ovpn-certman/services/sessions.go

package services

import (
	"encoding/gob"
	"errors"
	"fmt"
	"html/template"
	"log"
	"net/http"
	"time"

	"github.com/alexedwards/scs"
)

const (
	// FlashesKey is the key used for the flashes in the cookie
	FlashesKey = "_flashes"
	// UserEmailKey is the key used to reference usernames
	UserEmailKey = "_user_email"
)

func init() {
	// Register the Flash message type, so gob can serialize it
	gob.Register(Flash{})
}

type SessionsConfig struct {
	HTTPOnly bool
	Secure   bool
	Lifetime time.Duration
}

// Sessions is a wrapped scs.Store in order to implement custom logic
type Sessions struct {
	*scs.Session
}

// NewSessions populates the default sessions Store
func NewSessions(conf *SessionsConfig) *Sessions {
	session := scs.NewSession()
	session.Lifetime = conf.Lifetime
	session.Cookie.HttpOnly = true
	session.Cookie.Secure = conf.Secure

	return &Sessions{session}
}

func (store *Sessions) GetUsername(req *http.Request) string {
	if store == nil {
		// if store was not initialized, all requests fail
		log.Println("Nil pointer when checking session for username")
		return ""
	}

	email := store.GetString(req.Context(), UserEmailKey)
	return email // "" if no user is logged in
}

func (store *Sessions) SetUsername(w http.ResponseWriter, req *http.Request, username string) {
	if store == nil {
		// if store was not initialized, do nothing
		return
	}

	// renew token to avoid session pinning/fixation attack
	store.RenewToken(req.Context())

	store.Put(req.Context(), UserEmailKey, username)
}

type Flash struct {
	Message template.HTML
	Type    string
}

// Render renders the flash message as a notification box
func (flash Flash) Render() template.HTML {
	return template.HTML(
		fmt.Sprintf(
			"<div class=\"notification is-radiusless is-%s\"><div class=\"container has-text-centered\">%s</div></div>",
			flash.Type, flash.Message,
		),
	)
}

// Flash add flash message to session data
func (store *Sessions) Flash(w http.ResponseWriter, req *http.Request, flash Flash) error {
	flashes, ok := store.Get(req.Context(), FlashesKey).([]Flash)
	if !ok {
		return errors.New("Could not get flashes")
	}

	flashes = append(flashes, flash)
	return nil
}

// Flashes returns a slice of flash messages from session data
func (store *Sessions) Flashes(w http.ResponseWriter, req *http.Request) []Flash {
	flashes, ok := store.Pop(req.Context(), FlashesKey).([]Flash)
	if !ok {
		return nil
	}
	return flashes
}
Move database and sessions to services 2018-01-26 14:49:03 +01:00			`package services`

			`import (`
Add User management 2018-01-29 09:18:19 +01:00			`"encoding/gob"`
Update SCS session manager 2019-05-15 19:08:24 +02:00			`"errors"`
Add User management 2018-01-29 09:18:19 +01:00			`"fmt"`
			`"html/template"`
			`"log"`
			`"net/http"`
			`"time"`

			`"github.com/alexedwards/scs"`
Move database and sessions to services 2018-01-26 14:49:03 +01:00			`)`

Update SCS session manager 2019-05-15 19:08:24 +02:00			`const (`
Add User management 2018-01-29 09:18:19 +01:00			`// FlashesKey is the key used for the flashes in the cookie`
			`FlashesKey = "_flashes"`
			`// UserEmailKey is the key used to reference usernames`
			`UserEmailKey = "_user_email"`
			`)`

			`func init() {`
			`// Register the Flash message type, so gob can serialize it`
			`gob.Register(Flash{})`
			`}`

Refactor global variables into injected dependencies 2018-01-29 16:52:59 +01:00			`type SessionsConfig struct {`
Update SCS session manager 2019-05-15 19:08:24 +02:00			`HTTPOnly bool`
			`Secure bool`
			`Lifetime time.Duration`
Refactor global variables into injected dependencies 2018-01-29 16:52:59 +01:00			`}`
Move database and sessions to services 2018-01-26 14:49:03 +01:00
Refactor global variables into injected dependencies 2018-01-29 16:52:59 +01:00			`// Sessions is a wrapped scs.Store in order to implement custom logic`
			`type Sessions struct {`
Update SCS session manager 2019-05-15 19:08:24 +02:00			`*scs.Session`
Add User management 2018-01-29 09:18:19 +01:00			`}`

