Simplify cookie creation form *options.CookieOptions
This commit is contained in:
Joel Speed
parent
37e31b5f09
commit
76bd23738f
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/pusher/oauth2_proxy/logger"
|
"github.com/pusher/oauth2_proxy/logger"
|
||||||
|
"github.com/pusher/oauth2_proxy/pkg/apis/options"
|
||||||
)
|
)
|
||||||
|
|
||||||
// MakeCookie constructs a cookie from the given parameters,
|
// MakeCookie constructs a cookie from the given parameters,
|
||||||
|
|
@ -32,3 +33,9 @@ func MakeCookie(req *http.Request, name string, value string, path string, domai
|
||||||
Expires: now.Add(expiration),
|
Expires: now.Add(expiration),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// MakeCookieFromOptions constructs a cookie based on the givemn *options.CookieOptions,
|
||||||
|
// value and creation time
|
||||||
|
func MakeCookieFromOptions(req *http.Request, name string, value string, opts *options.CookieOptions, expiration time.Duration, now time.Time) *http.Cookie {
|
||||||
|
return MakeCookie(req, name, value, opts.CookiePath, opts.CookieDomain, opts.CookieHTTPOnly, opts.CookieSecure, expiration, now)
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -27,14 +27,8 @@ var _ sessions.SessionStore = &SessionStore{}
|
||||||
// SessionStore is an implementation of the sessions.SessionStore
|
// SessionStore is an implementation of the sessions.SessionStore
|
||||||
// interface that stores sessions in client side cookies
|
// interface that stores sessions in client side cookies
|
||||||
type SessionStore struct {
|
type SessionStore struct {
|
||||||
CookieCipher *cookie.Cipher
|
CookieOptions *options.CookieOptions
|
||||||
CookieDomain string
|
CookieCipher *cookie.Cipher
|
||||||
CookieExpire time.Duration
|
|
||||||
CookieHTTPOnly bool
|
|
||||||
CookieName string
|
|
||||||
CookiePath string
|
|
||||||
CookieSecret string
|
|
||||||
CookieSecure bool
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save takes a sessions.SessionState and stores the information from it
|
// Save takes a sessions.SessionState and stores the information from it
|
||||||
|
|
@ -54,12 +48,12 @@ func (s *SessionStore) Save(rw http.ResponseWriter, req *http.Request, ss *sessi
|
||||||
// Load reads sessions.SessionState information from Cookies within the
|
// Load reads sessions.SessionState information from Cookies within the
|
||||||
// HTTP request object
|
// HTTP request object
|
||||||
func (s *SessionStore) Load(req *http.Request) (*sessions.SessionState, error) {
|
func (s *SessionStore) Load(req *http.Request) (*sessions.SessionState, error) {
|
||||||
c, err := loadCookie(req, s.CookieName)
|
c, err := loadCookie(req, s.CookieOptions.CookieName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// always http.ErrNoCookie
|
// always http.ErrNoCookie
|
||||||
return nil, fmt.Errorf("Cookie %q not present", s.CookieName)
|
return nil, fmt.Errorf("Cookie %q not present", s.CookieOptions.CookieName)
|
||||||
}
|
}
|
||||||
val, _, ok := cookie.Validate(c, s.CookieSecret, s.CookieExpire)
|
val, _, ok := cookie.Validate(c, s.CookieOptions.CookieSecret, s.CookieOptions.CookieExpire)
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, errors.New("Cookie Signature not valid")
|
return nil, errors.New("Cookie Signature not valid")
|
||||||
}
|
}
|
||||||
|
|
@ -77,7 +71,7 @@ func (s *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) error {
|
||||||
var cookies []*http.Cookie
|
var cookies []*http.Cookie
|
||||||
|
|
||||||
// matches CookieName, CookieName_<number>
|
// matches CookieName, CookieName_<number>
