osbzr
/
com
项目红包剩余9514,下一贡献奖励5%,即 476个红包
Bevaka 15
Stjärnmärk 7
Wiki 捐赠
本站源代码
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
Gren: gamification
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från 'gamification'
${ noResults }
com/vendor/gitea.com/macaron/session/session.go

394 lines
11KB
Permalänk Blame Historik 

  1. // Copyright 2013 Beego Authors

  2. // Copyright 2014 The Macaron Authors

  3. //

  4. // Licensed under the Apache License, Version 2.0 (the "License"): you may

  5. // not use this file except in compliance with the License. You may obtain

  6. // a copy of the License at

  7. //

  8. //     http://www.apache.org/licenses/LICENSE-2.0

  9. //

  10. // Unless required by applicable law or agreed to in writing, software

  11. // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT

  12. // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the

  13. // License for the specific language governing permissions and limitations

  14. // under the License.

  15. 

  16. // Package session a middleware that provides the session management of Macaron.

  17. package session

  18. 

  19. import (

  20. 	"encoding/hex"

  21. 	"errors"

  22. 	"fmt"

  23. 	"net/http"

  24. 	"net/url"

  25. 	"time"

  26. 

  27. 	"gitea.com/macaron/macaron"

  28. )

  29. 

  30. const _VERSION = "0.6.0"

  31. 

  32. func Version() string {

  33. 	return _VERSION

  34. }

  35. 

  36. // RawStore is the interface that operates the session data.

  37. type RawStore interface {

  38. 	// Set sets value to given key in session.

  39. 	Set(interface{}, interface{}) error

  40. 	// Get gets value by given key in session.

  41. 	Get(interface{}) interface{}

  42. 	// Delete deletes a key from session.

  43. 	Delete(interface{}) error

  44. 	// ID returns current session ID.

  45. 	ID() string

  46. 	// Release releases session resource and save data to provider.

  47. 	Release() error

  48. 	// Flush deletes all session data.

  49. 	Flush() error

  50. }

  51. 

  52. // Store is the interface that contains all data for one session process with specific ID.

  53. type Store interface {

  54. 	RawStore

  55. 	// Read returns raw session store by session ID.

  56. 	Read(string) (RawStore, error)

  57. 	// Destroy deletes a session.

  58. 	Destroy(*macaron.Context) error

  59. 	// RegenerateId regenerates a session store from old session ID to new one.

  60. 	RegenerateId(*macaron.Context) (RawStore, error)

  61. 	// Count counts and returns number of sessions.

  62. 	Count() int

  63. 	// GC calls GC to clean expired sessions.

  64. 	GC()

  65. }

  66. 

  67. type store struct {

  68. 	RawStore

  69. 	*Manager

  70. }

  71. 

  72. var _ Store = &store{}

  73. 

  74. // Options represents a struct for specifying configuration options for the session middleware.

  75. type Options struct {

  76. 	// Name of provider. Default is "memory".

  77. 	Provider string

  78. 	// Provider configuration, it's corresponding to provider.

  79. 	ProviderConfig string

  80. 	// Cookie name to save session ID. Default is "MacaronSession".

  81. 	CookieName string

  82. 	// Cookie path to store. Default is "/".

  83. 	CookiePath string

  84. 	// GC interval time in seconds. Default is 3600.

  85. 	Gclifetime int64

  86. 	// Max life time in seconds. Default is whatever GC interval time is.

  87. 	Maxlifetime int64

  88. 	// Use HTTPS only. Default is false.

  89. 	Secure bool

  90. 	// Cookie life time. Default is 0.

  91. 	CookieLifeTime int

  92. 	// Cookie domain name. Default is empty.

  93. 	Domain string

  94. 	// Session ID length. Default is 16.

  95. 	IDLength int

  96. 	// Configuration section name. Default is "session".

  97. 	Section string

  98. 	// Ignore release for websocket. Default is false.

  99. 	IgnoreReleaseForWebSocket bool

  100. }

  101. 

  102. func prepareOptions(options []Options) Options {

  103. 	var opt Options

  104. 	if len(options) > 0 {

  105. 		opt = options[0]

  106. 	}

  107. 	if len(opt.Section) == 0 {

  108. 		opt.Section = "session"

  109. 	}

  110. 	sec := macaron.Config().Section(opt.Section)

  111. 