Refactor global variables into injected dependencies 2018-01-29 16:52:59 +01:00			`// NewSessions populates the default sessions Store`
			`func NewSessions(conf SessionsConfig) Sessions {`
Update SCS session manager 2019-05-15 19:08:24 +02:00			`session := scs.NewSession()`
			`session.Lifetime = conf.Lifetime`
			`session.Cookie.HttpOnly = true`
			`session.Cookie.Secure = conf.Secure`
Add User management 2018-01-29 09:18:19 +01:00
Update SCS session manager 2019-05-15 19:08:24 +02:00			`return &Sessions{session}`
Add User management 2018-01-29 09:18:19 +01:00			`}`

Simplify: use OAuth2 2018-02-01 09:31:06 +01:00			`func (store Sessions) GetUsername(req http.Request) string {`
Add User management 2018-01-29 09:18:19 +01:00			`if store == nil {`
			`// if store was not initialized, all requests fail`
Refactor code, delete old references 2018-02-03 18:14:47 +01:00			`log.Println("Nil pointer when checking session for username")`
Add User management 2018-01-29 09:18:19 +01:00			`return ""`
			`}`

Update SCS session manager 2019-05-15 19:08:24 +02:00			`email := store.GetString(req.Context(), UserEmailKey)`
			`return email // "" if no user is logged in`
Add User management 2018-01-29 09:18:19 +01:00			`}`

Simplify: use OAuth2 2018-02-01 09:31:06 +01:00			`func (store Sessions) SetUsername(w http.ResponseWriter, req http.Request, username string) {`
Add User management 2018-01-29 09:18:19 +01:00			`if store == nil {`
			`// if store was not initialized, do nothing`
			`return`
			`}`

			`// renew token to avoid session pinning/fixation attack`
Update SCS session manager 2019-05-15 19:08:24 +02:00			`store.RenewToken(req.Context())`
Add User management 2018-01-29 09:18:19 +01:00
Update SCS session manager 2019-05-15 19:08:24 +02:00			`store.Put(req.Context(), UserEmailKey, username)`
Add User management 2018-01-29 09:18:19 +01:00			`}`

			`type Flash struct {`
			`Message template.HTML`
			`Type string`
			`}`

			`// Render renders the flash message as a notification box`
			`func (flash Flash) Render() template.HTML {`
			`return template.HTML(`
			`fmt.Sprintf(`
			`"<div class=\"notification is-radiusless is-%s\"><div class=\"container has-text-centered\">%s</div></div>",`
			`flash.Type, flash.Message,`
			`),`
			`)`
			`}`

			`// Flash add flash message to session data`
Refactor global variables into injected dependencies 2018-01-29 16:52:59 +01:00			`func (store Sessions) Flash(w http.ResponseWriter, req http.Request, flash Flash) error {`
Update SCS session manager 2019-05-15 19:08:24 +02:00			`flashes, ok := store.Get(req.Context(), FlashesKey).([]Flash)`
			`if !ok {`
			`return errors.New("Could not get flashes")`
Add User management 2018-01-29 09:18:19 +01:00			`}`

			`flashes = append(flashes, flash)`
Update SCS session manager 2019-05-15 19:08:24 +02:00			`return nil`
Add User management 2018-01-29 09:18:19 +01:00			`}`
Move database and sessions to services 2018-01-26 14:49:03 +01:00
Add User management 2018-01-29 09:18:19 +01:00			`// Flashes returns a slice of flash messages from session data`
Refactor global variables into injected dependencies 2018-01-29 16:52:59 +01:00			`func (store Sessions) Flashes(w http.ResponseWriter, req http.Request) []Flash {`
Update SCS session manager 2019-05-15 19:08:24 +02:00			`flashes, ok := store.Pop(req.Context(), FlashesKey).([]Flash)`
			`if !ok {`
			`return nil`
			`}`
Add User management 2018-01-29 09:18:19 +01:00			`return flashes`
Move database and sessions to services 2018-01-26 14:49:03 +01:00			`}`