add oidc cookie logs

Author: StekPerepolnen

ydb/mvp/oidc_proxy/oidc_protected_page_nebius.cpp

@@ -22,11 +22,22 @@ void THandlerSessionServiceCheckNebius::StartOidcProcess(const NActors::TActorCo
     NHttp::THeaders headers(Request->Headers);
     LOG_DEBUG_S(ctx, EService::MVP, "Start OIDC process");
 
-    NHttp::TCookies cookies(headers.Get("Cookie"));
+    TString sessionCookieName = CreateNameSessionCookie(Settings.ClientId);
+
+    TStringBuf cookieParser(headers["Cookie"]);
+    TString sessionCookieValue;
+    for (TStringBuf param = cookieParser.NextTok(';'); !param.empty(); param = cookieParser.NextTok(';')) {
+        param.SkipPrefix(" ");
+        TStringBuf name = param.NextTok('=');
+        if (name == sessionCookieName) {
+            sessionCookieValue = param;
+            LOG_DEBUG_S(ctx, EService::MVP, "Using session cookie (" << sessionCookieName << ": " << NKikimr::MaskTicket(sessionCookieValue) << ")");
+        }
+    }
 
     TString sessionToken;
     try {
-        Base64StrictDecode(cookies.Get(CreateNameSessionCookie(Settings.ClientId)), sessionToken);
+        Base64StrictDecode(sessionCookieValue, sessionToken);
     } catch (std::exception& e) {
         LOG_DEBUG_S(ctx, EService::MVP, "Base64Decode session cookie: " << e.what());
         sessionToken.clear();

ydb/mvp/oidc_proxy/oidc_proxy_ut.cpp

@@ -392,10 +392,12 @@ Y_UNIT_TEST_SUITE(Mvp) {
         std::unique_ptr<grpc::Server> sessionServer(builder.BuildAndStart());
 
         NHttp::THttpIncomingRequestPtr incomingRequest = new NHttp::THttpIncomingRequest();
+        TString sessionCookieName = CreateNameSessionCookie(settings.ClientId);
+        TString sessionCookieValue = Base64Encode("session_cookie");
         EatWholeString(incomingRequest, "GET /" + allowedProxyHost + "/counters HTTP/1.1\r\n"
                                 "Host: oidcproxy.net\r\n"
                                 "Cookie: yc_session=allowed_session_cookie;"
-                                + CreateSecureCookie(settings.ClientId, "session_cookie") + "\r\n\r\n");
+                                + CreateSecureCookie(sessionCookieName, sessionCookieValue) + "\r\n\r\n");
         runtime.Send(new IEventHandle(target, edge, new NHttp::TEvHttpProxy::TEvHttpIncomingRequest(incomingRequest)));
         TAutoPtr<IEventHandle> handle;
 

ydb/mvp/oidc_proxy/oidc_session_create_nebius.cpp

@@ -1,6 +1,7 @@
 #include <ydb/library/actors/http/http.h>
 #include "openid_connect.h"
 #include "oidc_session_create_nebius.h"
+#include <library/cpp/string_utils/base64/base64.h>
 
 namespace NMVP {
 namespace NOIDC {
@@ -33,8 +34,12 @@ void THandlerSessionCreateNebius::RequestSessionToken(const TString& code, const
 }
 
 void THandlerSessionCreateNebius::ProcessSessionToken(const TString& sessionToken, const NActors::TActorContext& ctx) {
+    TString sessionCookieName = CreateNameSessionCookie(Settings.ClientId);
+    TString sessionCookieValue = Base64Encode(sessionToken);
+    LOG_DEBUG_S(ctx, EService::MVP, "Set session cookie: (" << sessionCookieName << ": " << NKikimr::MaskTicket(sessionCookieValue) << ")");
+
     NHttp::THeadersBuilder responseHeaders;
-    responseHeaders.Set("Set-Cookie", CreateSecureCookie(Settings.ClientId, sessionToken));
+    responseHeaders.Set("Set-Cookie", CreateSecureCookie(sessionCookieName, sessionCookieValue));
     responseHeaders.Set("Location", Context.GetRequestedAddress());
     NHttp::THttpOutgoingResponsePtr httpResponse;
     httpResponse = Request->CreateResponse("302", "Cookie set", responseHeaders);

ydb/mvp/oidc_proxy/openid_connect.cpp

@@ -114,9 +114,9 @@ const TString& GetAuthCallbackUrl() {
     return callbackUrl;
 }
 
-TString CreateSecureCookie(const TString& key, const TString& value) {
+TString CreateSecureCookie(const TString& name, const TString& value) {
     TStringBuilder cookieBuilder;
-    cookieBuilder << CreateNameSessionCookie(key) << "=" << Base64Encode(value)
+    cookieBuilder << name << "=" << value
             << "; Path=/; Secure; HttpOnly; SameSite=None; Partitioned";
     return cookieBuilder;
 }