Simplify redis store options

This commit is contained in:
Joel Speed 2019-05-15 17:06:05 +01:00
parent 94945238b2
commit 8e7f98e461
No known key found for this signature in database
GPG Key ID: 6E80578D6751DEFB
2 changed files with 26 additions and 54 deletions

View File

@ -17,7 +17,6 @@ import (
"github.com/pusher/oauth2_proxy/pkg/apis/options" "github.com/pusher/oauth2_proxy/pkg/apis/options"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/pusher/oauth2_proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/cookies" "github.com/pusher/oauth2_proxy/pkg/cookies"
"github.com/pusher/oauth2_proxy/pkg/sessions/utils"
) )
// TicketData is a structure representing the ticket used in server session storage // TicketData is a structure representing the ticket used in server session storage
@ -29,46 +28,25 @@ type TicketData struct {
// SessionStore is an implementation of the sessions.SessionStore // SessionStore is an implementation of the sessions.SessionStore
// interface that stores sessions in redis // interface that stores sessions in redis
type SessionStore struct { type SessionStore struct {
CookieCipher *cookie.Cipher CookieCipher *cookie.Cipher
CookieDomain string CookieOptions *options.CookieOptions
CookieExpire time.Duration Client *redis.Client
CookieHTTPOnly bool
CookieName string
CookiePath string
CookieSecret string
CookieSecure bool
Client *redis.Client
} }
// NewRedisSessionStore initialises a new instance of the SessionStore from // NewRedisSessionStore initialises a new instance of the SessionStore from
// the configuration given // the configuration given
func NewRedisSessionStore(opts options.RedisStoreOptions, cookieOpts *options.CookieOptions) (sessions.SessionStore, error) { func NewRedisSessionStore(opts *options.SessionOptions, cookieOpts *options.CookieOptions) (sessions.SessionStore, error) {
opt, err := redis.ParseURL(opts.RedisConnectionURL) opt, err := redis.ParseURL(opts.RedisStoreOptions.RedisConnectionURL)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to parse redis url: %s", err) return nil, fmt.Errorf("unable to parse redis url: %s", err)
} }
var cookieCipher *cookie.Cipher
if len(cookieOpts.CookieSecret) > 0 {
var err error
cookieCipher, err = cookie.NewCipher(utils.SecretBytes(cookieOpts.CookieSecret))
if err != nil {
return nil, fmt.Errorf("unable to create cookieCipher: %v", err)
}
}
client := redis.NewClient(opt) client := redis.NewClient(opt)
rs := &SessionStore{ rs := &SessionStore{
Client: client, Client: client,
CookieCipher: cookieCipher, CookieCipher: opts.Cipher,
CookieDomain: cookieOpts.CookieDomain, CookieOptions: cookieOpts,
CookieExpire: cookieOpts.CookieExpire,
CookieHTTPOnly: cookieOpts.CookieHTTPOnly,
CookieName: cookieOpts.CookieName,
CookiePath: cookieOpts.CookiePath,
CookieSecret: cookieOpts.CookieSecret,
CookieSecure: cookieOpts.CookieSecure,
} }
return rs, nil return rs, nil
@ -79,7 +57,7 @@ func NewRedisSessionStore(opts options.RedisStoreOptions, cookieOpts *options.Co
func (store *SessionStore) Save(rw http.ResponseWriter, req *http.Request, s *sessions.SessionState) error { func (store *SessionStore) Save(rw http.ResponseWriter, req *http.Request, s *sessions.SessionState) error {
// Old sessions that we are refreshing would have a request cookie // Old sessions that we are refreshing would have a request cookie
// New sessions don't, so we ignore the error. storeValue will check requestCookie // New sessions don't, so we ignore the error. storeValue will check requestCookie
requestCookie, _ := req.Cookie(store.CookieName) requestCookie, _ := req.Cookie(store.CookieOptions.CookieName)
value, err := s.EncodeSessionState(store.CookieCipher) value, err := s.EncodeSessionState(store.CookieCipher)
if err != nil { if err != nil {
return err return err
@ -89,15 +67,12 @@ func (store *SessionStore) Save(rw http.ResponseWriter, req *http.Request, s *se
return err return err
} }
ticketCookie := cookies.MakeCookie( ticketCookie := cookies.MakeCookieFromOptions(
req, req,
store.CookieName, store.CookieOptions.CookieName,
ticketString, ticketString,
store.CookiePath, store.CookieOptions,
store.CookieDomain, store.CookieOptions.CookieExpire,
store.CookieHTTPOnly,
store.CookieSecure,
store.CookieExpire,
time.Now(), time.Now(),
) )
@ -108,7 +83,7 @@ func (store *SessionStore) Save(rw http.ResponseWriter, req *http.Request, s *se
// Load reads sessions.SessionState information from a ticket // Load reads sessions.SessionState information from a ticket
// cookie within the HTTP request object // cookie within the HTTP request object
func (store *SessionStore) Load(req *http.Request) (*sessions.SessionState, error) { func (store *SessionStore) Load(req *http.Request) (*sessions.SessionState, error) {
requestCookie, err := req.Cookie(store.CookieName) requestCookie, err := req.Cookie(store.CookieOptions.CookieName)