  112. 	if len(opt.Provider) == 0 {

  113. 		opt.Provider = sec.Key("PROVIDER").MustString("memory")

  114. 	}

  115. 	if len(opt.ProviderConfig) == 0 {

  116. 		opt.ProviderConfig = sec.Key("PROVIDER_CONFIG").MustString("data/sessions")

  117. 	}

  118. 	if len(opt.CookieName) == 0 {

  119. 		opt.CookieName = sec.Key("COOKIE_NAME").MustString("MacaronSession")

  120. 	}

  121. 	if len(opt.CookiePath) == 0 {

  122. 		opt.CookiePath = sec.Key("COOKIE_PATH").MustString("/")

  123. 	}

  124. 	if opt.Gclifetime == 0 {

  125. 		opt.Gclifetime = sec.Key("GC_INTERVAL_TIME").MustInt64(3600)

  126. 	}

  127. 	if opt.Maxlifetime == 0 {

  128. 		opt.Maxlifetime = sec.Key("MAX_LIFE_TIME").MustInt64(opt.Gclifetime)

  129. 	}

  130. 	if !opt.Secure {

  131. 		opt.Secure = sec.Key("SECURE").MustBool()

  132. 	}

  133. 	if opt.CookieLifeTime == 0 {

  134. 		opt.CookieLifeTime = sec.Key("COOKIE_LIFE_TIME").MustInt()

  135. 	}

  136. 	if len(opt.Domain) == 0 {

  137. 		opt.Domain = sec.Key("DOMAIN").String()

  138. 	}

  139. 	if opt.IDLength == 0 {

  140. 		opt.IDLength = sec.Key("ID_LENGTH").MustInt(16)

  141. 	}

  142. 	if !opt.IgnoreReleaseForWebSocket {

  143. 		opt.IgnoreReleaseForWebSocket = sec.Key("IGNORE_RELEASE_FOR_WEBSOCKET").MustBool()

  144. 	}

  145. 

  146. 	return opt

  147. }

  148. 

  149. // Sessioner is a middleware that maps a session.SessionStore service into the Macaron handler chain.

  150. // An single variadic session.Options struct can be optionally provided to configure.

  151. func Sessioner(options ...Options) macaron.Handler {

  152. 	opt := prepareOptions(options)

  153. 	manager, err := NewManager(opt.Provider, opt)

  154. 	if err != nil {

  155. 		panic(err)

  156. 	}

  157. 	go manager.startGC()

  158. 

  159. 	return func(ctx *macaron.Context) {

  160. 		sess, err := manager.Start(ctx)

  161. 		if err != nil {

  162. 			panic("session(start): " + err.Error())

  163. 		}

  164. 

  165. 		// Get flash.

  166. 		vals, _ := url.ParseQuery(ctx.GetCookie("macaron_flash"))

  167. 		if len(vals) > 0 {

  168. 			f := &Flash{Values: vals}

  169. 			f.ErrorMsg = f.Get("error")

  170. 			f.SuccessMsg = f.Get("success")

  171. 			f.InfoMsg = f.Get("info")

  172. 			f.WarningMsg = f.Get("warning")

  173. 			ctx.Data["Flash"] = f

  174. 			ctx.SetCookie("macaron_flash", "", -1, opt.CookiePath)

  175. 		}

  176. 

  177. 		f := &Flash{ctx, url.Values{}, "", "", "", ""}

  178. 		ctx.Resp.Before(func(macaron.ResponseWriter) {

  179. 			if flash := f.Encode(); len(flash) > 0 {

  180. 				ctx.SetCookie("macaron_flash", flash, 0, opt.CookiePath)

  181. 			}

  182. 		})

  183. 

  184. 		ctx.Map(f)

  185. 		s := store{

  186. 			RawStore: sess,

  187. 			Manager:  manager,

  188. 		}

  189. 

  190. 		ctx.MapTo(s, (*Store)(nil))

  191. 

  192. 		ctx.Next()

  193. 

