Don’t use a cookie for unique Session ID

This commit is contained in:
Tobie Morgan Hitchcock 2018-05-14 02:37:49 +01:00
parent 6f02651c4f
commit 295285707e
6 changed files with 22 additions and 69 deletions

View file

@ -24,7 +24,7 @@ func session(c *fibre.Context) (out map[string]interface{}) {
out[varKeyIp] = c.IP().String() out[varKeyIp] = c.IP().String()
out[varKeyId] = c.Get(varKeyCook) out[varKeyId] = c.Get(varKeyUniq)
out[varKeyOrigin] = c.Origin() out[varKeyOrigin] = c.Origin()

View file

@ -61,7 +61,7 @@ const (
varKeyIp = "ip" varKeyIp = "ip"
varKeyEnv = "ENV" varKeyEnv = "ENV"
varKeyAuth = "auth" varKeyAuth = "auth"
varKeyCook = "cook" varKeyUniq = "uniq"
varKeyThis = "this" varKeyThis = "this"
varKeyScope = "scope" varKeyScope = "scope"
varKeyValue = "value" varKeyValue = "value"

View file

@ -86,6 +86,14 @@ func auth() fibre.MiddlewareFunc {
auth.Selected.DB = subs[1] auth.Selected.DB = subs[1]
} }
// If there is a Session ID specified in
// the request headers, then mark it as
// the connection Session ID.
if id := c.Request().Header().Get(varKeyId); len(id) != 0 {
c.Set(varKeyUniq, id)
}
// If there is a namespace specified in // If there is a namespace specified in
// the request headers, then mark it as // the request headers, then mark it as
// the selected namespace. // the selected namespace.
@ -136,6 +144,16 @@ func auth() fibre.MiddlewareFunc {
if len(head) == 0 { if len(head) == 0 {
// If there is a Session ID specified as
// one of the socket protocols then use
// this as the connection Session ID.
for _, prot := range websocket.Subprotocols(c.Request().Request) {
if len(prot) > 3 && prot[0:3] == "id-" {
c.Set(varKeyUniq, prot[3:])
}
}
// If there is a NS configuration option // If there is a NS configuration option
// defined as one of the socket protocols // defined as one of the socket protocols
// then use this as the selected NS. // then use this as the selected NS.

View file

@ -1,60 +0,0 @@
// Copyright © 2016 Abcum Ltd
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package web
import (
"time"
"net/http"
"github.com/abcum/fibre"
"github.com/abcum/surreal/cnf"
"github.com/abcum/surreal/util/rand"
)
const cookie = "surreal"
func uniq(val *http.Cookie) string {
if val != nil && len(val.Value) == 64 {
return val.Value
}
return rand.String(64)
}
func sess() fibre.MiddlewareFunc {
return func(h fibre.HandlerFunc) fibre.HandlerFunc {
return func(c *fibre.Context) (err error) {
val, _ := c.Request().Cookie(cookie)
crt := len(cnf.Settings.Cert.Crt) != 0
key := len(cnf.Settings.Cert.Key) != 0
val = &http.Cookie{
Name: cookie,
Value: uniq(val),
Secure: (crt && key),
HttpOnly: true,
Expires: time.Now().Add(365 * 24 * time.Hour),
}
c.Response().Header().Set("Set-Cookie", val.String())
c.Set(varKeyCook, val.Value)
return h(c)
}
}
}

View file

@ -25,5 +25,5 @@ const (
varKeyAuth = "auth" varKeyAuth = "auth"
varKeyUser = "user" varKeyUser = "user"
varKeyPass = "pass" varKeyPass = "pass"
varKeyCook = "cook" varKeyUniq = "uniq"
) )

View file

@ -66,7 +66,6 @@ func Setup(opts *cnf.Options) (err error) {
"ID", "ID",
}, },
AccessControlMaxAge: 1800, AccessControlMaxAge: 1800,
AccessControlAllowCredentials: true,
})) }))
// Check body size // Check body size
@ -75,10 +74,6 @@ func Setup(opts *cnf.Options) (err error) {
AllowedLength: 1 << 20, // 1mb AllowedLength: 1 << 20, // 1mb
})) }))
// Setup session cookie
s.Use(sess())
// Setup authentication // Setup authentication
s.Use(auth()) s.Use(auth())