diff --git a/handler/auth/totp/totp.go b/handler/auth/totp/totp.go index 386d085..29cecc1 100644 --- a/handler/auth/totp/totp.go +++ b/handler/auth/totp/totp.go @@ -37,8 +37,8 @@ func POST(w http.ResponseWriter, r *http.Request) { totp := gotp.NewDefaultTOTP(user.Totp) if totp.Verify(code, time.Now().Unix()) { - storeSession, err := session.Get(key) - err = storeSession.Change(types.User{ + storeSession := session.Get(key) + err := storeSession.Change(types.User{ UserID: user.UserID, Email: user.Email, Username: user.Username, diff --git a/handler/logout/logout.go b/handler/logout/logout.go index 5084c84..dfdcb0b 100644 --- a/handler/logout/logout.go +++ b/handler/logout/logout.go @@ -2,6 +2,7 @@ package logoutHandler import ( "errors" + "github.com/fossyy/filekeeper/types" "net/http" "github.com/fossyy/filekeeper/session" @@ -9,12 +10,12 @@ import ( ) func GET(w http.ResponseWriter, r *http.Request) { + userSession := r.Context().Value("user").(types.User) cookie, err := r.Cookie("Session") if err != nil { return } - - storeSession, err := session.Get(cookie.Value) + storeSession := session.Get(cookie.Value) if err != nil { if errors.Is(err, &session.SessionNotFoundError{}) { storeSession.Destroy(w) @@ -23,8 +24,16 @@ func GET(w http.ResponseWriter, r *http.Request) { return } - storeSession.Delete() - session.RemoveSessionInfo(storeSession.Values.Email, cookie.Value) + err = storeSession.Delete() + if err != nil { + panic(err) + return + } + err = session.RemoveSessionInfo(userSession.Email, cookie.Value) + if err != nil { + panic(err) + return + } http.SetCookie(w, &http.Cookie{ Name: utils.Getenv("SESSION_NAME"), diff --git a/handler/user/session/terminate/terminate.go b/handler/user/session/terminate/terminate.go index eac09e0..2c005cc 100644 --- a/handler/user/session/terminate/terminate.go +++ b/handler/user/session/terminate/terminate.go @@ -10,7 +10,7 @@ func DELETE(w http.ResponseWriter, r *http.Request) { id := r.PathValue("id") _, mySession, _ := session.GetSession(r) - otherSession, _ := session.Get(id) + otherSession := session.Get(id) if _, err := session.GetSessionInfo(mySession.Email, otherSession.ID); err != nil { w.WriteHeader(http.StatusUnauthorized) return diff --git a/schema.sql b/schema.sql index d705a30..64f7359 100644 --- a/schema.sql +++ b/schema.sql @@ -1,2 +1,2 @@ -CREATE TABLE IF NOT EXISTS users (user_id VARCHAR(255) PRIMARY KEY NOT NULL,username VARCHAR(255) UNIQUE NOT NULL,email VARCHAR(255) UNIQUE NOT NULL,password TEXT NOT NULL,totp VARCHAR(255) DEFAULT NULL); -CREATE TABLE IF NOT EXISTS files (id VARCHAR(255) PRIMARY KEY NOT NULL,owner_id VARCHAR(255) NOT NULL,name TEXT NOT NULL,size BIGINT NOT NULL,downloaded BIGINT NOT NULL,uploaded_byte BIGINT NOT NULL DEFAULT 0, uploaded_chunk BIGINT NOT NULL DEFAULT -1,done BOOLEAN NOT NULL DEFAULT FALSE,FOREIGN KEY (owner_id) REFERENCES users(user_id)); \ No newline at end of file +CREATE TABLE IF NOT EXISTS users (user_id UUID PRIMARY KEY NOT NULL, username VARCHAR(255) UNIQUE NOT NULL, email VARCHAR(255) UNIQUE NOT NULL, password TEXT NOT NULL, totp VARCHAR(255) NOT NULL); +CREATE TABLE IF NOT EXISTS files (id UUID PRIMARY KEY NOT NULL, owner_id UUID NOT NULL, name TEXT NOT NULL, size BIGINT NOT NULL, total_chunk BIGINT NOT NULL, downloaded BIGINT NOT NULL DEFAULT 0, FOREIGN KEY (owner_id) REFERENCES users(user_id)); diff --git a/session/session.go b/session/session.go index 565c4a9..0c94588 100644 --- a/session/session.go +++ b/session/session.go @@ -16,9 +16,7 @@ import ( ) type Session struct { - ID string - Values types.User - CreateTime time.Time + ID string } type SessionInfo struct { @@ -44,41 +42,24 @@ func (e *SessionNotFoundError) Error() string { return "session not found" } -func Get(id string) (*Session, error) { - session, err := app.Server.Cache.GetCache(context.Background(), "Session:"+id) - if err != nil { - if errors.Is(err, redis.Nil) { - return nil, &SessionNotFoundError{} - } - return nil, err - } - var userSession Session - err = json.Unmarshal([]byte(session), &userSession) - if err != nil { - return nil, err - } - return &userSession, nil +func Get(id string) *Session { + return &Session{ID: id} } func Create(values types.User) (*Session, error) { id := utils.GenerateRandomString(128) - session := &Session{ - ID: id, - CreateTime: time.Now(), - Values: values, - } - sessionData, err := json.Marshal(session) + sessionData, err := json.Marshal(values) if err != nil { return nil, err } - err = app.Server.Cache.SetCache(context.Background(), "Session:"+id, string(sessionData), time.Hour*24) // Set expiration time as needed + err = app.Server.Cache.SetCache(context.Background(), "Session:"+id, string(sessionData), time.Hour*24) if err != nil { return nil, err } - return session, nil + return &Session{ID: id}, nil } func (s *Session) Change(user types.User) error { @@ -200,23 +181,21 @@ func GetSession(r *http.Request) (UserStatus, types.User, string) { return Unauthorized, types.User{}, "" } - var storeSession Session + var storeSession types.User err = json.Unmarshal([]byte(sessionData), &storeSession) + if err != nil { return Unauthorized, types.User{}, "" } - userSession := storeSession.Values - - if !userSession.Authenticated && userSession.Totp != "" { - return Unauthorized, userSession, cookie.Value + if !storeSession.Authenticated && storeSession.Totp != "" { + return Unauthorized, storeSession, cookie.Value } - if !userSession.Authenticated { + if !storeSession.Authenticated { return Unauthorized, types.User{}, "" } - - return Authorized, userSession, cookie.Value + return Authorized, storeSession, cookie.Value } func GetSessions(email string) ([]*SessionInfo, error) {