingleton<OAuth2TokenFactory>();
             TokenStore = new(plugin.GetContextOptions());
             _tokenTypeString = $"client_credential,{_tokenFactory.TokenType}";
+
+            //Schedule interval
+            plugin.ScheduleInterval(this, TimeSpan.FromMinutes(2));
         }
 
         public void SetLog(ILogProvider log) => _sessions.SetLog(log);
@@ -196,9 +199,8 @@ namespace VNLib.Plugins.Sessions.OAuth
         /*
          * Interval for removing expired tokens
          */
-
-        [AsyncInterval(Minutes = 2)]
-        private async Task OnIntervalAsync(ILogProvider log, CancellationToken cancellationToken)
+       
+        public async Task OnIntervalAsync(ILogProvider log, CancellationToken cancellationToken)
         {
             //Calculate valid token time
             DateTime validAfter = DateTime.UtcNow.Subtract(_tokenFactory.SessionValidFor);
diff --git a/libs/VNLib.Plugins.Sessions.VNCache/src/IWebSessionIdFactory.cs b/libs/VNLib.Plugins.Sessions.VNCache/src/IWebSessionIdFactory.cs
deleted file mode 100644
index 117b839..0000000
--- a/libs/VNLib.Plugins.Sessions.VNCache/src/IWebSessionIdFactory.cs
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
-* Copyright (c) 2022 Vaughn Nugent
-* 
-* Library: VNLib
-* Package: VNLib.Plugins.Essentials.Sessions.VNCache
-* File: IWebSessionIdFactory.cs 
-*
-* IWebSessionIdFactory.cs is part of VNLib.Plugins.Essentials.Sessions.VNCache which is part of the larger 
-* VNLib collection of libraries and utilities.
-*
-* VNLib.Plugins.Essentials.Sessions.VNCache is free software: you can redistribute it and/or modify 
-* it under the terms of the GNU Affero General Public License as 
-* published by the Free Software Foundation, either version 3 of the
-* License, or (at your option) any later version.
-*
-* VNLib.Plugins.Essentials.Sessions.VNCache is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU Affero General Public License for more details.
-*
-* You should have received a copy of the GNU Affero General Public License
-* along with this program.  If not, see https://www.gnu.org/licenses/.
-*/
-
-using System;
-using System.Diagnostics.CodeAnalysis;
-
-using VNLib.Net.Http;
-
-namespace VNLib.Plugins.Sessions.VNCache
-{
-    /// <summary>
-    /// Id factory for <see cref="WebSessionProvider"/>
-    /// </summary>
-    internal interface IWebSessionIdFactory
-    {
-        /// <summary>
-        /// The maxium amount of time a session is valid for. Sessions will be invalidated
-        /// after this time
-        /// </summary>
-        TimeSpan ValidFor { get; }
-
-        /// <summary>
-        /// Gets a new session-id for the connection and manipulates the entity as necessary
-        /// </summary>
-        /// <param name="entity">The connection to generate the new session for</param>
-        /// <returns>The new session-id</returns>
-        string GenerateSessionId(IHttpEvent entity);
-
-        /// <summary>
-        /// Attempts to recover a session id from 
-        /// </summary>
-        /// <param name="entity">The entity to get the session-id for</param>
-        /// <param name="sessionId">The found ID for the session if accepted</param>
-        /// <returns>True if a session id was found or set for the session</returns>
-        bool TryGetSessionId(IHttpEvent entity, [NotNullWhen(true)] out string? sessionId);
-    }    
-}
diff --git a/libs/VNLib.Plugins.Sessions.VNCache/src/WebSessionIdFactory.cs b/libs/VNLib.Plugins.Sessions.VNCache/src/WebSessionIdFactory.cs
index 96e9938..03d8980 100644
--- a/libs/VNLib.Plugins.Sessions.VNCache/src/WebSessionIdFactory.cs
+++ b/libs/VNLib.Plugins.Sessions.VNCache/src/WebSessionIdFactory.cs
@@ -35,7 +35,7 @@ using VNLib.Plugins.Sessions.Cache.Client;
 namespace VNLib.Plugins.Sessions.VNCache
 {
     /// <summary>
-    /// <see cref="IWebSessionIdFactory"/> implementation, using 
+    /// <see cref="ISessionIdFactory"/> implementation, using 
     /// http cookies as session id storage
     /// </summary>
     [ConfigurationName(WebSessionProviderEntry.WEB_SESSION_CONFIG)]
@@ -77,13 +77,24 @@ namespace VNLib.Plugins.Sessions.VNCache
         public string RegenerateId(IHttpEvent entity)
         {
             //Random hex hash
-            string cookie = RandomHash.GetRandomBase32(_cookieSize);
+            string sessionId = RandomHash.GetRandomBase32(_cookieSize);
+
+            //Create new cookie
+            HttpCookie cookie = new(SessionCookieName, sessionId)
+            {
+                ValidFor = ValidFor,
+                Secure = true,
+                HttpOnly = true,
+                Domain = null,
+                Path = "/",
+                SameSite = CookieSameSite.Lax
+            };
 
             //Set the session id cookie
-            entity.Server.SetCookie(SessionCookieName, cookie, ValidFor, secure: true, httpOnly: true);
+            entity.Server.SetCookie(cookie);
 
             //return session-id value from cookie value
-            return cookie;
+            return sessionId;
         }
 
         public string? TryGetSessionId(IHttpEvent entity)