Add server-generated session info to queries

This commit is contained in:
Tobie Morgan Hitchcock 2018-05-09 23:10:30 +01:00
parent c8980e2eac
commit e120f8961c
8 changed files with 132 additions and 41 deletions

View file

@ -149,17 +149,11 @@ func Process(fib *fibre.Context, ast *sql.Query, vars map[string]interface{}) (o
fib.Set(ctxKeyId, uuid.New().String()) fib.Set(ctxKeyId, uuid.New().String())
} }
// Ensure that the IP address of the // Ensure that the session details, such
// user signing in is available so that // as id, ip, and origin, are available on
// it can be used within signin queries. // the 'conn' object on each query.
vars[varKeyIp] = fib.IP().String() vars[varKeySession] = session(fib)
// Ensure that the website origin of the
// user signing in is available so that
// it can be used within signin queries.
vars[varKeyOrigin] = fib.Origin()
// Ensure that the specified environment // Ensure that the specified environment
// variable 'ENV' is available to the // variable 'ENV' is available to the

33
db/session.go Normal file
View file

@ -0,0 +1,33 @@
// Copyright © 2016 Abcum Ltd
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package db
import (
"github.com/abcum/fibre"
)
func session(c *fibre.Context) (out map[string]interface{}) {
out = make(map[string]interface{})
out[varKeyIp] = c.IP().String()
out[varKeyId] = c.Get(varKeyCook)
out[varKeyOrigin] = c.Origin()
return
}

View file

@ -68,8 +68,7 @@ func (s *socket) ctx(ns, db string) (ctx context.Context) {
vars := data.New() vars := data.New()
vars.Set(auth.Data, varKeyAuth) vars.Set(auth.Data, varKeyAuth)
vars.Set(auth.Scope, varKeyScope) vars.Set(auth.Scope, varKeyScope)
vars.Set(s.fibre.Origin(), varKeyOrigin) vars.Set(session(s.fibre), varKeySession)
vars.Set(s.fibre.IP().String(), varKeyIp)
ctx = context.WithValue(ctx, ctxKeyVars, vars) ctx = context.WithValue(ctx, ctxKeyVars, vars)
return return

View file

@ -61,6 +61,7 @@ const (
varKeyIp = "ip" varKeyIp = "ip"
varKeyEnv = "ENV" varKeyEnv = "ENV"
varKeyAuth = "auth" varKeyAuth = "auth"
varKeyCook = "cook"
varKeyThis = "this" varKeyThis = "this"
varKeyScope = "scope" varKeyScope = "scope"
varKeyValue = "value" varKeyValue = "value"
@ -69,6 +70,7 @@ const (
varKeyMethod = "method" varKeyMethod = "method"
varKeyParent = "parent" varKeyParent = "parent"
varKeyOrigin = "origin" varKeyOrigin = "origin"
varKeySession = "session"
) )
var ( var (

