mirror of
https://github.com/aclindsa/moneygo.git
synced 2024-12-26 23:42:29 -05:00
Remove 'gorilla' framework
It was being used for session management, but we weren't using any of the features that differentiated it from using go's cookies directly so it is hard to justify the additional dependencies.
This commit is contained in:
parent
22560dd43a
commit
c783e2c1bb
5
main.go
5
main.go
@ -4,7 +4,6 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"flag"
|
"flag"
|
||||||
"github.com/gorilla/context"
|
|
||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
@ -76,8 +75,8 @@ func main() {
|
|||||||
|
|
||||||
log.Printf("Serving on port %d out of directory: %s", config.MoneyGo.Port, config.MoneyGo.Basedir)
|
log.Printf("Serving on port %d out of directory: %s", config.MoneyGo.Port, config.MoneyGo.Basedir)
|
||||||
if config.MoneyGo.Fcgi {
|
if config.MoneyGo.Fcgi {
|
||||||
fcgi.Serve(listener, context.ClearHandler(servemux))
|
fcgi.Serve(listener, servemux)
|
||||||
} else {
|
} else {
|
||||||
http.Serve(listener, context.ClearHandler(servemux))
|
http.Serve(listener, servemux)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
54
sessions.go
54
sessions.go
@ -1,16 +1,16 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/rand"
|
||||||
|
"encoding/base64"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/gorilla/securecookie"
|
"io"
|
||||||
"github.com/gorilla/sessions"
|
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
var cookie_store = sessions.NewCookieStore(securecookie.GenerateRandomKey(64))
|
|
||||||
|
|
||||||
type Session struct {
|
type Session struct {
|
||||||
SessionId int64
|
SessionId int64
|
||||||
SessionSecret string `json:"-"`
|
SessionSecret string `json:"-"`
|
||||||
@ -25,14 +25,13 @@ func (s *Session) Write(w http.ResponseWriter) error {
|
|||||||
func GetSession(r *http.Request) (*Session, error) {
|
func GetSession(r *http.Request) (*Session, error) {
|
||||||
var s Session
|
var s Session
|
||||||
|
|
||||||
session, _ := cookie_store.Get(r, "moneygo")
|
cookie, err := r.Cookie("moneygo-session")
|
||||||
_, ok := session.Values["session-secret"]
|
if err != nil {
|
||||||
if !ok {
|
return nil, fmt.Errorf("moneygo-session cookie not set")
|
||||||
return nil, fmt.Errorf("session-secret cookie not set")
|
|
||||||
}
|
}
|
||||||
s.SessionSecret = session.Values["session-secret"].(string)
|
s.SessionSecret = cookie.Value
|
||||||
|
|
||||||
err := DB.SelectOne(&s, "SELECT * from sessions where SessionSecret=?", s.SessionSecret)
|
err = DB.SelectOne(&s, "SELECT * from sessions where SessionSecret=?", s.SessionSecret)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -46,27 +45,42 @@ func DeleteSessionIfExists(r *http.Request) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func NewSessionCookie() (string, error) {
|
||||||
|
bits := make([]byte, 128)
|
||||||
|
if _, err := io.ReadFull(rand.Reader, bits); err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
return base64.StdEncoding.EncodeToString(bits), nil
|
||||||
|
}
|
||||||
|
|
||||||
func NewSession(w http.ResponseWriter, r *http.Request, userid int64) (*Session, error) {
|
func NewSession(w http.ResponseWriter, r *http.Request, userid int64) (*Session, error) {
|
||||||
s := Session{}
|
s := Session{}
|
||||||
|
|
||||||
session, _ := cookie_store.Get(r, "moneygo")
|
session_secret, err := NewSessionCookie()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
session.Values["session-secret"] = string(securecookie.GenerateRandomKey(64))
|
cookie := http.Cookie{
|
||||||
s.SessionSecret = session.Values["session-secret"].(string)
|
Name: "moneygo-session",
|
||||||
|
Value: session_secret,
|
||||||
|
Path: "/",
|
||||||
|
Domain: r.URL.Host,
|
||||||
|
Expires: time.Now().AddDate(0, 1, 0), // a month from now
|
||||||
|
Secure: true,
|
||||||
|
HttpOnly: true,
|
||||||
|
}
|
||||||
|
http.SetCookie(w, &cookie)
|
||||||
|
|
||||||
|
s.SessionSecret = session_secret
|
||||||
s.UserId = userid
|
s.UserId = userid
|
||||||
|
|
||||||
err := DB.Insert(&s)
|
err = DB.Insert(&s)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
err = session.Save(r, w)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
} else {
|
|
||||||
return &s, nil
|
return &s, nil
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
func SessionHandler(w http.ResponseWriter, r *http.Request) {
|
func SessionHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
if r.Method == "POST" || r.Method == "PUT" {
|
if r.Method == "POST" || r.Method == "PUT" {
|
||||||
|
Loading…
Reference in New Issue
Block a user