Fix session retrieval issue after migrating to Redis cache
This commit is contained in:
@ -37,8 +37,8 @@ func POST(w http.ResponseWriter, r *http.Request) {
|
|||||||
totp := gotp.NewDefaultTOTP(user.Totp)
|
totp := gotp.NewDefaultTOTP(user.Totp)
|
||||||
|
|
||||||
if totp.Verify(code, time.Now().Unix()) {
|
if totp.Verify(code, time.Now().Unix()) {
|
||||||
storeSession, err := session.Get(key)
|
storeSession := session.Get(key)
|
||||||
err = storeSession.Change(types.User{
|
err := storeSession.Change(types.User{
|
||||||
UserID: user.UserID,
|
UserID: user.UserID,
|
||||||
Email: user.Email,
|
Email: user.Email,
|
||||||
Username: user.Username,
|
Username: user.Username,
|
||||||
|
|||||||
@ -2,6 +2,7 @@ package logoutHandler
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
|
"github.com/fossyy/filekeeper/types"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"github.com/fossyy/filekeeper/session"
|
"github.com/fossyy/filekeeper/session"
|
||||||
@ -9,12 +10,12 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func GET(w http.ResponseWriter, r *http.Request) {
|
func GET(w http.ResponseWriter, r *http.Request) {
|
||||||
|
userSession := r.Context().Value("user").(types.User)
|
||||||
cookie, err := r.Cookie("Session")
|
cookie, err := r.Cookie("Session")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
storeSession := session.Get(cookie.Value)
|
||||||
storeSession, err := session.Get(cookie.Value)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.Is(err, &session.SessionNotFoundError{}) {
|
if errors.Is(err, &session.SessionNotFoundError{}) {
|
||||||
storeSession.Destroy(w)
|
storeSession.Destroy(w)
|
||||||
@ -23,8 +24,16 @@ func GET(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
storeSession.Delete()
|
err = storeSession.Delete()
|
||||||
session.RemoveSessionInfo(storeSession.Values.Email, cookie.Value)
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
err = session.RemoveSessionInfo(userSession.Email, cookie.Value)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
http.SetCookie(w, &http.Cookie{
|
http.SetCookie(w, &http.Cookie{
|
||||||
Name: utils.Getenv("SESSION_NAME"),
|
Name: utils.Getenv("SESSION_NAME"),
|
||||||
|
|||||||
@ -10,7 +10,7 @@ func DELETE(w http.ResponseWriter, r *http.Request) {
|
|||||||
id := r.PathValue("id")
|
id := r.PathValue("id")
|
||||||
|
|
||||||
_, mySession, _ := session.GetSession(r)
|
_, mySession, _ := session.GetSession(r)
|
||||||
otherSession, _ := session.Get(id)
|
otherSession := session.Get(id)
|
||||||
if _, err := session.GetSessionInfo(mySession.Email, otherSession.ID); err != nil {
|
if _, err := session.GetSessionInfo(mySession.Email, otherSession.ID); err != nil {
|
||||||
w.WriteHeader(http.StatusUnauthorized)
|
w.WriteHeader(http.StatusUnauthorized)
|
||||||
return
|
return
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
CREATE TABLE IF NOT EXISTS users (user_id VARCHAR(255) PRIMARY KEY NOT NULL,username VARCHAR(255) UNIQUE NOT NULL,email VARCHAR(255) UNIQUE NOT NULL,password TEXT NOT NULL,totp VARCHAR(255) DEFAULT NULL);
|
CREATE TABLE IF NOT EXISTS users (user_id UUID PRIMARY KEY NOT NULL, username VARCHAR(255) UNIQUE NOT NULL, email VARCHAR(255) UNIQUE NOT NULL, password TEXT NOT NULL, totp VARCHAR(255) NOT NULL);
|
||||||
CREATE TABLE IF NOT EXISTS files (id VARCHAR(255) PRIMARY KEY NOT NULL,owner_id VARCHAR(255) NOT NULL,name TEXT NOT NULL,size BIGINT NOT NULL,downloaded BIGINT NOT NULL,uploaded_byte BIGINT NOT NULL DEFAULT 0, uploaded_chunk BIGINT NOT NULL DEFAULT -1,done BOOLEAN NOT NULL DEFAULT FALSE,FOREIGN KEY (owner_id) REFERENCES users(user_id));
|
