diff options
author | =Corey Hulen <corey@hulen.com> | 2015-10-20 04:37:51 -0700 |
---|---|---|
committer | =Corey Hulen <corey@hulen.com> | 2015-10-20 04:37:51 -0700 |
commit | fa3a0df2b63d3f1bbbad44bf20afa48fed42aa06 (patch) | |
tree | 7ed37f554aae729a6fad579bc1a82e988de45971 /api | |
parent | 36658c13a4c7ebdfff22b8570e0db52bfa4de000 (diff) | |
download | chat-fa3a0df2b63d3f1bbbad44bf20afa48fed42aa06.tar.gz chat-fa3a0df2b63d3f1bbbad44bf20afa48fed42aa06.tar.bz2 chat-fa3a0df2b63d3f1bbbad44bf20afa48fed42aa06.zip |
Adding multi-session cookie
Diffstat (limited to 'api')
-rw-r--r-- | api/context.go | 56 | ||||
-rw-r--r-- | api/user.go | 17 |
2 files changed, 39 insertions, 34 deletions
diff --git a/api/context.go b/api/context.go index 67eed674a..e5ef8b312 100644 --- a/api/context.go +++ b/api/context.go @@ -30,12 +30,12 @@ type Context struct { } type Page struct { - TemplateName string - Props map[string]string - ClientCfg map[string]string - User *model.User - Team *model.Team - Session *model.Session + TemplateName string + Props map[string]string + ClientCfg map[string]string + User *model.User + Team *model.Team + SessionTokenHash string } func ApiAppHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { @@ -99,8 +99,29 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // Attempt to parse the token from the cookie if len(token) == 0 { - if cookie, err := r.Cookie(model.SESSION_TOKEN); err == nil { - token = cookie.Value + if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { + multiToken := cookie.Value + + fmt.Println(">>>>>>>> multiToken: " + multiToken) + + if len(multiToken) > 0 { + tokens := strings.Split(multiToken, " ") + + // If there is only 1 token in the cookie then just use it like normal + if len(tokens) == 1 { + token = multiToken + } else { + // If it is a multi-session token then find the correct session + sessionTokenHash := r.Header.Get(model.HEADER_MM_SESSION_TOKEN_HASH) + fmt.Println(">>>>>>>> sessionHash: " + sessionTokenHash + " url=" + r.URL.Path) + for _, t := range tokens { + if sessionTokenHash == model.HashPassword(t) { + token = token + break + } + } + } + } } } @@ -179,6 +200,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { w.Write([]byte(c.Err.ToJson())) } else { if c.Err.StatusCode == http.StatusUnauthorized { + fmt.Println("!!!!!!!!!!!!!!!! url=" + r.URL.Path) http.Redirect(w, r, c.GetTeamURL()+"/?redirect="+url.QueryEscape(r.URL.Path), http.StatusTemporaryRedirect) } else { RenderWebError(c.Err, w, r) @@ -310,25 +332,13 @@ func (c *Context) IsTeamAdmin() bool { func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request) { - sessionCache.Remove(c.Session.Token) - - cookie := &http.Cookie{ - Name: model.SESSION_TOKEN, - Value: "", - Path: "/", - MaxAge: -1, - HttpOnly: true, - } - - http.SetCookie(w, cookie) - multiToken := "" - if oldMultiCookie, err := r.Cookie(model.MULTI_SESSION_TOKEN); err == nil { + if oldMultiCookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { multiToken = oldMultiCookie.Value } multiCookie := &http.Cookie{ - Name: model.MULTI_SESSION_TOKEN, + Name: model.SESSION_COOKIE_TOKEN, Value: strings.TrimSpace(strings.Replace(multiToken, c.Session.Token, "", -1)), Path: "/", MaxAge: model.SESSION_TIME_WEB_IN_SECS, @@ -500,7 +510,7 @@ func GetSession(token string) *model.Session { func FindMultiSessionForTeamId(r *http.Request, teamId string) *model.Session { - if multiCookie, err := r.Cookie(model.MULTI_SESSION_TOKEN); err == nil { + if multiCookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { multiToken := multiCookie.Value if len(multiToken) > 0 { diff --git a/api/user.go b/api/user.go index ac33e81a1..1216dd30d 100644 --- a/api/user.go +++ b/api/user.go @@ -428,21 +428,14 @@ func Login(c *Context, w http.ResponseWriter, r *http.Request, user *model.User, } w.Header().Set(model.HEADER_TOKEN, session.Token) - sessionCookie := &http.Cookie{ - Name: model.SESSION_TOKEN, - Value: session.Token, - Path: "/", - MaxAge: maxAge, - HttpOnly: true, - } - - http.SetCookie(w, sessionCookie) multiToken := "" - if originalMultiSessionCookie, err := r.Cookie(model.MULTI_SESSION_TOKEN); err == nil { + if originalMultiSessionCookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { multiToken = originalMultiSessionCookie.Value } + fmt.Println("original: " + multiToken) + // Attempt to clean all the old tokens or duplicate tokens if len(multiToken) > 0 { tokens := strings.Split(multiToken, " ") @@ -463,8 +456,10 @@ func Login(c *Context, w http.ResponseWriter, r *http.Request, user *model.User, multiToken = strings.TrimSpace(session.Token + " " + multiToken) + fmt.Println("new: " + multiToken) + multiSessionCookie := &http.Cookie{ - Name: model.MULTI_SESSION_TOKEN, + Name: model.SESSION_COOKIE_TOKEN, Value: multiToken, Path: "/", MaxAge: maxAge, |