2016-01-15 01:27:30 +00:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/rand"
|
|
|
|
"fmt"
|
|
|
|
"io/ioutil"
|
|
|
|
"log"
|
|
|
|
"net/http"
|
2016-01-19 19:31:22 +00:00
|
|
|
"time"
|
2016-01-15 01:27:30 +00:00
|
|
|
|
2016-01-15 01:32:50 +00:00
|
|
|
"github.com/khlieng/dispatch/Godeps/_workspace/src/github.com/dgrijalva/jwt-go"
|
2016-01-15 01:27:30 +00:00
|
|
|
|
|
|
|
"github.com/khlieng/dispatch/storage"
|
|
|
|
)
|
|
|
|
|
|
|
|
func handleAuth(w http.ResponseWriter, r *http.Request) *Session {
|
|
|
|
var session *Session
|
|
|
|
|
|
|
|
cookie, err := r.Cookie(cookieName)
|
|
|
|
if err != nil {
|
|
|
|
authLog(r, "No cookie set")
|
|
|
|
session = newUser(w, r)
|
|
|
|
} else {
|
|
|
|
token, err := jwt.Parse(cookie.Value, func(token *jwt.Token) (interface{}, error) {
|
|
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
|
|
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
|
|
|
}
|
|
|
|
return hmacKey, nil
|
|
|
|
})
|
|
|
|
|
|
|
|
if err == nil && token.Valid {
|
|
|
|
userID := uint64(token.Claims["UserID"].(float64))
|
|
|
|
|
|
|
|
log.Println(r.RemoteAddr, "[Auth] GET", r.URL.Path, "| Valid token | User ID:", userID)
|
|
|
|
|
|
|
|
sessionLock.Lock()
|
|
|
|
session = sessions[userID]
|
|
|
|
sessionLock.Unlock()
|
2016-01-19 21:02:12 +00:00
|
|
|
|
|
|
|
if session == nil {
|
|
|
|
// A previous anonymous session has been cleaned up, create a new one
|
|
|
|
session = newUser(w, r)
|
|
|
|
}
|
2016-01-15 01:27:30 +00:00
|
|
|
} else {
|
|
|
|
if err != nil {
|
|
|
|
authLog(r, "Invalid token: "+err.Error())
|
|
|
|
} else {
|
|
|
|
authLog(r, "Invalid token")
|
|
|
|
}
|
|
|
|
session = newUser(w, r)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return session
|
|
|
|
}
|
|
|
|
|
|
|
|
func newUser(w http.ResponseWriter, r *http.Request) *Session {
|
2016-01-17 20:15:29 +00:00
|
|
|
user, err := storage.NewUser()
|
|
|
|
if err != nil {
|
2016-01-15 01:27:30 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Println(r.RemoteAddr, "[Auth] Create session | User ID:", user.ID)
|
|
|
|
|
|
|
|
session := NewSession(user)
|
|
|
|
|
|
|
|
sessionLock.Lock()
|
|
|
|
sessions[user.ID] = session
|
|
|
|
sessionLock.Unlock()
|
|
|
|
|
2016-01-19 21:02:12 +00:00
|
|
|
go session.run()
|
2016-01-15 01:27:30 +00:00
|
|
|
|
|
|
|
token := jwt.New(jwt.SigningMethodHS256)
|
|
|
|
token.Claims["UserID"] = user.ID
|
|
|
|
tokenString, err := token.SignedString(hmacKey)
|
|
|
|
if err != nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
http.SetCookie(w, &http.Cookie{
|
|
|
|
Name: cookieName,
|
|
|
|
Value: tokenString,
|
|
|
|
Path: "/",
|
2016-01-19 19:31:22 +00:00
|
|
|
Expires: time.Now().AddDate(0, 1, 0),
|
2016-01-15 01:27:30 +00:00
|
|
|
HttpOnly: true,
|
|
|
|
Secure: r.TLS != nil,
|
|
|
|
})
|
|
|
|
|
|
|
|
return session
|
|
|
|
}
|
|
|
|
|
|
|
|
func getHMACKey() ([]byte, error) {
|
|
|
|
key, err := ioutil.ReadFile(storage.Path.HMACKey())
|
|
|
|
if err != nil {
|
|
|
|
key = make([]byte, 32)
|
|
|
|
rand.Read(key)
|
|
|
|
|
|
|
|
err = ioutil.WriteFile(storage.Path.HMACKey(), key, 0600)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return key, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func authLog(r *http.Request, s string) {
|
|
|
|
log.Println(r.RemoteAddr, "[Auth] GET", r.URL.Path, "|", s)
|
|
|
|
}
|