  194. 		if manager.opt.IgnoreReleaseForWebSocket && ctx.Req.Header.Get("Upgrade") == "websocket" {

  195. 			return

  196. 		}

  197. 

  198. 		if err = sess.Release(); err != nil {

  199. 			panic("session(release): " + err.Error())

  200. 		}

  201. 	}

  202. }

  203. 

  204. // Provider is the interface that provides session manipulations.

  205. type Provider interface {

  206. 	// Init initializes session provider.

  207. 	Init(gclifetime int64, config string) error

  208. 	// Read returns raw session store by session ID.

  209. 	Read(sid string) (RawStore, error)

  210. 	// Exist returns true if session with given ID exists.

  211. 	Exist(sid string) bool

  212. 	// Destroy deletes a session by session ID.

  213. 	Destroy(sid string) error

  214. 	// Regenerate regenerates a session store from old session ID to new one.

  215. 	Regenerate(oldsid, sid string) (RawStore, error)

  216. 	// Count counts and returns number of sessions.

  217. 	Count() int

  218. 	// GC calls GC to clean expired sessions.

  219. 	GC()

  220. }

  221. 

  222. var providers = make(map[string]Provider)

  223. 

  224. // Register registers a provider.

  225. func Register(name string, provider Provider) {

  226. 	if provider == nil {

  227. 		panic("session: cannot register provider with nil value")

  228. 	}

  229. 	if _, dup := providers[name]; dup {

  230. 		panic(fmt.Errorf("session: cannot register provider '%s' twice", name))

  231. 	}

  232. 	providers[name] = provider

  233. }

  234. 

  235. //    _____

  236. //   /     \ _____    ____ _____     ____   ___________

  237. //  /  \ /  \\__  \  /    \\__  \   / ___\_/ __ \_  __ \

  238. // /    Y    \/ __ \|   |  \/ __ \_/ /_/  >  ___/|  | \/

  239. // \____|__  (____  /___|  (____  /\___  / \___  >__|

  240. //         \/     \/     \/     \//_____/      \/

  241. 

  242. // Manager represents a struct that contains session provider and its configuration.

  243. type Manager struct {

  244. 	provider Provider

  245. 	opt      Options

  246. }

  247. 

  248. // NewManager creates and returns a new session manager by given provider name and configuration.

  249. // It panics when given provider isn't registered.

  250. func NewManager(name string, opt Options) (*Manager, error) {

  251. 	p, ok := providers[name]

  252. 	if !ok {

  253. 		return nil, fmt.Errorf("session: unknown provider '%s'(forgotten import?)", name)

  254. 	}

  255. 	return &Manager{p, opt}, p.Init(opt.Maxlifetime, opt.ProviderConfig)

  256. }

  257. 

  258. // sessionID generates a new session ID with rand string, unix nano time, remote addr by hash function.

  259. func (m *Manager) sessionID() string {

  260. 	return hex.EncodeToString(generateRandomKey(m.opt.IDLength / 2))

  261. }

  262. 

  263. // validSessionID tests whether a provided session ID is a valid session ID.

  264. func (m *Manager) validSessionID(sid string) (bool, error) {

  265. 	if len(sid) != m.opt.IDLength {

  266. 		return false, errors.New("invalid 'sid': " + sid)

  267. 	}

  268. 

  269. 	for i := range sid {

  270. 		switch {

  271. 		case '0' <= sid[i] && sid[i] <= '9':

  272. 		case 'a' <= sid[i] && sid[i] <= 'f':

  273. 		default:

  274. 			return false, errors.New("invalid 'sid': " + sid)

  275. 		}

  276. 	}

  277. 	return true, nil

  278. }

  279. 

  280. // Start starts a session by generating new one

  281. // or retrieve existence one by reading session ID from HTTP request if it's valid.

  282. func (m *Manager) Start(ctx *macaron.Context) (RawStore, error) {

  283. 	sid := ctx.GetCookie(m.opt.CookieName)

  284. 	valid, _ := m.validSessionID(sid)

  285. 	if len(sid) > 0 && valid && m.provider.Exist(sid) {

  286. 		return m.provider.Read(sid)

  287. 	}

  288. 

