Dont refresh session keys on bootloader requests

2018-11-08 08:39:47 +01:00 · 2018-11-08 08:39:47 +01:00 · 70b2c4df47
commit 70b2c4df47
parent f86e0d9283
4 changed files with 23 additions and 27 deletions
--- a/pkg/session/session.go
+++ b/pkg/session/session.go
@ -69,29 +69,25 @@ func (s *Session) Expired() bool {
 	return time.Since(created) > Expiration
 }

-func (s *Session) Refresh() (string, bool, error) {
+func (s *Session) Refresh() (string, error) {
 	s.lock.Lock()
 	created := time.Unix(s.createdAt, 0)
 	s.lock.Unlock()

-	if time.Since(created) > Expiration {
-		return "", true, nil
-	}
-
 	if time.Since(created) > RefreshInterval {
 		key, err := newSessionKey()
 		if err != nil {
-			return "", false, err
+			return "", err
 		}

 		s.lock.Lock()
 		s.createdAt = time.Now().Unix()
 		s.key = key
 		s.lock.Unlock()
-		return key, false, nil
+		return key, nil
 	}

-	return "", false, nil
+	return "", nil
 }

 func newSessionKey() (string, error) {
--- a/server/auth.go
+++ b/server/auth.go
@ -8,7 +8,7 @@ import (
 	"github.com/khlieng/dispatch/storage"
 )

-func (d *Dispatch) handleAuth(w http.ResponseWriter, r *http.Request, createUser bool) *State {
+func (d *Dispatch) handleAuth(w http.ResponseWriter, r *http.Request, createUser, refresh bool) *State {
 	var state *State

 	cookie, err := r.Cookie(session.CookieName)
@ -23,17 +23,21 @@ func (d *Dispatch) handleAuth(w http.ResponseWriter, r *http.Request, createUser
 		session := d.states.getSession(cookie.Value)
 		if session != nil {
 			key := session.Key()
-			newKey, expired, err := session.Refresh()
-			if err != nil {
-				return nil
-			}

-			if !expired {
+			if !session.Expired() {
 				state = d.states.get(session.UserID)
-				if newKey != "" {
-					d.states.setSession(session)
-					d.states.deleteSession(key)
-					session.SetCookie(w, r)
+
+				if refresh {
+					newKey, err := session.Refresh()
+					if err != nil {
+						log.Println(err)
+					}
+
+					if newKey != "" {
+						d.states.setSession(session)
+						d.states.deleteSession(key)
+						session.SetCookie(w, r)
+					}
 				}
 			} else {
 				d.states.deleteSession(key)
--- a/server/serve_files.go
+++ b/server/serve_files.go
@ -323,7 +323,7 @@ func (d *Dispatch) serveIndex(w http.ResponseWriter, r *http.Request) {
 	var data *indexData
 	inline := inlineScriptSW
 	if !sw {
-		data = getIndexData(r, r.URL.EscapedPath(), d.handleAuth(w, r, false))
+		data = getIndexData(r, r.URL.EscapedPath(), d.handleAuth(w, r, false, true))
 		inline = inlineScript
 	}

--- a/server/server.go
+++ b/server/server.go
@ -173,7 +173,7 @@ func (d *Dispatch) serve(w http.ResponseWriter, r *http.Request) {
 			return
 		}

-		state := d.handleAuth(w, r, true)
+		state := d.handleAuth(w, r, true, true)
 		if state == nil {
 			log.Println("[Auth] No state")
 			fail(w, http.StatusInternalServerError)
@ -182,14 +182,10 @@ func (d *Dispatch) serve(w http.ResponseWriter, r *http.Request) {

 		d.upgradeWS(w, r, state)
 	} else if strings.HasPrefix(r.URL.Path, "/data") {
-		state := d.handleAuth(w, r, true)
-		if state == nil {
-			log.Println("[Auth] No state")
-			fail(w, http.StatusInternalServerError)
-			return
-		}
+		state := d.handleAuth(w, r, false, false)
+		data := getIndexData(r, r.URL.EscapedPath()[5:], state)

-		easyjson.MarshalToHTTPResponseWriter(getIndexData(r, r.URL.EscapedPath()[5:], state), w)
+		easyjson.MarshalToHTTPResponseWriter(data, w)
 	} else {
 		d.serveFiles(w, r)
 	}