commit fc1b32bb7251a8aabf05fdab3c8c4918a419c05b · dunkirk.sh/core

+14 -14

appview/auth/auth.go

···

       29
       29
        
       }

     

       30
       30
        
       

     

       31
       31
        
       func Make() (*Auth, error) {

     

       32
       32
       -
       	store := sessions.NewCookieStore([]byte(appview.SESSION_COOKIE_SECRET))

     

       32
       32
       +
       	store := sessions.NewCookieStore([]byte(appview.SessionCookieSecret))

     

       33
       33
        
       	return &Auth{store}, nil

     

       34
       34
        
       }

     

       35
       35
        
       

     
···

       139
       139
        
       }

     

       140
       140
        
       

     

       141
       141
        
       func (a *Auth) StoreSession(r *http.Request, w http.ResponseWriter, atSessionish Sessionish, pdsEndpoint string) error {

     

       142
       142
       -
       	clientSession, _ := a.Store.Get(r, appview.SESSION_NAME)

     

       143
       143
       -
       	clientSession.Values[appview.SESSION_HANDLE] = atSessionish.GetHandle()

     

       144
       144
       -
       	clientSession.Values[appview.SESSION_DID] = atSessionish.GetDid()

     

       145
       145
       -
       	clientSession.Values[appview.SESSION_PDS] = pdsEndpoint

     

       146
       146
       -
       	clientSession.Values[appview.SESSION_ACCESSJWT] = atSessionish.GetAccessJwt()

     

       147
       147
       -
       	clientSession.Values[appview.SESSION_REFRESHJWT] = atSessionish.GetRefreshJwt()

     

       148
       148
       -
       	clientSession.Values[appview.SESSION_EXPIRY] = time.Now().Add(time.Hour).Format(appview.TIME_LAYOUT)

     

       149
       149
       -
       	clientSession.Values[appview.SESSION_AUTHENTICATED] = true

     

       142
       142
       +
       	clientSession, _ := a.Store.Get(r, appview.SessionName)

     

       143
       143
       +
       	clientSession.Values[appview.SessionHandle] = atSessionish.GetHandle()

     

       144
       144
       +
       	clientSession.Values[appview.SessionDid] = atSessionish.GetDid()

     

       145
       145
       +
       	clientSession.Values[appview.SessionPds] = pdsEndpoint

     

       146
       146
       +
       	clientSession.Values[appview.SessionAccessJwt] = atSessionish.GetAccessJwt()

     

       147
       147
       +
       	clientSession.Values[appview.SessionRefreshJwt] = atSessionish.GetRefreshJwt()

     

       148
       148
       +
       	clientSession.Values[appview.SessionExpiry] = time.Now().Add(time.Hour).Format(appview.TimeLayout)

     

       149
       149
       +
       	clientSession.Values[appview.SessionAuthenticated] = true

     

       150
       150
        
       

     

       151
       151
        
       	return clientSession.Save(r, w)

     

       152
       152
        
       }

     
···

       176
       176
        
       }

     

       177
       177
        
       

     

       178
       178
        
       func (a *Auth) GetSession(r *http.Request) (*sessions.Session, error) {

     

       179
       179
       -
       	return a.Store.Get(r, appview.SESSION_NAME)

     

       179
       179
       +
       	return a.Store.Get(r, appview.SessionName)

     

       180
       180
        
       }

     

       181
       181
        
       

     

       182
       182
        
       func (a *Auth) GetDID(r *http.Request) string {

     

       183
       183
       -
       	clientSession, _ := a.Store.Get(r, appview.SESSION_NAME)

     

       184
       184
       -
       	return clientSession.Values[appview.SESSION_DID].(string)

     

       183
       183
       +
       	clientSession, _ := a.Store.Get(r, appview.SessionName)

     

       184
       184
       +
       	return clientSession.Values[appview.SessionDid].(string)

     

       185
       185
        
       }

     

       186
       186
        
       

     

       187
       187
        
       func (a *Auth) GetHandle(r *http.Request) string {

     

       188
       188
       -
       	clientSession, _ := a.Store.Get(r, appview.SESSION_NAME)

     

       189
       189
       -
       	return clientSession.Values[appview.SESSION_HANDLE].(string)

     

       188
       188
       +
       	clientSession, _ := a.Store.Get(r, appview.SessionName)

     

       189
       189
       +
       	return clientSession.Values[appview.SessionHandle].(string)

     

       190
       190
        
       }

+10 -12

appview/consts.go

···

       1
       1
        
       package appview

     

       2
       2
        
       

     

       3
       3
        
       const (

     

       4
       4
       -
       	SESSION_COOKIE_SECRET = "TODO_CHANGE_ME"

     

       5
       5
       -
       	SESSION_NAME          = "appview-session"

     

       6
       6
       -
       	SESSION_HANDLE        = "handle"

     

       7
       7
       -
       	SESSION_DID           = "did"

     

