Simplify cookie creation form *options.CookieOptions

This commit is contained in:
Joel Speed 2019-05-13 16:01:28 +01:00
parent 37e31b5f09
commit 76bd23738f
No known key found for this signature in database
GPG Key ID: 6E80578D6751DEFB
2 changed files with 22 additions and 30 deletions

View File

@ -7,6 +7,7 @@ import (
"time" "time"
"github.com/pusher/oauth2_proxy/logger" "github.com/pusher/oauth2_proxy/logger"
"github.com/pusher/oauth2_proxy/pkg/apis/options"
) )
// MakeCookie constructs a cookie from the given parameters, // MakeCookie constructs a cookie from the given parameters,
@ -32,3 +33,9 @@ func MakeCookie(req *http.Request, name string, value string, path string, domai
Expires: now.Add(expiration), Expires: now.Add(expiration),
} }
} }
// MakeCookieFromOptions constructs a cookie based on the givemn *options.CookieOptions,
// value and creation time
func MakeCookieFromOptions(req *http.Request, name string, value string, opts *options.CookieOptions, expiration time.Duration, now time.Time) *http.Cookie {
return MakeCookie(req, name, value, opts.CookiePath, opts.CookieDomain, opts.CookieHTTPOnly, opts.CookieSecure, expiration, now)
}

View File

@ -27,14 +27,8 @@ var _ sessions.SessionStore = &SessionStore{}
// SessionStore is an implementation of the sessions.SessionStore // SessionStore is an implementation of the sessions.SessionStore
// interface that stores sessions in client side cookies // interface that stores sessions in client side cookies
type SessionStore struct { type SessionStore struct {
CookieCipher *cookie.Cipher CookieOptions *options.CookieOptions
CookieDomain string CookieCipher *cookie.Cipher
CookieExpire time.Duration
CookieHTTPOnly bool
CookieName string
CookiePath string
CookieSecret string
CookieSecure bool
} }
// Save takes a sessions.SessionState and stores the information from it // Save takes a sessions.SessionState and stores the information from it
@ -54,12 +48,12 @@ func (s *SessionStore) Save(rw http.ResponseWriter, req *http.Request, ss *sessi
// Load reads sessions.SessionState information from Cookies within the // Load reads sessions.SessionState information from Cookies within the
// HTTP request object // HTTP request object
func (s *SessionStore) Load(req *http.Request) (*sessions.SessionState, error) { func (s *SessionStore) Load(req *http.Request) (*sessions.SessionState, error) {
c, err := loadCookie(req, s.CookieName) c, err := loadCookie(req, s.CookieOptions.CookieName)
if err != nil { if err != nil {
// always http.ErrNoCookie // always http.ErrNoCookie
return nil, fmt.Errorf("Cookie %q not present", s.CookieName) return nil, fmt.Errorf("Cookie %q not present", s.CookieOptions.CookieName)
} }
val, _, ok := cookie.Validate(c, s.CookieSecret, s.CookieExpire) val, _, ok := cookie.Validate(c, s.CookieOptions.CookieSecret, s.CookieOptions.CookieExpire)
if !ok { if !ok {
return nil, errors.New("Cookie Signature not valid") return nil, errors.New("Cookie Signature not valid")
} }
@ -77,7 +71,7 @@ func (s *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) error {
var cookies []*http.Cookie var cookies []*http.Cookie
// matches CookieName, CookieName_<number> // matches CookieName, CookieName_<number>
var cookieNameRegex = regexp.MustCompile(fmt.Sprintf("^%s(_\\d+)?$", s.CookieName)) var cookieNameRegex = regexp.MustCompile(fmt.Sprintf("^%s(_\\d+)?$", s.CookieOptions.CookieName))
for _, c := range req.Cookies() { for _, c := range req.Cookies() {
if cookieNameRegex.MatchString(c.Name) { if cookieNameRegex.MatchString(c.Name) {
@ -93,33 +87,30 @@ func (s *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) error {
// setSessionCookie adds the user's session cookie to the response // setSessionCookie adds the user's session cookie to the response
func (s *SessionStore) setSessionCookie(rw http.ResponseWriter, req *http.Request, val string, created time.Time) { func (s *SessionStore) setSessionCookie(rw http.ResponseWriter, req *http.Request, val string, created time.Time) {
for _, c := range s.makeSessionCookie(req, val, s.CookieExpire, created) { for _, c := range s.makeSessionCookie(req, val, created) {
http.SetCookie(rw, c) http.SetCookie(rw, c)
} }
} }
// makeSessionCookie creates an http.Cookie containing the authenticated user's // makeSessionCookie creates an http.Cookie containing the authenticated user's
// authentication details // authentication details
func (s *SessionStore) makeSessionCookie(req *http.Request, value string, expiration time.Duration, now time.Time) []*http.Cookie { func (s *SessionStore) makeSessionCookie(req *http.Request, value string, now time.Time) []*http.Cookie {
if value != "" { if value != "" {
value = cookie.SignedValue(s.CookieSecret, s.CookieName, value, now) value = cookie.SignedValue(s.CookieOptions.CookieSecret, s.CookieOptions.CookieName, value, now)
} }
c := s.makeCookie(req, s.CookieName, value, expiration, now) c := s.makeCookie(req, s.CookieOptions.CookieName, value, s.CookieOptions.CookieExpire, now)
if len(c.Value) > 4096-len(s.CookieName) { if len(c.Value) > 4096-len(s.CookieOptions.CookieName) {
return splitCookie(c) return splitCookie(c)
} }
return []*http.Cookie{c} return []*http.Cookie{c}
} }
func (s *SessionStore) makeCookie(req *http.Request, name string, value string, expiration time.Duration, now time.Time) *http.Cookie { func (s *SessionStore) makeCookie(req *http.Request, name string, value string, expiration time.Duration, now time.Time) *http.Cookie {
return cookies.MakeCookie( return cookies.MakeCookieFromOptions(
req, req,
name, name,
value, value,
s.CookiePath, s.CookieOptions,
s.CookieDomain,
s.CookieHTTPOnly,
s.CookieSecure,
expiration, expiration,
now, now,
) )
@ -138,14 +129,8 @@ func NewCookieSessionStore(opts options.CookieStoreOptions, cookieOpts *options.
} }
return &SessionStore{ return &SessionStore{
CookieCipher: cipher, CookieCipher: cipher,
CookieDomain: cookieOpts.CookieDomain, CookieOptions: cookieOpts,
CookieExpire: cookieOpts.CookieExpire,
CookieHTTPOnly: cookieOpts.CookieHTTPOnly,
CookieName: cookieOpts.CookieName,
CookiePath: cookieOpts.CookiePath,
CookieSecret: cookieOpts.CookieSecret,
CookieSecure: cookieOpts.CookieSecure,
}, nil }, nil
} }