aclindsa/moneygo
1
0
Fork 0
mirror of https://github.com/aclindsa/moneygo.git synced 2024-12-26 15:42:27 -05:00
Code Issues Releases Wiki Activity

Remove 'gorilla' framework

Browse Source 
It was being used for session management, but we weren't using any of
the features that differentiated it from using go's cookies directly so
it is hard to justify the additional dependencies.
This commit is contained in:
Aaron Lindsay 2017-10-03 11:24:07 -04:00
parent 22560dd43a
commit c783e2c1bb
2 changed files with 37 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
main.go
View File

@ -4,7 +4,6 @@ package main
import ( import (
"flag" "flag"
"github.com/gorilla/context"
"log" "log"
"net" "net"
"net/http" "net/http"
@ -76,8 +75,8 @@ func main() {
log.Printf("Serving on port %d out of directory: %s", config.MoneyGo.Port, config.MoneyGo.Basedir) log.Printf("Serving on port %d out of directory: %s", config.MoneyGo.Port, config.MoneyGo.Basedir)
if config.MoneyGo.Fcgi { if config.MoneyGo.Fcgi {
fcgi.Serve(listener, context.ClearHandler(servemux)) fcgi.Serve(listener, servemux)
} else { } else {
http.Serve(listener, context.ClearHandler(servemux)) http.Serve(listener, servemux)
} }
} }

56
sessions.go
View File

@ -1,16 +1,16 @@
package main package main
import ( import (
"crypto/rand"
"encoding/base64"
"encoding/json" "encoding/json"
"fmt" "fmt"
"github.com/gorilla/securecookie" "io"
"github.com/gorilla/sessions"
"log" "log"
"net/http" "net/http"
"time"
) )
var cookie_store = sessions.NewCookieStore(securecookie.GenerateRandomKey(64))
type Session struct { type Session struct {
SessionId int64 SessionId int64
SessionSecret string `json:"-"` SessionSecret string `json:"-"`
@ -25,14 +25,13 @@ func (s *Session) Write(w http.ResponseWriter) error {
func GetSession(r *http.Request) (*Session, error) { func GetSession(r *http.Request) (*Session, error) {
var s Session var s Session
session, _ := cookie_store.Get(r, "moneygo") cookie, err := r.Cookie("moneygo-session")
_, ok := session.Values["session-secret"] if err != nil {
if !ok { return nil, fmt.Errorf("moneygo-session cookie not set")
return nil, fmt.Errorf("session-secret cookie not set")
} }
s.SessionSecret = session.Values["session-secret"].(string) s.SessionSecret = cookie.Value
err := DB.SelectOne(&s, "SELECT * from sessions where SessionSecret=?", s.SessionSecret) err = DB.SelectOne(&s, "SELECT * from sessions where SessionSecret=?", s.SessionSecret)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -46,26 +45,41 @@ func DeleteSessionIfExists(r *http.Request) {
} }
} }
func NewSessionCookie() (string, error) {
bits := make([]byte, 128)
if _, err := io.ReadFull(rand.Reader, bits); err != nil {
return "", err
}
return base64.StdEncoding.EncodeToString(bits), nil
}
func NewSession(w http.ResponseWriter, r *http.Request, userid int64) (*Session, error) { func NewSession(w http.ResponseWriter, r *http.Request, userid int64) (*Session, error) {
s := Session{} s := Session{}
session, _ := cookie_store.Get(r, "moneygo") session_secret, err := NewSessionCookie()
if err != nil {
return nil, err
}
session.Values["session-secret"] = string(securecookie.GenerateRandomKey(64)) cookie := http.Cookie{
s.SessionSecret = session.Values["session-secret"].(string) Name: "moneygo-session",
Value: session_secret,
Path: "/",
Domain: r.URL.Host,
Expires: time.Now().AddDate(0, 1, 0), // a month from now
Secure: true,
HttpOnly: true,
}
http.SetCookie(w, &cookie)
s.SessionSecret = session_secret
s.UserId = userid s.UserId = userid
err := DB.Insert(&s) err = DB.Insert(&s)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return &s, nil
err = session.Save(r, w)
if err != nil {
return nil, err
} else {
return &s, nil
}
} }
func SessionHandler(w http.ResponseWriter, r *http.Request) { func SessionHandler(w http.ResponseWriter, r *http.Request) {