       8
       8
       -
       	SESSION_PDS           = "pds"

     

       9
       9
       -
       	SESSION_ACCESSJWT     = "accessJwt"

     

       10
       10
       -
       	SESSION_REFRESHJWT    = "refreshJwt"

     

       11
       11
       -
       	SESSION_EXPIRY        = "expiry"

     

       12
       12
       -
       	SESSION_AUTHENTICATED = "authenticated"

     

       13
       13
       -
       

     

       14
       14
       -
       	SALT        = "TODO_RANDOM_SALT"

     

       15
       15
       -
       	TIME_LAYOUT = "2006-01-02 15:04:05.999999999 -0700 MST"

     

       4
       4
       +
       	SessionCookieSecret  = "TODO_CHANGE_ME"

     

       5
       5
       +
       	SessionName          = "appview-session"

     

       6
       6
       +
       	SessionHandle        = "handle"

     

       7
       7
       +
       	SessionDid           = "did"

     

       8
       8
       +
       	SessionPds           = "pds"

     

       9
       9
       +
       	SessionAccessJwt     = "accessJwt"

     

       10
       10
       +
       	SessionRefreshJwt    = "refreshJwt"

     

       11
       11
       +
       	SessionExpiry        = "expiry"

     

       12
       12
       +
       	SessionAuthenticated = "authenticated"

     

       13
       13
       +
       	TimeLayout           = "2006-01-02 15:04:05.999999999 -0700 MST"

     

       16
       14
        
       )

+7 -7

appview/state/middleware.go

···

       16
       16
        
       func AuthMiddleware(s *State) Middleware {

     

       17
       17
        
       	return func(next http.Handler) http.Handler {

     

       18
       18
        
       		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

     

       19
       19
       -
       			session, _ := s.auth.Store.Get(r, appview.SESSION_NAME)

     

       20
       20
       -
       			authorized, ok := session.Values[appview.SESSION_AUTHENTICATED].(bool)

     

       19
       19
       +
       			session, _ := s.auth.Store.Get(r, appview.SessionName)

     

       20
       20
       +
       			authorized, ok := session.Values[appview.SessionAuthenticated].(bool)

     

       21
       21
        
       

     

       22
       22
        
       			if !ok || !authorized {

     

       23
       23
        
       				log.Printf("not logged in, redirecting")

     
···

       27
       27
        
       

     

       28
       28
        
       			// refresh if nearing expiry

     

       29
       29
        
       			// TODO: dedup with /login

     

       30
       30
       -
       			expiryStr := session.Values[appview.SESSION_EXPIRY].(string)

     

       31
       31
       -
       			expiry, err := time.Parse(appview.TIME_LAYOUT, expiryStr)

     

       30
       30
       +
       			expiryStr := session.Values[appview.SessionExpiry].(string)

     

       31
       31
       +
       			expiry, err := time.Parse(appview.TimeLayout, expiryStr)

     

       32
       32
        
       			if err != nil {

     

       33
       33
        
       				log.Println("invalid expiry time", err)

     

       34
       34
        
       				return

     

       35
       35
        
       			}

     

       36
       36
       -
       			pdsUrl := session.Values[appview.SESSION_PDS].(string)

     

       37
       37
       -
       			did := session.Values[appview.SESSION_DID].(string)

     

       38
       38
       -
       			refreshJwt := session.Values[appview.SESSION_REFRESHJWT].(string)

     

       36
       36
       +
       			pdsUrl := session.Values[appview.SessionPds].(string)

     

       37
       37
       +
       			did := session.Values[appview.SessionDid].(string)

     

       38
       38
       +
       			refreshJwt := session.Values[appview.SessionRefreshJwt].(string)

     

       39
       39
        
       

     

       40
       40
        
       			if time.Now().After(expiry) {

     

       41
       41
        
       				log.Println("token expired, refreshing ...")

+2 -2

appview/state/state.go

···

       92
       92
        
       

     

       93
       93
        
       		return

     

       94
       94
        
       	case http.MethodPost:

     

       95
       95
       -
       		session, err := s.auth.Store.Get(r, appview.SESSION_NAME)

     

       95
       95
       +
       		session, err := s.auth.Store.Get(r, appview.SessionName)

     

       96
       96
        
       		if err != nil || session.IsNew {

     

       97
       97
        
       			log.Println("unauthorized attempt to generate registration key")

     

       98
       98
        
       			http.Error(w, "Forbidden", http.StatusUnauthorized)

     

       99
       99
        
       			return

     

       100
       100
        
       		}

     

       101
       101
        
       

     

       102
       102
       -
       		did := session.Values[appview.SESSION_DID].(string)

     

       102
       102
       +
       		did := session.Values[appview.SessionDid].(string)

     

       103
       103
        
       

     

       104
       104
        
       		// check if domain is valid url, and strip extra bits down to just host

     

       105
       105
        
       		domain := r.FormValue("domain")