Dont refresh session keys on bootloader requests

This commit is contained in:
Ken-Håvard Lieng 2018-11-08 08:39:47 +01:00
parent f86e0d9283
commit 70b2c4df47
4 changed files with 23 additions and 27 deletions

View File

@ -69,29 +69,25 @@ func (s *Session) Expired() bool {
return time.Since(created) > Expiration return time.Since(created) > Expiration
} }
func (s *Session) Refresh() (string, bool, error) { func (s *Session) Refresh() (string, error) {
s.lock.Lock() s.lock.Lock()
created := time.Unix(s.createdAt, 0) created := time.Unix(s.createdAt, 0)
s.lock.Unlock() s.lock.Unlock()
if time.Since(created) > Expiration {
return "", true, nil
}
if time.Since(created) > RefreshInterval { if time.Since(created) > RefreshInterval {
key, err := newSessionKey() key, err := newSessionKey()
if err != nil { if err != nil {
return "", false, err return "", err
} }
s.lock.Lock() s.lock.Lock()
s.createdAt = time.Now().Unix() s.createdAt = time.Now().Unix()
s.key = key s.key = key
s.lock.Unlock() s.lock.Unlock()
return key, false, nil return key, nil
} }
return "", false, nil return "", nil
} }
func newSessionKey() (string, error) { func newSessionKey() (string, error) {

View File

@ -8,7 +8,7 @@ import (
"github.com/khlieng/dispatch/storage" "github.com/khlieng/dispatch/storage"
) )
func (d *Dispatch) handleAuth(w http.ResponseWriter, r *http.Request, createUser bool) *State { func (d *Dispatch) handleAuth(w http.ResponseWriter, r *http.Request, createUser, refresh bool) *State {
var state *State var state *State
cookie, err := r.Cookie(session.CookieName) cookie, err := r.Cookie(session.CookieName)
@ -23,17 +23,21 @@ func (d *Dispatch) handleAuth(w http.ResponseWriter, r *http.Request, createUser
session := d.states.getSession(cookie.Value) session := d.states.getSession(cookie.Value)
if session != nil { if session != nil {
key := session.Key() key := session.Key()
newKey, expired, err := session.Refresh()
if err != nil {
return nil
}
if !expired { if !session.Expired() {
state = d.states.get(session.UserID) state = d.states.get(session.UserID)
if newKey != "" {
d.states.setSession(session) if refresh {
d.states.deleteSession(key) newKey, err := session.Refresh()
session.SetCookie(w, r) if err != nil {
log.Println(err)
}
if newKey != "" {
d.states.setSession(session)
d.states.deleteSession(key)
session.SetCookie(w, r)
}
} }
} else { } else {
d.states.deleteSession(key) d.states.deleteSession(key)

View File

@ -323,7 +323,7 @@ func (d *Dispatch) serveIndex(w http.ResponseWriter, r *http.Request) {
var data *indexData var data *indexData
inline := inlineScriptSW inline := inlineScriptSW
if !sw { if !sw {
data = getIndexData(r, r.URL.EscapedPath(), d.handleAuth(w, r, false)) data = getIndexData(r, r.URL.EscapedPath(), d.handleAuth(w, r, false, true))
inline = inlineScript inline = inlineScript
} }

View File

@ -173,7 +173,7 @@ func (d *Dispatch) serve(w http.ResponseWriter, r *http.Request) {
return return
} }
state := d.handleAuth(w, r, true) state := d.handleAuth(w, r, true, true)
if state == nil { if state == nil {
log.Println("[Auth] No state") log.Println("[Auth] No state")
fail(w, http.StatusInternalServerError) fail(w, http.StatusInternalServerError)
@ -182,14 +182,10 @@ func (d *Dispatch) serve(w http.ResponseWriter, r *http.Request) {
d.upgradeWS(w, r, state) d.upgradeWS(w, r, state)
} else if strings.HasPrefix(r.URL.Path, "/data") { } else if strings.HasPrefix(r.URL.Path, "/data") {
state := d.handleAuth(w, r, true) state := d.handleAuth(w, r, false, false)
if state == nil { data := getIndexData(r, r.URL.EscapedPath()[5:], state)
log.Println("[Auth] No state")
fail(w, http.StatusInternalServerError)
return
}
easyjson.MarshalToHTTPResponseWriter(getIndexData(r, r.URL.EscapedPath()[5:], state), w) easyjson.MarshalToHTTPResponseWriter(data, w)
} else { } else {
d.serveFiles(w, r) d.serveFiles(w, r)
} }