28
glide.lock generated
View file

@ -1,8 +1,8 @@
hash: c56e5bd935dd1933a6e7370fe3fc67ea26169ec91aa05c171543866c6c2490ed hash: c56e5bd935dd1933a6e7370fe3fc67ea26169ec91aa05c171543866c6c2490ed
updated: 2018-05-02T12:28:08.963393+01:00 updated: 2018-05-09T23:03:18.058567+01:00
imports: imports:
- name: cloud.google.com/go - name: cloud.google.com/go
version: 29f476ffa9c4cd4fd14336b6043090ac1ad76733 version: 056a55f54a6cc77b440b31a56a5e7c3982d32811
subpackages: subpackages:
- compute/metadata - compute/metadata
- iam - iam
@ -16,7 +16,7 @@ imports:
- name: github.com/abcum/cork - name: github.com/abcum/cork
version: c246208017d0b81f2e9a3fc2fb7a993c89153839 version: c246208017d0b81f2e9a3fc2fb7a993c89153839
- name: github.com/abcum/fibre - name: github.com/abcum/fibre
version: 24b2157453a929f7a86616c415d01b94916b3ed5 version: 58f82632f8a973b56347ffdb5632674cd22686c1
subpackages: subpackages:
- mw - mw
- name: github.com/abcum/ptree - name: github.com/abcum/ptree
@ -35,7 +35,7 @@ imports:
- name: github.com/armon/go-metrics - name: github.com/armon/go-metrics
version: 783273d703149aaeb9897cf58613d5af48861c25 version: 783273d703149aaeb9897cf58613d5af48861c25
- name: github.com/aws/aws-sdk-go - name: github.com/aws/aws-sdk-go
version: 236a3fce423171d03ae327a8aa2512e6fb24df36 version: 31bd69f7db00cbf3d85d129e16d42304cb6e455f
subpackages: subpackages:
- aws - aws
- aws/awserr - aws/awserr
@ -117,7 +117,7 @@ imports:
- name: github.com/jmespath/go-jmespath - name: github.com/jmespath/go-jmespath
version: c2b33e8439af944379acbdd9c3a5fe0bc44bd8a5 version: c2b33e8439af944379acbdd9c3a5fe0bc44bd8a5
- name: github.com/kr/text - name: github.com/kr/text
version: 7cafcd837844e784b526369c9bce262804aebc60 version: e2ffdb16a802fe2bb95e2e35ff34f0e53aeef34f
- name: github.com/mattn/go-colorable - name: github.com/mattn/go-colorable
version: efa589957cd060542a26d2dd7832fd6a6c6c3ade version: efa589957cd060542a26d2dd7832fd6a6c6c3ade
- name: github.com/mattn/go-isatty - name: github.com/mattn/go-isatty
@ -125,7 +125,7 @@ imports:
- name: github.com/mgutz/ansi - name: github.com/mgutz/ansi
version: 9520e82c474b0a04dd04f8a40959027271bab992 version: 9520e82c474b0a04dd04f8a40959027271bab992
- name: github.com/miekg/dns - name: github.com/miekg/dns
version: 01d59357d468872339068bcd5d55a00e2463051f version: eac804ceef194db2da6ee80c728d7658c8c805ff
- name: github.com/mitchellh/mapstructure - name: github.com/mitchellh/mapstructure
version: 00c29f56e2386353d58c599509e8dc3801b0d716 version: 00c29f56e2386353d58c599509e8dc3801b0d716
- name: github.com/newrelic/go-agent - name: github.com/newrelic/go-agent
@ -160,7 +160,7 @@ imports:
subpackages: subpackages:
- codec - codec
- name: go.opencensus.io - name: go.opencensus.io
version: 10cec2c05ea2cfb8b0d856711daedc49d8a45c56 version: c11636694056ed1d664b058521f3aa61016da8ba
subpackages: subpackages:
- exporter/stackdriver/propagation - exporter/stackdriver/propagation
- internal - internal
@ -175,7 +175,7 @@ imports:
- trace/internal - trace/internal
- trace/propagation - trace/propagation
- name: golang.org/x/crypto - name: golang.org/x/crypto
version: 613d6eafa307c6881a737a3c35c0e312e8d3a8c5 version: 2d027ae1dddd4694d54f7a8b6cbe78dca8720226
subpackages: subpackages:
- bcrypt - bcrypt
- blowfish - blowfish
@ -185,7 +185,7 @@ imports:
- scrypt - scrypt
- ssh/terminal - ssh/terminal
- name: golang.org/x/net - name: golang.org/x/net
version: 5f9ae10d9af5b1c89ae6904293b14b064d4ada23 version: f73e4c9ed3b7ebdd5f699a16a880c2b1994e50dd
subpackages: subpackages:
- bpf - bpf
- context - context
@ -199,17 +199,16 @@ imports:
- internal/timeseries - internal/timeseries
- ipv4 - ipv4
- ipv6 - ipv6
- lex/httplex
- trace - trace
- name: golang.org/x/oauth2 - name: golang.org/x/oauth2
version: 6881fee410a5daf86371371f9ad451b95e168b71 version: cdc340f7c179dbbfa4afd43b7614e8fcadde4269
subpackages: subpackages:
- google - google
- internal - internal
- jws - jws
- jwt - jwt
- name: golang.org/x/sys - name: golang.org/x/sys
version: 78d5f264b493f125018180c204871ecf58a2dce1 version: 64746a42f36bf0832f86b76004f1699dbeb33e4f
subpackages: subpackages:
- unix - unix
- windows - windows
@ -226,7 +225,7 @@ imports:
- unicode/bidi - unicode/bidi
- unicode/norm - unicode/norm
- name: google.golang.org/api - name: google.golang.org/api
version: ce90db2c36a2cb8c9c06779ed8bb96f92ea6e3b8 version: 4bd7f4beb291148443ed4553071c4e0697ff4afb
subpackages: subpackages:
- gensupport - gensupport
- googleapi - googleapi
@ -257,7 +256,7 @@ imports:
- googleapis/rpc/code - googleapis/rpc/code
- googleapis/rpc/status - googleapis/rpc/status
- name: google.golang.org/grpc - name: google.golang.org/grpc
version: e538e04cad1b83e47b2ccbbbfe6d5fd5a816d290 version: 45d7f3a23f0b937ba711aa0e3e3426325d3b9ae4
subpackages: subpackages:
- balancer - balancer
- balancer/base - balancer/base
@ -271,7 +270,6 @@ imports:
- grpclb/grpc_lb_v1/messages - grpclb/grpc_lb_v1/messages
- grpclog - grpclog
- internal - internal
- internal/msgdecoder
- keepalive - keepalive
- metadata - metadata
- naming - naming

