-
Notifications
You must be signed in to change notification settings - Fork 18
/
sessions.go
178 lines (156 loc) · 3.89 KB
/
sessions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
package auth
import (
"errors"
"net/http"
"net/url"
"sync"
"time"
)
// session are properties associated with session,
// used for database entries
type session struct {
Username string `json:"username"`
Expires time.Time `json:"created"`
}
type sessionManager struct {
cookieName string
cookieDomain string
cookieTimeout time.Duration
internal map[string]*session
sync.RWMutex
endSessionCleanup chan bool
}
func newSessionManager(domain string, timeout int) *sessionManager {
manager := &sessionManager{
cookieName: "ubclaunchpad-inertia",
cookieDomain: domain,
cookieTimeout: time.Duration(timeout) * time.Minute,
internal: make(map[string]*session),
endSessionCleanup: make(chan bool),
}
// Set up session cleanup goroutine
ticker := time.NewTicker(manager.cookieTimeout)
go func() {
for {
select {
case <-manager.endSessionCleanup:
ticker.Stop()
return
case <-ticker.C:
manager.Lock()
for id, session := range manager.internal {
if !manager.isValidSession(session) {
delete(manager.internal, id)
}
}
manager.Unlock()
}
}
}()
return manager
}
func (s *sessionManager) Close() {
s.endSessionCleanup <- true
s.Lock()
s.internal = make(map[string]*session)
s.Unlock()
}
// SessionBegin starts a new session with user by setting a cookie
// and adding session to memory
func (s *sessionManager) BeginSession(username string, w http.ResponseWriter, r *http.Request) error {
expiration := time.Now().Add(s.cookieTimeout)
id, err := generateSessionID()
if err != nil {
return errors.New("Failed to begin session for " + username + ": " + err.Error())
}
// Add session to map
s.Lock()
s.internal[id] = &session{
Username: username,
Expires: expiration,
}
s.Unlock()
// Add cookie with session ID
http.SetCookie(w, &http.Cookie{
Name: s.cookieName,
Value: url.QueryEscape(id),
Domain: s.cookieDomain,
Path: "/",
HttpOnly: true,
Expires: expiration,
})
return nil
}
// SessionEnd ends a session and sets cookie to expire
func (s *sessionManager) EndSession(w http.ResponseWriter, r *http.Request) error {
cookie, err := r.Cookie(s.cookieName)
if err != nil {
return errors.New("Invalid cookie: " + err.Error())
}
if cookie.Value == "" {
return errors.New("Invalid cookie")
}
id, err := url.QueryUnescape(cookie.Value)
if err != nil {
return errors.New("Invalid cookie: " + err.Error())
}
// Delete session from map
s.Lock()
delete(s.internal, id)
s.Unlock()
// Set cookie to expire immediately
http.SetCookie(w, &http.Cookie{
Name: s.cookieName,
Value: "",
Domain: s.cookieDomain,
Path: "/",
HttpOnly: true,
Expires: time.Unix(0, 0),
})
return nil
}
// GetSession verifies if given request is from a valid session and returns it
func (s *sessionManager) GetSession(w http.ResponseWriter, r *http.Request) (*session, error) {
cookie, err := r.Cookie(s.cookieName)
if err != nil || cookie.Value == "" {
return nil, errCookieNotFound
}
id, err := url.QueryUnescape(cookie.Value)
if err != nil {
return nil, err
}
s.RLock()
session, found := s.internal[id]
if !found {
s.RUnlock()
s.EndSession(w, r)
return nil, errSessionNotFound
}
if !s.isValidSession(session) {
s.RUnlock()
s.EndSession(w, r)
return nil, errSessionNotFound
}
s.RUnlock()
return session, nil
}
// endAllUserSessions removes all active sessions with given user
func (s *sessionManager) EndAllUserSessions(username string) {
s.Lock()
for id, session := range s.internal {
if session.Username == username {
delete(s.internal, id)
}
}
s.Unlock()
}
// EndAllSessions removes all active sessions
func (s *sessionManager) EndAllSessions() {
s.Lock()
s.internal = make(map[string]*session)
s.Unlock()
}
// isValidSession checks if session is expired
func (s *sessionManager) isValidSession(session *session) bool {
return session.Expires.After(time.Now())
}