Don’t use a cookie for unique Session ID
This commit is contained in:
parent
6f02651c4f
commit
295285707e
6 changed files with 22 additions and 69 deletions
|
@ -24,7 +24,7 @@ func session(c *fibre.Context) (out map[string]interface{}) {
|
||||||
|
|
||||||
out[varKeyIp] = c.IP().String()
|
out[varKeyIp] = c.IP().String()
|
||||||
|
|
||||||
out[varKeyId] = c.Get(varKeyCook)
|
out[varKeyId] = c.Get(varKeyUniq)
|
||||||
|
|
||||||
out[varKeyOrigin] = c.Origin()
|
out[varKeyOrigin] = c.Origin()
|
||||||
|
|
||||||
|
|
|
@ -61,7 +61,7 @@ const (
|
||||||
varKeyIp = "ip"
|
varKeyIp = "ip"
|
||||||
varKeyEnv = "ENV"
|
varKeyEnv = "ENV"
|
||||||
varKeyAuth = "auth"
|
varKeyAuth = "auth"
|
||||||
varKeyCook = "cook"
|
varKeyUniq = "uniq"
|
||||||
varKeyThis = "this"
|
varKeyThis = "this"
|
||||||
varKeyScope = "scope"
|
varKeyScope = "scope"
|
||||||
varKeyValue = "value"
|
varKeyValue = "value"
|
||||||
|
|
18
web/auth.go
18
web/auth.go
|
@ -86,6 +86,14 @@ func auth() fibre.MiddlewareFunc {
|
||||||
auth.Selected.DB = subs[1]
|
auth.Selected.DB = subs[1]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If there is a Session ID specified in
|
||||||
|
// the request headers, then mark it as
|
||||||
|
// the connection Session ID.
|
||||||
|
|
||||||
|
if id := c.Request().Header().Get(varKeyId); len(id) != 0 {
|
||||||
|
c.Set(varKeyUniq, id)
|
||||||
|
}
|
||||||
|
|
||||||
// If there is a namespace specified in
|
// If there is a namespace specified in
|
||||||
// the request headers, then mark it as
|
// the request headers, then mark it as
|
||||||
// the selected namespace.
|
// the selected namespace.
|
||||||
|
@ -136,6 +144,16 @@ func auth() fibre.MiddlewareFunc {
|
||||||
|
|
||||||
if len(head) == 0 {
|
if len(head) == 0 {
|
||||||
|
|
||||||
|
// If there is a Session ID specified as
|
||||||
|
// one of the socket protocols then use
|
||||||
|
// this as the connection Session ID.
|
||||||
|
|
||||||
|
for _, prot := range websocket.Subprotocols(c.Request().Request) {
|
||||||
|
if len(prot) > 3 && prot[0:3] == "id-" {
|
||||||
|
c.Set(varKeyUniq, prot[3:])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// If there is a NS configuration option
|
// If there is a NS configuration option
|
||||||
// defined as one of the socket protocols
|
// defined as one of the socket protocols
|
||||||
// then use this as the selected NS.
|
// then use this as the selected NS.
|
||||||
|
|
60
web/sess.go
60
web/sess.go
|
@ -1,60 +0,0 @@
|
||||||
// Copyright © 2016 Abcum Ltd
|
|
||||||
//
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
//
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
package web
|
|
||||||
|
|
||||||
import (
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"net/http"
|
|
||||||
|
|
||||||
"github.com/abcum/fibre"
|
|
||||||
"github.com/abcum/surreal/cnf"
|
|
||||||
"github.com/abcum/surreal/util/rand"
|
|
||||||
)
|
|
||||||
|
|
||||||
const cookie = "surreal"
|
|
||||||
|
|
||||||
func uniq(val *http.Cookie) string {
|
|
||||||
if val != nil && len(val.Value) == 64 {
|
|
||||||
return val.Value
|
|
||||||
}
|
|
||||||
return rand.String(64)
|
|
||||||
}
|
|
||||||
|
|
||||||
func sess() fibre.MiddlewareFunc {
|
|
||||||
return func(h fibre.HandlerFunc) fibre.HandlerFunc {
|
|
||||||
return func(c *fibre.Context) (err error) {
|
|
||||||
|
|
||||||
val, _ := c.Request().Cookie(cookie)
|
|
||||||
crt := len(cnf.Settings.Cert.Crt) != 0
|
|
||||||
key := len(cnf.Settings.Cert.Key) != 0
|
|
||||||
|
|
||||||
val = &http.Cookie{
|
|
||||||
Name: cookie,
|
|
||||||
Value: uniq(val),
|
|
||||||
Secure: (crt && key),
|
|
||||||
HttpOnly: true,
|
|
||||||
Expires: time.Now().Add(365 * 24 * time.Hour),
|
|
||||||
}
|
|
||||||
|
|
||||||
c.Response().Header().Set("Set-Cookie", val.String())
|
|
||||||
|
|
||||||
c.Set(varKeyCook, val.Value)
|
|
||||||
|
|
||||||
return h(c)
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -25,5 +25,5 @@ const (
|
||||||
varKeyAuth = "auth"
|
varKeyAuth = "auth"
|
||||||
varKeyUser = "user"
|
varKeyUser = "user"
|
||||||
varKeyPass = "pass"
|
varKeyPass = "pass"
|
||||||
varKeyCook = "cook"
|
varKeyUniq = "uniq"
|
||||||
)
|
)
|
||||||
|
|
|
@ -66,7 +66,6 @@ func Setup(opts *cnf.Options) (err error) {
|
||||||
"ID",
|
"ID",
|
||||||
},
|
},
|
||||||
AccessControlMaxAge: 1800,
|
AccessControlMaxAge: 1800,
|
||||||
AccessControlAllowCredentials: true,
|
|
||||||
}))
|
}))
|
||||||
|
|
||||||
// Check body size
|
// Check body size
|
||||||
|
@ -75,10 +74,6 @@ func Setup(opts *cnf.Options) (err error) {
|
||||||
AllowedLength: 1 << 20, // 1mb
|
AllowedLength: 1 << 20, // 1mb
|
||||||
}))
|
}))
|
||||||
|
|
||||||
// Setup session cookie
|
|
||||||
|
|
||||||
s.Use(sess())
|
|
||||||
|
|
||||||
// Setup authentication
|
// Setup authentication
|
||||||
|
|
||||||
s.Use(auth())
|
s.Use(auth())
|
||||||
|
|
Loading…
Reference in a new issue