58
web/sess.go Normal file
View file

@ -0,0 +1,58 @@
// Copyright © 2016 Abcum Ltd
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package web
import (
"time"
"net/http"
"github.com/abcum/fibre"
"github.com/abcum/surreal/cnf"
"github.com/abcum/surreal/util/rand"
)
const cookie = "surreal"
func sess() fibre.MiddlewareFunc {
return func(h fibre.HandlerFunc) fibre.HandlerFunc {
return func(c *fibre.Context) (err error) {
val, err := c.Request().Cookie(cookie)
if err != nil {
crt := len(cnf.Settings.Cert.Crt) != 0
key := len(cnf.Settings.Cert.Key) != 0
val = &http.Cookie{
Name: cookie,
Value: rand.String(64),
Secure: (crt && key),
HttpOnly: true,
Expires: time.Now().Add(365 * 24 * time.Hour),
}
}
c.Response().Header().Set("Set-Cookie", val.String())
c.Set(varKeyCook, val.Value)
return h(c)
}
}
}

View file

@ -25,4 +25,5 @@ const (
varKeyAuth = "auth" varKeyAuth = "auth"
varKeyUser = "user" varKeyUser = "user"
varKeyPass = "pass" varKeyPass = "pass"
varKeyCook = "cook"
) )

View file

@ -46,7 +46,7 @@ func Setup(opts *cnf.Options) (err error) {
// Add cors headers // Add cors headers
s.Use(mw.Cors(&mw.CorsOpts{ s.Use(mw.Cors(&mw.CorsOpts{
AllowedOrigin: "*", AllowedOrigin: "=",
AllowedMethods: []string{ AllowedMethods: []string{
"GET", "GET",
"PUT", "PUT",
@ -63,8 +63,10 @@ func Setup(opts *cnf.Options) (err error) {
"Origin", "Origin",
"NS", "NS",
"DB", "DB",
"ID",
}, },
AccessControlMaxAge: 600, AccessControlMaxAge: 1800,
AccessControlAllowCredentials: true,
})) }))
// Check body size // Check body size
@ -73,6 +75,10 @@ func Setup(opts *cnf.Options) (err error) {
AllowedLength: 1 << 20, // 1mb AllowedLength: 1 << 20, // 1mb
})) }))
// Setup session cookie
s.Use(sess())
// Setup authentication // Setup authentication
s.Use(auth()) s.Use(auth())