dispatch/server/auth.go

package server

import (
	"log"
	"net/http"

	"github.com/khlieng/dispatch/pkg/cookie"
	"github.com/khlieng/dispatch/pkg/session"
	"github.com/khlieng/dispatch/storage"
)

func (d *Dispatch) handleAuth(w http.ResponseWriter, r *http.Request, createUser, refresh bool) *State {
	var state *State

	cookie, err := r.Cookie(cookie.Name(r, session.CookieName))
	if err != nil {
		if createUser {
			state, err = d.newUser(w, r)
			if err != nil {
				log.Println(err)
			}
		}
	} else {
		session := d.states.getSession(cookie.Value)
		if session != nil {
			key := session.Key()

			if !session.Expired() {
				state = d.states.get(session.UserID)

				if refresh {
					newKey, err := session.Refresh()
					if err != nil {
						log.Println(err)
					}

					if newKey != "" {
						d.states.setSession(session)
						d.states.deleteSession(key)
						session.SetCookie(w, r)
					}
				}
			} else {
				d.states.deleteSession(key)
			}
		}

		if state != nil {
			log.Println(r.RemoteAddr, "[Auth] GET", r.URL.Path, "| Valid token | User ID:", state.user.ID)
		} else if createUser {
			state, err = d.newUser(w, r)
			if err != nil {
				log.Println(err)
			}
		}
	}

	return state
}

func (d *Dispatch) newUser(w http.ResponseWriter, r *http.Request) (*State, error) {
	user, err := storage.NewUser(d.Store)
	if err != nil {
		return nil, err
	}

	log.Println(r.RemoteAddr, "[Auth] New anonymous user | ID:", user.ID)

	session, err := session.New(user.ID)
	if err != nil {
		return nil, err
	}
	d.states.setSession(session)

	state := NewState(user, d)
	d.states.set(state)
	go state.run()

	session.SetCookie(w, r)

	return state, nil
}
Store auth info in a JWT token in a cookie 2016-01-15 01:27:30 +00:00			`package server`

			`import (`
			`"log"`
			`"net/http"`

Add __Host- prefix, set X-XSS-Protection to 0, require go1.11 2020-06-25 06:21:16 +00:00			`"github.com/khlieng/dispatch/pkg/cookie"`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`"github.com/khlieng/dispatch/pkg/session"`
Store auth info in a JWT token in a cookie 2016-01-15 01:27:30 +00:00			`"github.com/khlieng/dispatch/storage"`
			`)`

Dont refresh session keys on bootloader requests 2018-11-08 07:39:47 +00:00			`func (d Dispatch) handleAuth(w http.ResponseWriter, r http.Request, createUser, refresh bool) *State {`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`var state *State`
Store auth info in a JWT token in a cookie 2016-01-15 01:27:30 +00:00
Add __Host- prefix, set X-XSS-Protection to 0, require go1.11 2020-06-25 06:21:16 +00:00			`cookie, err := r.Cookie(cookie.Name(r, session.CookieName))`
Store auth info in a JWT token in a cookie 2016-01-15 01:27:30 +00:00			`if err != nil {`
Wait until a websocket connection comes in before creating new anonymous sessions 2018-05-22 01:56:48 +00:00			`if createUser {`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`state, err = d.newUser(w, r)`
			`if err != nil {`
			`log.Println(err)`
			`}`
Wait until a websocket connection comes in before creating new anonymous sessions 2018-05-22 01:56:48 +00:00			`}`
Store auth info in a JWT token in a cookie 2016-01-15 01:27:30 +00:00			`} else {`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`session := d.states.getSession(cookie.Value)`
Use random session IDs instead of jwt 2018-04-26 19:32:21 +00:00			`if session != nil {`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`key := session.Key()`

Dont refresh session keys on bootloader requests 2018-11-08 07:39:47 +00:00			`if !session.Expired() {`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`state = d.states.get(session.UserID)`
Dont refresh session keys on bootloader requests 2018-11-08 07:39:47 +00:00
			`if refresh {`
			`newKey, err := session.Refresh()`
			`if err != nil {`
			`log.Println(err)`
			`}`

			`if newKey != "" {`
			`d.states.setSession(session)`
			`d.states.deleteSession(key)`
			`session.SetCookie(w, r)`
			`}`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`}`
Do all session pruning in a single goroutine 2018-06-01 03:40:12 +00:00			`} else {`
			`d.states.deleteSession(key)`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`}`
			`}`

			`if state != nil {`
			`log.Println(r.RemoteAddr, "[Auth] GET", r.URL.Path, "\| Valid token \| User ID:", state.user.ID)`
Wait until a websocket connection comes in before creating new anonymous sessions 2018-05-22 01:56:48 +00:00			`} else if createUser {`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`state, err = d.newUser(w, r)`
			`if err != nil {`
			`log.Println(err)`
			`}`
Store auth info in a JWT token in a cookie 2016-01-15 01:27:30 +00:00			`}`
			`}`

Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`return state`
Store auth info in a JWT token in a cookie 2016-01-15 01:27:30 +00:00			`}`

Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`func (d Dispatch) newUser(w http.ResponseWriter, r http.Request) (*State, error) {`
			`user, err := storage.NewUser(d.Store)`
			`if err != nil {`
			`return nil, err`
			`}`

			`log.Println(r.RemoteAddr, "[Auth] New anonymous user \| ID:", user.ID)`
Store auth info in a JWT token in a cookie 2016-01-15 01:27:30 +00:00
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`session, err := session.New(user.ID)`
Store auth info in a JWT token in a cookie 2016-01-15 01:27:30 +00:00			`if err != nil {`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`return nil, err`
Store auth info in a JWT token in a cookie 2016-01-15 01:27:30 +00:00			`}`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`d.states.setSession(session)`

			`state := NewState(user, d)`
			`d.states.set(state)`
			`go state.run()`

			`session.SetCookie(w, r)`

			`return state, nil`
			`}`