|
||||||
var cookieNameRegex = regexp.MustCompile(fmt.Sprintf("^%s(_\\d+)?$", s.CookieName))
|
var cookieNameRegex = regexp.MustCompile(fmt.Sprintf("^%s(_\\d+)?$", s.CookieOptions.CookieName))
|
||||||
|
|
||||||
for _, c := range req.Cookies() {
|
for _, c := range req.Cookies() {
|
||||||
if cookieNameRegex.MatchString(c.Name) {
|
if cookieNameRegex.MatchString(c.Name) {
|
||||||
|
|
@ -93,33 +87,30 @@ func (s *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) error {
|
||||||
|
|
||||||
// setSessionCookie adds the user's session cookie to the response
|
// setSessionCookie adds the user's session cookie to the response
|
||||||
func (s *SessionStore) setSessionCookie(rw http.ResponseWriter, req *http.Request, val string, created time.Time) {
|
func (s *SessionStore) setSessionCookie(rw http.ResponseWriter, req *http.Request, val string, created time.Time) {
|
||||||
for _, c := range s.makeSessionCookie(req, val, s.CookieExpire, created) {
|
for _, c := range s.makeSessionCookie(req, val, created) {
|
||||||
http.SetCookie(rw, c)
|
http.SetCookie(rw, c)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// makeSessionCookie creates an http.Cookie containing the authenticated user's
|
// makeSessionCookie creates an http.Cookie containing the authenticated user's
|
||||||
// authentication details
|
// authentication details
|
||||||
func (s *SessionStore) makeSessionCookie(req *http.Request, value string, expiration time.Duration, now time.Time) []*http.Cookie {
|
func (s *SessionStore) makeSessionCookie(req *http.Request, value string, now time.Time) []*http.Cookie {
|
||||||
if value != "" {
|
if value != "" {
|
||||||
value = cookie.SignedValue(s.CookieSecret, s.CookieName, value, now)
|
value = cookie.SignedValue(s.CookieOptions.CookieSecret, s.CookieOptions.CookieName, value, now)
|
||||||
}
|
}
|
||||||
c := s.makeCookie(req, s.CookieName, value, expiration, now)
|
c := s.makeCookie(req, s.CookieOptions.CookieName, value, s.CookieOptions.CookieExpire, now)
|
||||||
if len(c.Value) > 4096-len(s.CookieName) {
|
if len(c.Value) > 4096-len(s.CookieOptions.CookieName) {
|
||||||
return splitCookie(c)
|
return splitCookie(c)
|
||||||
}
|
}
|
||||||
return []*http.Cookie{c}
|
return []*http.Cookie{c}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *SessionStore) makeCookie(req *http.Request, name string, value string, expiration time.Duration, now time.Time) *http.Cookie {
|
func (s *SessionStore) makeCookie(req *http.Request, name string, value string, expiration time.Duration, now time.Time) *http.Cookie {
|
||||||
return cookies.MakeCookie(
|
return cookies.MakeCookieFromOptions(
|
||||||
req,
|
req,
|
||||||
name,
|
name,
|
||||||
value,
|
value,
|
||||||
s.CookiePath,
|
s.CookieOptions,
|
||||||
s.CookieDomain,
|
|
||||||
s.CookieHTTPOnly,
|
|
||||||
s.CookieSecure,
|
|
||||||
expiration,
|
expiration,
|
||||||
now,
|
now,
|
||||||
)
|
)
|
||||||
|
|
@ -138,14 +129,8 @@ func NewCookieSessionStore(opts options.CookieStoreOptions, cookieOpts *options.
|
||||||
}
|
}
|
||||||
|
|
||||||
return &SessionStore{
|
return &SessionStore{
|
||||||
CookieCipher: cipher,
|
CookieCipher: cipher,
|
||||||
CookieDomain: cookieOpts.CookieDomain,
|
CookieOptions: cookieOpts,
|
||||||
CookieExpire: cookieOpts.CookieExpire,
|
|
||||||
CookieHTTPOnly: cookieOpts.CookieHTTPOnly,
|
|
||||||
CookieName: cookieOpts.CookieName,
|
|
||||||
CookiePath: cookieOpts.CookiePath,
|
|
||||||
CookieSecret: cookieOpts.CookieSecret,
|
|
||||||
CookieSecure: cookieOpts.CookieSecure,
|
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user