writefreely/session.go

142 lines
3.1 KiB
Go
Raw Normal View History

/*
2019-05-12 22:55:30 +02:00
* Copyright © 2018-2019 A Bunch Tell LLC.
*
* This file is part of WriteFreely.
*
* WriteFreely is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, included
* in the LICENSE file in this source code package.
*/
2018-12-31 07:05:26 +01:00
2018-10-17 02:30:38 +02:00
package writefreely
import (
"encoding/gob"
"github.com/gorilla/sessions"
"github.com/writeas/web-core/log"
"net/http"
"strings"
)
const (
day = 86400
sessionLength = 180 * day
cookieName = "wfu"
cookieUserVal = "u"
blogPassCookieName = "ub"
2018-10-17 02:30:38 +02:00
)
// InitSession creates the cookie store. It depends on the keychain already
2018-10-17 02:30:38 +02:00
// being loaded.
func (app *App) InitSession() {
2018-10-17 02:30:38 +02:00
// Register complex data types we'll be storing in cookies
gob.Register(&User{})
// Create the cookie store
store := sessions.NewCookieStore(app.keys.CookieAuthKey, app.keys.CookieKey)
2018-10-17 02:30:38 +02:00
store.Options = &sessions.Options{
Path: "/",
MaxAge: sessionLength,
HttpOnly: true,
Secure: strings.HasPrefix(app.cfg.App.Host, "https://"),
}
if store.Options.Secure {
store.Options.SameSite = http.SameSiteNoneMode
2018-10-17 02:30:38 +02:00
}
app.sessionStore = store
2018-10-17 02:30:38 +02:00
}
2019-05-12 22:55:30 +02:00
func getSessionFlashes(app *App, w http.ResponseWriter, r *http.Request, session *sessions.Session) ([]string, error) {
2018-10-17 02:30:38 +02:00
var err error
if session == nil {
session, err = app.sessionStore.Get(r, cookieName)
if err != nil {
return nil, err
}
}
f := []string{}
if flashes := session.Flashes(); len(flashes) > 0 {
for _, flash := range flashes {
if str, ok := flash.(string); ok {
f = append(f, str)
}
}
}
saveUserSession(app, r, w)
return f, nil
}
2019-05-12 22:55:30 +02:00
func addSessionFlash(app *App, w http.ResponseWriter, r *http.Request, m string, session *sessions.Session) error {
2018-10-17 02:30:38 +02:00
var err error
if session == nil {
session, err = app.sessionStore.Get(r, cookieName)
}
if err != nil {
log.Error("Unable to add flash '%s': %v", m, err)
return err
}
session.AddFlash(m)
saveUserSession(app, r, w)
return nil
}
2019-05-12 22:55:30 +02:00
func getUserAndSession(app *App, r *http.Request) (*User, *sessions.Session) {
2018-10-17 02:30:38 +02:00
session, err := app.sessionStore.Get(r, cookieName)
if err == nil {
// Got the currently logged-in user
val := session.Values[cookieUserVal]
var u = &User{}
var ok bool
if u, ok = val.(*User); ok {
return u, session
}
}
return nil, nil
}
2019-05-12 22:55:30 +02:00
func getUserSession(app *App, r *http.Request) *User {
2018-10-17 02:30:38 +02:00
u, _ := getUserAndSession(app, r)
return u
}
2019-05-12 22:55:30 +02:00
func saveUserSession(app *App, r *http.Request, w http.ResponseWriter) error {
2018-10-17 02:30:38 +02:00
session, err := app.sessionStore.Get(r, cookieName)
if err != nil {
return ErrInternalCookieSession
}
// Extend the session
session.Options.MaxAge = int(sessionLength)
// Remove any information that accidentally got added
// FIXME: find where Plan information is getting saved to cookie.
val := session.Values[cookieUserVal]
var u = &User{}
var ok bool
if u, ok = val.(*User); ok {
session.Values[cookieUserVal] = u.Cookie()
}
err = session.Save(r, w)
if err != nil {
log.Error("Couldn't saveUserSession: %v", err)
}
return err
}
2019-05-12 22:55:30 +02:00
func getFullUserSession(app *App, r *http.Request) *User {
2018-10-17 02:30:38 +02:00
u := getUserSession(app, r)
if u == nil {
return nil
}
u, _ = app.db.GetUserByID(u.ID)
return u
}