diff options
| author | Simon Ser <contact@emersion.fr> | 2019-12-11 12:54:00 +0100 |
|---|---|---|
| committer | Simon Ser <contact@emersion.fr> | 2019-12-11 12:54:03 +0100 |
| commit | 86359156ee607bc3ddac99cf9a6295f8ff664482 (patch) | |
| tree | a921b9de2095b18e6b821b6d26dd9aa019980e21 | |
| parent | d8f411176fc63c8330987db2450c04b5c64b0dd9 (diff) | |
| download | alps-86359156ee607bc3ddac99cf9a6295f8ff664482.tar.gz alps-86359156ee607bc3ddac99cf9a6295f8ff664482.zip | |
Export Context.SetSession, unexport Session.Token
I'm uneasy exposing the token to plugins, I prefer to hide it if
possible to prevent mis-use.
This change allows plugins to logout users.
| -rw-r--r-- | handlers.go | 4 | ||||
| -rw-r--r-- | server.go | 11 | ||||
| -rw-r--r-- | session.go | 5 |
3 files changed, 10 insertions, 10 deletions
diff --git a/handlers.go b/handlers.go index 2ee4c8f..4919d33 100644 --- a/handlers.go +++ b/handlers.go @@ -89,7 +89,7 @@ func handleLogin(ectx echo.Context) error { } return fmt.Errorf("failed to put connection in pool: %v", err) } - ctx.setToken(s.Token) + ctx.SetSession(s) return ctx.Redirect(http.StatusFound, "/mailbox/INBOX") } @@ -101,7 +101,7 @@ func handleLogout(ectx echo.Context) error { ctx := ectx.(*Context) ctx.Session.Close() - ctx.setToken("") + ctx.SetSession(nil) return ctx.Redirect(http.StatusFound, "/login") } @@ -104,17 +104,18 @@ type Context struct { var aLongTimeAgo = time.Unix(233431200, 0) -func (c *Context) setToken(token string) { +func (ctx *Context) SetSession(s *Session) { cookie := http.Cookie{ Name: cookieName, - Value: token, HttpOnly: true, // TODO: domain, secure } - if token == "" { + if s != nil { + cookie.Value = s.token + } else { cookie.Expires = aLongTimeAgo // unset the cookie } - c.SetCookie(&cookie) + ctx.SetCookie(&cookie) } func isPublic(path string) bool { @@ -173,7 +174,7 @@ func New(e *echo.Echo, options *Options) error { ctx.Session, err = ctx.Server.sessions.Get(cookie.Value) if err == ErrSessionExpired { - ctx.setToken("") + ctx.SetSession(nil) return ctx.Redirect(http.StatusFound, "/login") } else if err != nil { return err @@ -34,10 +34,9 @@ func (err AuthError) Error() string { } type Session struct { - Token string - manager *SessionManager username, password string + token string closed chan struct{} pings chan struct{} timer *time.Timer @@ -138,13 +137,13 @@ func (sm *SessionManager) Put(username, password string) (*Session, error) { } s := &Session{ - Token: token, manager: sm, closed: make(chan struct{}), pings: make(chan struct{}, 5), imapConn: c, username: username, password: password, + token: token, } sm.sessions[token] = s |