-
Notifications
You must be signed in to change notification settings - Fork 1
/
session.go
87 lines (74 loc) · 2.11 KB
/
session.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package sessions
import (
"bytes"
"crypto/hmac"
"crypto/sha256"
"encoding/binary"
"encoding/hex"
"errors"
"net/http"
"time"
)
var (
ErrInvalidCookie = errors.New("cookie contains invalid session")
ErrInvalidMAC = errors.New("invalid MAC")
ErrSessionExpired = errors.New("session expired")
)
type Session struct {
Email string
expiration time.Time
mac []byte
}
func newSession(email string, expiration time.Duration, secret []byte) Session {
expiry := time.Now().Add(expiration)
return Session{
Email: email,
expiration: expiry,
mac: calculateMAC(secret, []byte(email), binary.BigEndian.AppendUint64(nil, uint64(expiry.Unix()))),
}
}
func sessionFromCookie(c *http.Cookie) (Session, error) {
const macSize = 32 // 256 bits
const timeSize = 8 // 64 bits
const encodedMACSize = 2 * macSize // 2 * 256 bits
const encodedTimeSize = 2 * timeSize // 2 * 64 bits
value := c.Value
if value == "" {
return Session{}, http.ErrNoCookie
}
if len(value) < encodedMACSize+encodedTimeSize {
return Session{}, ErrInvalidCookie
}
bin, err := hex.DecodeString(value[:encodedMACSize+encodedTimeSize])
if err != nil {
return Session{}, ErrInvalidCookie
}
value = value[encodedMACSize+encodedTimeSize:]
mac := bin[:macSize]
return Session{Email: value, expiration: time.Unix(int64(binary.BigEndian.Uint64(bin[macSize:])), 0), mac: mac}, nil
}
func (s Session) encode() string {
ts := make([]byte, 8)
binary.BigEndian.PutUint64(ts, uint64(s.expiration.Unix()))
return hex.EncodeToString(s.mac) + hex.EncodeToString(ts) + s.Email
}
func (s Session) validate(secret []byte) error {
mac := calculateMAC(secret, []byte(s.Email), binary.BigEndian.AppendUint64(nil, uint64(s.expiration.Unix())))
if !bytes.Equal(s.mac, mac) {
return ErrInvalidMAC
}
if s.expired() {
return ErrSessionExpired
}
return nil
}
func (s Session) expired() bool {
return s.expiration.Before(time.Now())
}
func calculateMAC(secret []byte, parts ...[]byte) []byte {
hash := hmac.New(sha256.New, secret)
for _, part := range parts {
hash.Write(part)
}
return hash.Sum(nil)
}