  289. 	sid = m.sessionID()

  290. 	sess, err := m.provider.Read(sid)

  291. 	if err != nil {

  292. 		return nil, err

  293. 	}

  294. 

  295. 	cookie := &http.Cookie{

  296. 		Name:     m.opt.CookieName,

  297. 		Value:    sid,

  298. 		Path:     m.opt.CookiePath,

  299. 		HttpOnly: true,

  300. 		Secure:   m.opt.Secure,

  301. 		Domain:   m.opt.Domain,

  302. 	}

  303. 	if m.opt.CookieLifeTime >= 0 {

  304. 		cookie.MaxAge = m.opt.CookieLifeTime

  305. 	}

  306. 	http.SetCookie(ctx.Resp, cookie)

  307. 	ctx.Req.AddCookie(cookie)

  308. 	return sess, nil

  309. }

  310. 

  311. // Read returns raw session store by session ID.

  312. func (m *Manager) Read(sid string) (RawStore, error) {

  313. 	// Ensure we're trying to read a valid session ID

  314. 	if _, err := m.validSessionID(sid); err != nil {

  315. 		return nil, err

  316. 	}

  317. 

  318. 	return m.provider.Read(sid)

  319. }

  320. 

  321. // Destroy deletes a session by given ID.

  322. func (m *Manager) Destroy(ctx *macaron.Context) error {

  323. 	sid := ctx.GetCookie(m.opt.CookieName)

  324. 	if len(sid) == 0 {

  325. 		return nil

  326. 	}

  327. 

  328. 	if _, err := m.validSessionID(sid); err != nil {

  329. 		return err

  330. 	}

  331. 

  332. 	if err := m.provider.Destroy(sid); err != nil {

  333. 		return err

  334. 	}

  335. 	cookie := &http.Cookie{

  336. 		Name:     m.opt.CookieName,

  337. 		Path:     m.opt.CookiePath,

  338. 		HttpOnly: true,

  339. 		Expires:  time.Now(),

  340. 		MaxAge:   -1,

  341. 	}

  342. 	http.SetCookie(ctx.Resp, cookie)

  343. 	return nil

  344. }

  345. 

  346. // RegenerateId regenerates a session store from old session ID to new one.

  347. func (m *Manager) RegenerateId(ctx *macaron.Context) (sess RawStore, err error) {

  348. 	sid := m.sessionID()

  349. 	oldsid := ctx.GetCookie(m.opt.CookieName)

  350. 	_, err = m.validSessionID(oldsid)

  351. 	if err != nil {

  352. 		return nil, err

  353. 	}

  354. 	sess, err = m.provider.Regenerate(oldsid, sid)

  355. 	if err != nil {

  356. 		return nil, err

  357. 	}

  358. 	cookie := &http.Cookie{

  359. 		Name:     m.opt.CookieName,

  360. 		Value:    sid,

  361. 		Path:     m.opt.CookiePath,

  362. 		HttpOnly: true,

  363. 		Secure:   m.opt.Secure,

  364. 		Domain:   m.opt.Domain,

  365. 	}

  366. 	if m.opt.CookieLifeTime >= 0 {

  367. 		cookie.MaxAge = m.opt.CookieLifeTime

  368. 	}

  369. 	http.SetCookie(ctx.Resp, cookie)

  370. 	ctx.Req.AddCookie(cookie)

  371. 	return sess, nil

  372. }

  373. 

  374. // Count counts and returns number of sessions.

  375. func (m *Manager) Count() int {

  376. 	return m.provider.Count()

  377. }

  378. 

  379. // GC starts GC job in a certain period.

  380. func (m *Manager) GC() {

  381. 	m.provider.GC()

  382. }

  383. 

  384. // startGC starts GC job in a certain period.

  385. func (m *Manager) startGC() {

  386. 	m.GC()

  387. 	time.AfterFunc(time.Duration(m.opt.Gclifetime)*time.Second, func() { m.startGC() })

  388. }

  389. 

  390. // SetSecure indicates whether to set cookie with HTTPS or not.

  391. func (m *Manager) SetSecure(secure bool) {

  392. 	m.opt.Secure = secure

  393. }
上海开阖软件有限公司 沪ICP备12045867号-1