CREATE TABLE IF NOT EXISTS files (id UUID PRIMARY KEY NOT NULL, owner_id UUID NOT NULL, name TEXT NOT NULL, size BIGINT NOT NULL, total_chunk BIGINT NOT NULL, downloaded BIGINT NOT NULL DEFAULT 0, FOREIGN KEY (owner_id) REFERENCES users(user_id));
|
||||||
|
|||||||
@ -17,8 +17,6 @@ import (
|
|||||||
|
|
||||||
type Session struct {
|
type Session struct {
|
||||||
ID string
|
ID string
|
||||||
Values types.User
|
|
||||||
CreateTime time.Time
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type SessionInfo struct {
|
type SessionInfo struct {
|
||||||
@ -44,41 +42,24 @@ func (e *SessionNotFoundError) Error() string {
|
|||||||
return "session not found"
|
return "session not found"
|
||||||
}
|
}
|
||||||
|
|
||||||
func Get(id string) (*Session, error) {
|
func Get(id string) *Session {
|
||||||
session, err := app.Server.Cache.GetCache(context.Background(), "Session:"+id)
|
return &Session{ID: id}
|
||||||
if err != nil {
|
|
||||||
if errors.Is(err, redis.Nil) {
|
|
||||||
return nil, &SessionNotFoundError{}
|
|
||||||
}
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
var userSession Session
|
|
||||||
err = json.Unmarshal([]byte(session), &userSession)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return &userSession, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func Create(values types.User) (*Session, error) {
|
func Create(values types.User) (*Session, error) {
|
||||||
id := utils.GenerateRandomString(128)
|
id := utils.GenerateRandomString(128)
|
||||||
session := &Session{
|
|
||||||
ID: id,
|
|
||||||
CreateTime: time.Now(),
|
|
||||||
Values: values,
|
|
||||||
}
|
|
||||||
|
|
||||||
sessionData, err := json.Marshal(session)
|
sessionData, err := json.Marshal(values)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
err = app.Server.Cache.SetCache(context.Background(), "Session:"+id, string(sessionData), time.Hour*24) // Set expiration time as needed
|
err = app.Server.Cache.SetCache(context.Background(), "Session:"+id, string(sessionData), time.Hour*24)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return session, nil
|
return &Session{ID: id}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Session) Change(user types.User) error {
|
func (s *Session) Change(user types.User) error {
|
||||||
@ -200,23 +181,21 @@ func GetSession(r *http.Request) (UserStatus, types.User, string) {
|
|||||||
return Unauthorized, types.User{}, ""
|
return Unauthorized, types.User{}, ""
|
||||||
}
|
}
|
||||||
|
|
||||||
var storeSession Session
|
var storeSession types.User
|
||||||
err = json.Unmarshal([]byte(sessionData), &storeSession)
|
err = json.Unmarshal([]byte(sessionData), &storeSession)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return Unauthorized, types.User{}, ""
|
return Unauthorized, types.User{}, ""
|
||||||
}
|
}
|
||||||
|
|
||||||
userSession := storeSession.Values
|
if !storeSession.Authenticated && storeSession.Totp != "" {
|
||||||
|
return Unauthorized, storeSession, cookie.Value
|
||||||
if !userSession.Authenticated && userSession.Totp != "" {
|
|
||||||
return Unauthorized, userSession, cookie.Value
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if !userSession.Authenticated {
|
if !storeSession.Authenticated {
|
||||||
return Unauthorized, types.User{}, ""
|
return Unauthorized, types.User{}, ""
|
||||||
}
|
}
|
||||||
|
return Authorized, storeSession, cookie.Value
|
||||||
return Authorized, userSession, cookie.Value
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetSessions(email string) ([]*SessionInfo, error) {
|
func GetSessions(email string) ([]*SessionInfo, error) {
|
||||||
|
|||||||
Reference in New Issue
Block a user