|
|
package session
import ( "crypto/rand" "encoding/hex" "log" "net/http" "strings" "sync" "time"
"git.aiterp.net/aiterp/wikiauth"
"git.aiterp.net/rpdata/api/internal/config" "git.aiterp.net/rpdata/api/internal/store" "github.com/globalsign/mgo" "github.com/globalsign/mgo/bson")
var sessionCollection *mgo.Collection
// A Session represents a login session.
type Session struct { mutex sync.Mutex
ID string `bson:"_id"` Time time.Time `bson:"time"` UserID string `bson:"userId"`
user *User w http.ResponseWriter}
// Load loads a session from a cookie, returning either `r` or a request
// with the session context.
func Load(w http.ResponseWriter, r *http.Request) *http.Request { cookie, err := r.Cookie("aiterp_session") if err != nil { return r.WithContext(contextWithSession(r.Context(), &Session{w: w})) }
id := cookie.Value
session := Session{} err = sessionCollection.FindId(id).One(&session) if err != nil || time.Since(session.Time) > time.Hour*168 { return r.WithContext(contextWithSession(r.Context(), &Session{w: w})) }
if session.ID != "" && time.Since(session.Time) > time.Second*30 { session.Time = time.Now() go sessionCollection.UpdateId(id, bson.M{"$set": bson.M{"time": session.Time}}) }
cookie.Expires = time.Now().Add(time.Hour * 168) http.SetCookie(w, cookie)
session.w = w
return r.WithContext(contextWithSession(r.Context(), &session))}
// Login logs a user in.
func (session *Session) Login(username, password string) error { auth := wikiauth.New(config.Global().Wiki.URL)
err := auth.Login(username, password) if err != nil { return err }
// Allow bot passwords
username = strings.SplitN(username, "@", 2)[0]
data := make([]byte, 32) _, err = rand.Read(data) if err != nil { return err }
session.ID = hex.EncodeToString(data) session.UserID = username session.Time = time.Now()
err = sessionCollection.Insert(&session) if err != nil { return err }
http.SetCookie(session.w, &http.Cookie{ Name: "aiterp_session", Value: session.ID, Expires: time.Now().Add(time.Hour * 2160), // 90 days
HttpOnly: true, })
user, err := FindUser(session.UserID) if err == mgo.ErrNotFound { user = User{ID: username, Nick: "", Permissions: DefaultPermissions()}
err := userCollection.Insert(user) if err != nil { return err } } else if err != nil { return err }
return nil}
// Logout logs out the session
func (session *Session) Logout() { http.SetCookie(session.w, &http.Cookie{ Name: "aiterp_session", Value: "", Expires: time.Unix(0, 0), HttpOnly: true, })
session.mutex.Lock() session.user = nil session.UserID = "" session.ID = "" session.mutex.Unlock()
sessionCollection.RemoveId(session.ID)}
// User gets the user information for the session.
func (session *Session) User() *User { session.mutex.Lock() defer session.mutex.Unlock()
if session.user != nil { return session.user }
if session.UserID == "" { return nil }
user, err := FindUser(session.UserID) if err != nil { return nil }
return &user}
// NameOrPermitted is a shorthand for checking the username OR permissions, e.g. to check
// if a logged in user can edit a certain post.
func (session *Session) NameOrPermitted(userid string, permissions ...string) bool { if session.UserID == userid { return true }
user := session.User() if user == nil { return false }
return user.Permitted()}
func init() { store.HandleInit(func(db *mgo.Database) { sessionCollection = db.C("core.sessions")
sessionCollection.EnsureIndexKey("nick") sessionCollection.EnsureIndexKey("userId")
err := sessionCollection.EnsureIndex(mgo.Index{ Name: "time", Key: []string{"time"}, ExpireAfter: time.Hour * 168, }) if err != nil { log.Fatalln(err) } })}
|
