bouncer/internal/proxy/director/layer/authn/store.go

180 lines
4.0 KiB
Go

package authn
import (
"bytes"
"context"
"crypto/rand"
"encoding/base32"
"encoding/gob"
"io"
"net/http"
"strings"
"time"
"github.com/gorilla/sessions"
"github.com/pkg/errors"
"github.com/redis/go-redis/v9"
)
type StoreAdapter interface {
Set(ctx context.Context, key string, data []byte, ttl time.Duration) error
Del(ctx context.Context, key string) error
Get(ctx context.Context, key string) ([]byte, error)
}
type Store struct {
adapter StoreAdapter
options sessions.Options
keyPrefix string
keyGen KeyGenFunc
serializer SessionSerializer
}
type KeyGenFunc func() (string, error)
func NewStore(adapter StoreAdapter) *Store {
rs := &Store{
options: sessions.Options{
Path: "/",
MaxAge: 86400 * 30,
},
adapter: adapter,
keyPrefix: "session:",
keyGen: generateRandomKey,
serializer: GobSerializer{},
}
return rs
}
func (s *Store) Get(r *http.Request, name string) (*sessions.Session, error) {
return sessions.GetRegistry(r).Get(s, name)
}
func (s *Store) New(r *http.Request, name string) (*sessions.Session, error) {
session := sessions.NewSession(s, name)
opts := s.options
session.Options = &opts
session.IsNew = true
c, err := r.Cookie(name)
if err != nil {
return session, nil
}
session.ID = c.Value
err = s.load(r.Context(), session)
if err == nil {
session.IsNew = false
} else if err == redis.Nil {
err = nil // no data stored
}
return session, err
}
func (s *Store) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error {
if session.Options.MaxAge <= 0 {
if err := s.delete(r.Context(), session); err != nil {
return err
}
http.SetCookie(w, sessions.NewCookie(session.Name(), "", session.Options))
return nil
}
if session.ID == "" {
id, err := s.keyGen()
if err != nil {
return errors.New("redisstore: failed to generate session id")
}
session.ID = id
}
if err := s.save(r.Context(), session); err != nil {
return err
}
http.SetCookie(w, sessions.NewCookie(session.Name(), session.ID, session.Options))
return nil
}
func (s *Store) Options(opts sessions.Options) {
s.options = opts
}
func (s *Store) KeyPrefix(keyPrefix string) {
s.keyPrefix = keyPrefix
}
func (s *Store) KeyGen(f KeyGenFunc) {
s.keyGen = f
}
func (s *Store) Serializer(ss SessionSerializer) {
s.serializer = ss
}
func (s *Store) save(ctx context.Context, session *sessions.Session) error {
b, err := s.serializer.Serialize(session)
if err != nil {
return err
}
if err := s.adapter.Set(ctx, s.keyPrefix+session.ID, b, time.Duration(session.Options.MaxAge)*time.Second); err != nil {
return errors.WithStack(err)
}
return nil
}
// load reads session from Redis
func (s *Store) load(ctx context.Context, session *sessions.Session) error {
data, err := s.adapter.Get(ctx, s.keyPrefix+session.ID)
if err != nil {
return errors.WithStack(err)
}
return s.serializer.Deserialize(data, session)
}
// delete deletes session in Redis
func (s *Store) delete(ctx context.Context, session *sessions.Session) error {
if err := s.adapter.Del(ctx, s.keyPrefix+session.ID); err != nil {
return errors.WithStack(err)
}
return nil
}
// SessionSerializer provides an interface for serialize/deserialize a session
type SessionSerializer interface {
Serialize(s *sessions.Session) ([]byte, error)
Deserialize(b []byte, s *sessions.Session) error
}
// Gob serializer
type GobSerializer struct{}
func (gs GobSerializer) Serialize(s *sessions.Session) ([]byte, error) {
buf := new(bytes.Buffer)
enc := gob.NewEncoder(buf)
err := enc.Encode(s.Values)
if err == nil {
return buf.Bytes(), nil
}
return nil, err
}
func (gs GobSerializer) Deserialize(d []byte, s *sessions.Session) error {
dec := gob.NewDecoder(bytes.NewBuffer(d))
return dec.Decode(&s.Values)
}
// generateRandomKey returns a new random key
func generateRandomKey() (string, error) {
k := make([]byte, 64)
if _, err := io.ReadFull(rand.Reader, k); err != nil {
return "", err
}
return strings.TrimRight(base32.StdEncoding.EncodeToString(k), "="), nil
}