-
Notifications
You must be signed in to change notification settings - Fork 23
/
session.go
112 lines (93 loc) · 2.39 KB
/
session.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package htmlhouse
import (
"crypto/rsa"
"fmt"
jwt "github.com/dgrijalva/jwt-go"
"github.com/juju/errgo"
"io/ioutil"
"net/http"
)
const (
tokenHeader = "Authorization"
)
type sessionManager interface {
readToken(*http.Request) (string, error)
createToken(string) (string, error)
writeToken(http.ResponseWriter, string) error
}
// Basic user session info
type sessionInfo struct {
ID string `json:"id"`
}
func newSessionInfo(houseID string) *sessionInfo {
return &sessionInfo{houseID}
}
func newSessionManager(cfg *config) (sessionManager, error) {
mgr := &defaultSessionManager{}
// Read and parse private key
signBytes, err := ioutil.ReadFile(cfg.PrivateKey)
if err != nil {
return mgr, errgo.Mask(err)
}
mgr.signKey, err = jwt.ParseRSAPrivateKeyFromPEM(signBytes)
if err != nil {
return mgr, errgo.Mask(err)
}
// Read and parse public key
verifyBytes, err := ioutil.ReadFile(cfg.PublicKey)
if err != nil {
return mgr, errgo.Mask(err)
}
mgr.verifyKey, err = jwt.ParseRSAPublicKeyFromPEM(verifyBytes)
if err != nil {
return mgr, errgo.Mask(err)
}
return mgr, nil
}
type defaultSessionManager struct {
verifyKey *rsa.PublicKey
signKey *rsa.PrivateKey
}
func (m *defaultSessionManager) readToken(r *http.Request) (string, error) {
tokenString := r.Header.Get(tokenHeader)
if tokenString == "" {
return "", nil
}
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return m.verifyKey, nil
})
switch err.(type) {
case nil:
if !token.Valid {
return "", nil
}
claims := token.Claims.(jwt.MapClaims)
houseID := claims["houseID"].(string)
return houseID, nil
case *jwt.ValidationError:
return "", nil
default:
return "", errgo.Mask(err)
}
}
func (m *defaultSessionManager) createToken(houseID string) (string, error) {
token := jwt.New(jwt.SigningMethodRS512)
claims := token.Claims.(jwt.MapClaims)
claims["houseID"] = houseID
tokenString, err := token.SignedString(m.signKey)
if err != nil {
return tokenString, errgo.Mask(err)
}
return tokenString, nil
}
func (m *defaultSessionManager) writeToken(w http.ResponseWriter, houseID string) error {
tokenString, err := m.createToken(houseID)
if err != nil {
return err
}
w.Header().Set(tokenHeader, tokenString)
return nil
}