Dont refresh session keys on bootloader requests

This commit is contained in:
Ken-Håvard Lieng 2018-11-08 08:39:47 +01:00
parent f86e0d9283
commit 70b2c4df47
4 changed files with 23 additions and 27 deletions

View File

@ -69,29 +69,25 @@ func (s *Session) Expired() bool {
return time.Since(created) > Expiration
}
func (s *Session) Refresh() (string, bool, error) {
func (s *Session) Refresh() (string, error) {
s.lock.Lock()
created := time.Unix(s.createdAt, 0)
s.lock.Unlock()
if time.Since(created) > Expiration {
return "", true, nil
}
if time.Since(created) > RefreshInterval {
key, err := newSessionKey()
if err != nil {
return "", false, err
return "", err
}
s.lock.Lock()
s.createdAt = time.Now().Unix()
s.key = key
s.lock.Unlock()
return key, false, nil
return key, nil
}
return "", false, nil
return "", nil
}
func newSessionKey() (string, error) {

View File

@ -8,7 +8,7 @@ import (
"github.com/khlieng/dispatch/storage"
)
func (d *Dispatch) handleAuth(w http.ResponseWriter, r *http.Request, createUser bool) *State {
func (d *Dispatch) handleAuth(w http.ResponseWriter, r *http.Request, createUser, refresh bool) *State {
var state *State
cookie, err := r.Cookie(session.CookieName)
@ -23,18 +23,22 @@ func (d *Dispatch) handleAuth(w http.ResponseWriter, r *http.Request, createUser
session := d.states.getSession(cookie.Value)
if session != nil {
key := session.Key()
newKey, expired, err := session.Refresh()
if !session.Expired() {
state = d.states.get(session.UserID)
if refresh {
newKey, err := session.Refresh()
if err != nil {
return nil
log.Println(err)
}
if !expired {
state = d.states.get(session.UserID)
if newKey != "" {
d.states.setSession(session)
d.states.deleteSession(key)
session.SetCookie(w, r)
}
}
} else {
d.states.deleteSession(key)
}

View File

@ -323,7 +323,7 @@ func (d *Dispatch) serveIndex(w http.ResponseWriter, r *http.Request) {
var data *indexData
inline := inlineScriptSW
if !sw {
data = getIndexData(r, r.URL.EscapedPath(), d.handleAuth(w, r, false))
data = getIndexData(r, r.URL.EscapedPath(), d.handleAuth(w, r, false, true))
inline = inlineScript
}

View File

@ -173,7 +173,7 @@ func (d *Dispatch) serve(w http.ResponseWriter, r *http.Request) {
return
}
state := d.handleAuth(w, r, true)
state := d.handleAuth(w, r, true, true)
if state == nil {
log.Println("[Auth] No state")
fail(w, http.StatusInternalServerError)
@ -182,14 +182,10 @@ func (d *Dispatch) serve(w http.ResponseWriter, r *http.Request) {
d.upgradeWS(w, r, state)
} else if strings.HasPrefix(r.URL.Path, "/data") {
state := d.handleAuth(w, r, true)
if state == nil {
log.Println("[Auth] No state")
fail(w, http.StatusInternalServerError)
return
}
state := d.handleAuth(w, r, false, false)
data := getIndexData(r, r.URL.EscapedPath()[5:], state)
easyjson.MarshalToHTTPResponseWriter(getIndexData(r, r.URL.EscapedPath()[5:], state), w)
easyjson.MarshalToHTTPResponseWriter(data, w)
} else {
d.serveFiles(w, r)
}