if err != nil { if err != nil {
return nil, fmt.Errorf("error loading session: %s", err) return nil, fmt.Errorf("error loading session: %s", err)
} }
@ -122,12 +97,12 @@ func (store *SessionStore) Load(req *http.Request) (*sessions.SessionState, erro
// LoadSessionFromString loads the session based on the ticket value // LoadSessionFromString loads the session based on the ticket value
func (store *SessionStore) LoadSessionFromString(value string) (*sessions.SessionState, error) { func (store *SessionStore) LoadSessionFromString(value string) (*sessions.SessionState, error) {
ticket, err := decodeTicket(store.CookieName, value) ticket, err := decodeTicket(store.CookieOptions.CookieName, value)
if err != nil { if err != nil {
return nil, err return nil, err
} }
result, err := store.Client.Get(ticket.asHandle(store.CookieName)).Result() result, err := store.Client.Get(ticket.asHandle(store.CookieOptions.CookieName)).Result()
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -151,17 +126,14 @@ func (store *SessionStore) LoadSessionFromString(value string) (*sessions.Sessio
// Clear clears any saved session information for a given ticket cookie // Clear clears any saved session information for a given ticket cookie
// from redis, and then clears the session // from redis, and then clears the session
func (store *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) error { func (store *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) error {
requestCookie, _ := req.Cookie(store.CookieName) requestCookie, _ := req.Cookie(store.CookieOptions.CookieName)
// We go ahead and clear the cookie first, always. // We go ahead and clear the cookie first, always.
clearCookie := cookies.MakeCookie( clearCookie := cookies.MakeCookieFromOptions(
req, req,
store.CookieName, store.CookieOptions.CookieName,
"", "",
store.CookiePath, store.CookieOptions,
store.CookieDomain,
store.CookieHTTPOnly,
store.CookieSecure,
time.Hour*-1, time.Hour*-1,
time.Now(), time.Now(),
) )
@ -169,9 +141,9 @@ func (store *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) erro
// We only return an error if we had an issue with redis // We only return an error if we had an issue with redis
// If there's an issue decoding the ticket, ignore it // If there's an issue decoding the ticket, ignore it
ticket, _ := decodeTicket(store.CookieName, requestCookie.Value) ticket, _ := decodeTicket(store.CookieOptions.CookieName, requestCookie.Value)
if ticket != nil { if ticket != nil {
deleted, err := store.Client.Del(ticket.asHandle(store.CookieName)).Result() deleted, err := store.Client.Del(ticket.asHandle(store.CookieOptions.CookieName)).Result()
fmt.Println("delted %n", deleted) fmt.Println("delted %n", deleted)
if err != nil { if err != nil {
return fmt.Errorf("error clearing cookie from redis: %s", err) return fmt.Errorf("error clearing cookie from redis: %s", err)
@ -184,7 +156,7 @@ func (store *SessionStore) storeValue(value string, expiresOn time.Time, request
var ticket *TicketData var ticket *TicketData
if requestCookie != nil { if requestCookie != nil {
var err error var err error
ticket, err = decodeTicket(store.CookieName, requestCookie.Value) ticket, err = decodeTicket(store.CookieOptions.CookieName, requestCookie.Value)
if err != nil { if err != nil {
return "", err return "", err
} }
@ -206,13 +178,13 @@ func (store *SessionStore) storeValue(value string, expiresOn time.Time, request
stream := cipher.NewCFBEncrypter(block, ticket.Secret) stream := cipher.NewCFBEncrypter(block, ticket.Secret)
stream.XORKeyStream(ciphertext, []byte(value)) stream.XORKeyStream(ciphertext, []byte(value))
handle := ticket.asHandle(store.CookieName) handle := ticket.asHandle(store.CookieOptions.CookieName)
expires := expiresOn.Sub(time.Now()) expires := expiresOn.Sub(time.Now())
err = store.Client.Set(handle, ciphertext, expires).Err() err = store.Client.Set(handle, ciphertext, expires).Err()
if err != nil { if err != nil {
return "", err return "", err
} }
return ticket.encodeTicket(store.CookieName), nil return ticket.encodeTicket(store.CookieOptions.CookieName), nil
} }
func newTicket() (*TicketData, error) { func newTicket() (*TicketData, error) {

View File

@ -15,7 +15,7 @@ func NewSessionStore(opts *options.SessionOptions, cookieOpts *options.CookieOpt
case options.CookieSessionStoreType: case options.CookieSessionStoreType:
return cookie.NewCookieSessionStore(opts, cookieOpts) return cookie.NewCookieSessionStore(opts, cookieOpts)
case options.RedisSessionStoreType: case options.RedisSessionStoreType:
return redis.NewRedisSessionStore(opts.RedisStoreOptions, cookieOpts) return redis.NewRedisSessionStore(opts, cookieOpts)
default: default:
return nil, fmt.Errorf("unknown session store type '%s'", opts.Type) return nil, fmt.Errorf("unknown session store type '%s'", opts.Type)
} }