163 lines
3.2 KiB
Go
163 lines
3.2 KiB
Go
package services
|
|
|
|
import (
|
|
"context"
|
|
"crypto/rand"
|
|
"encoding/hex"
|
|
"errors"
|
|
"net/http"
|
|
"os"
|
|
"strconv"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/rs/zerolog/log"
|
|
)
|
|
|
|
const defaultAPISessionExpirationDuration = 30 * time.Second
|
|
|
|
var APISessionExpirationDuration = sync.OnceValue[time.Duration](func() time.Duration {
|
|
expirationDuration, err := strconv.Atoi(os.Getenv("API_SESSION_EXPIRATION_DURATION"))
|
|
if err != nil {
|
|
log.Debug().Err(err).Msg("unable to load API_SESSION_EXPIRATION_DURATION")
|
|
return defaultAPISessionExpirationDuration
|
|
}
|
|
return time.Duration(expirationDuration * int(time.Second))
|
|
})
|
|
|
|
var APISecure = sync.OnceValue[bool](func() bool {
|
|
return os.Getenv("API_SECURE") == "true"
|
|
})
|
|
|
|
var (
|
|
ErrSessionIdCollision = errors.New("sessionId collision")
|
|
ErrUnauthorized = errors.New("unauthorized")
|
|
)
|
|
|
|
func generateSessionID() (string, error) {
|
|
sessionID := make([]byte, 32)
|
|
if _, err := rand.Read(sessionID); err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return hex.EncodeToString(sessionID), nil
|
|
}
|
|
|
|
type Session struct {
|
|
l sync.RWMutex
|
|
sessionId string
|
|
expirationTime time.Time
|
|
}
|
|
|
|
func (s *Session) GenerateCookie() *http.Cookie {
|
|
s.l.RLock()
|
|
defer s.l.RUnlock()
|
|
|
|
return &http.Cookie{
|
|
Name: "session_id",
|
|
Value: s.sessionId,
|
|
HttpOnly: true,
|
|
Secure: APISecure(),
|
|
Expires: s.expirationTime,
|
|
}
|
|
}
|
|
|
|
type SessionStore struct {
|
|
l sync.RWMutex
|
|
|
|
ctx context.Context
|
|
fnCancel context.CancelFunc
|
|
|
|
sessions map[string]*Session
|
|
}
|
|
|
|
func NewSessionStore(ctx context.Context) *SessionStore {
|
|
ctxChild, fnCancel := context.WithCancel(ctx)
|
|
|
|
s := &SessionStore{
|
|
ctx: ctxChild,
|
|
fnCancel: fnCancel,
|
|
sessions: map[string]*Session{},
|
|
}
|
|
s.purgeWorker()
|
|
|
|
return s
|
|
}
|
|
|
|
func (s *SessionStore) purge() {
|
|
s.l.Lock()
|
|
defer s.l.Unlock()
|
|
|
|
now := time.Now()
|
|
toDelete := []*Session{}
|
|
for _, session := range s.sessions {
|
|
if now.After(session.expirationTime) {
|
|
toDelete = append(toDelete, session)
|
|
}
|
|
}
|
|
|
|
for _, session := range toDelete {
|
|
log.Debug().Str("sessionId", session.sessionId).Msg("purge expired session")
|
|
delete(s.sessions, session.sessionId)
|
|
}
|
|
}
|
|
|
|
func (s *SessionStore) purgeWorker() {
|
|
ticker := time.NewTicker(10 * time.Second)
|
|
go func() {
|
|
for {
|
|
select {
|
|
case <-ticker.C:
|
|
s.purge()
|
|
case <-s.ctx.Done():
|
|
log.Info().Msg("purge worker stopped")
|
|
ticker.Stop()
|
|
return
|
|
}
|
|
}
|
|
}()
|
|
}
|
|
|
|
func (s *SessionStore) Stop() {
|
|
s.fnCancel()
|
|
}
|
|
|
|
func (s *SessionStore) Done() <-chan struct{} {
|
|
return s.ctx.Done()
|
|
}
|
|
|
|
func (s *SessionStore) NewSession() (*Session, error) {
|
|
sessionId, err := generateSessionID()
|
|
if err != nil {
|
|
log.Err(err).Msg("unable to generate sessionId")
|
|
return nil, err
|
|
}
|
|
|
|
s.l.Lock()
|
|
defer s.l.Unlock()
|
|
|
|
if _, ok := s.sessions[sessionId]; ok {
|
|
log.Error().Str("sessionId", sessionId).Msg("sessionId collision")
|
|
return nil, ErrSessionIdCollision
|
|
}
|
|
|
|
now := time.Now().Add(APISessionExpirationDuration())
|
|
session := Session{expirationTime: now, sessionId: sessionId}
|
|
s.sessions[sessionId] = &session
|
|
|
|
return &session, nil
|
|
}
|
|
|
|
func (s *SessionStore) IsLogged(r *http.Request) bool {
|
|
cookie, err := r.Cookie("session_id")
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
s.l.RLock()
|
|
defer s.l.RUnlock()
|
|
|
|
_, ok := s.sessions[cookie.Value]
|
|
return ok
|
|
}
|