From 70b2c4df479168858c92738fb3835bf0892e1a96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ken-H=C3=A5vard=20Lieng?= Date: Thu, 8 Nov 2018 08:39:47 +0100 Subject: [PATCH] Dont refresh session keys on bootloader requests --- pkg/session/session.go | 12 ++++-------- server/auth.go | 24 ++++++++++++++---------- server/serve_files.go | 2 +- server/server.go | 12 ++++-------- 4 files changed, 23 insertions(+), 27 deletions(-) diff --git a/pkg/session/session.go b/pkg/session/session.go index e56c0d0f..22409176 100644 --- a/pkg/session/session.go +++ b/pkg/session/session.go @@ -69,29 +69,25 @@ func (s *Session) Expired() bool { return time.Since(created) > Expiration } -func (s *Session) Refresh() (string, bool, error) { +func (s *Session) Refresh() (string, error) { s.lock.Lock() created := time.Unix(s.createdAt, 0) s.lock.Unlock() - if time.Since(created) > Expiration { - return "", true, nil - } - if time.Since(created) > RefreshInterval { key, err := newSessionKey() if err != nil { - return "", false, err + return "", err } s.lock.Lock() s.createdAt = time.Now().Unix() s.key = key s.lock.Unlock() - return key, false, nil + return key, nil } - return "", false, nil + return "", nil } func newSessionKey() (string, error) { diff --git a/server/auth.go b/server/auth.go index 13c8e08f..5da2c272 100644 --- a/server/auth.go +++ b/server/auth.go @@ -8,7 +8,7 @@ import ( "github.com/khlieng/dispatch/storage" ) -func (d *Dispatch) handleAuth(w http.ResponseWriter, r *http.Request, createUser bool) *State { +func (d *Dispatch) handleAuth(w http.ResponseWriter, r *http.Request, createUser, refresh bool) *State { var state *State cookie, err := r.Cookie(session.CookieName) @@ -23,17 +23,21 @@ func (d *Dispatch) handleAuth(w http.ResponseWriter, r *http.Request, createUser session := d.states.getSession(cookie.Value) if session != nil { key := session.Key() - newKey, expired, err := session.Refresh() - if err != nil { - return nil - } - if !expired { + if !session.Expired() { state = d.states.get(session.UserID) - if newKey != "" { - d.states.setSession(session) - d.states.deleteSession(key) - session.SetCookie(w, r) + + if refresh { + newKey, err := session.Refresh() + if err != nil { + log.Println(err) + } + + if newKey != "" { + d.states.setSession(session) + d.states.deleteSession(key) + session.SetCookie(w, r) + } } } else { d.states.deleteSession(key) diff --git a/server/serve_files.go b/server/serve_files.go index b843cd47..28ce20f9 100644 --- a/server/serve_files.go +++ b/server/serve_files.go @@ -323,7 +323,7 @@ func (d *Dispatch) serveIndex(w http.ResponseWriter, r *http.Request) { var data *indexData inline := inlineScriptSW if !sw { - data = getIndexData(r, r.URL.EscapedPath(), d.handleAuth(w, r, false)) + data = getIndexData(r, r.URL.EscapedPath(), d.handleAuth(w, r, false, true)) inline = inlineScript } diff --git a/server/server.go b/server/server.go index 7b6e31d0..0ad70255 100644 --- a/server/server.go +++ b/server/server.go @@ -173,7 +173,7 @@ func (d *Dispatch) serve(w http.ResponseWriter, r *http.Request) { return } - state := d.handleAuth(w, r, true) + state := d.handleAuth(w, r, true, true) if state == nil { log.Println("[Auth] No state") fail(w, http.StatusInternalServerError) @@ -182,14 +182,10 @@ func (d *Dispatch) serve(w http.ResponseWriter, r *http.Request) { d.upgradeWS(w, r, state) } else if strings.HasPrefix(r.URL.Path, "/data") { - state := d.handleAuth(w, r, true) - if state == nil { - log.Println("[Auth] No state") - fail(w, http.StatusInternalServerError) - return - } + state := d.handleAuth(w, r, false, false) + data := getIndexData(r, r.URL.EscapedPath()[5:], state) - easyjson.MarshalToHTTPResponseWriter(getIndexData(r, r.URL.EscapedPath()[5:], state), w) + easyjson.MarshalToHTTPResponseWriter(data, w) } else { d.serveFiles(w, r) }