Beispiel #1
0
func (s Session) Check(domain string) bool {
	if s.Expire < time.Now().Unix() {
		return false
	}
	if tools.CheckDomain(domain, s.Domain) == false {
		return false
	}
	return true
}
Beispiel #2
0
func CheckSession(q CheckRequest, db *mgo.DbQueue) (interface{}, error) {
	var resp CheckResponse
	var session models.Session

	if q.Token == "" {
		return nil, tools.NewError(nil, 400, "bad request: token is missing")
	}
	if tools.CheckID(q.Token) == false {
		return nil, tools.NewError(nil, 400, "bad request: invalid token")
	}
	if q.Domain == "" {
		return nil, tools.NewError(nil, 400, "bad request: domain is missing")
	}
	if q.Domain == "/" {
		return nil, tools.NewError(nil, 400, "bad request: illegal domain")
	}

	session.IDFromHex(q.Token)
	err := session.Get(db)
	if err != nil {
		return nil, err
	}

	if session.Expire < time.Now().Unix() {
		return nil, tools.NewError(nil, 404, "not found: session is expired")
	}

	if tools.CheckDomain(q.Domain, session.Domain) == false {
		return nil, tools.NewError(nil, 403, "forbidden: restricted domain")
	}

	resp.Status = "ok"
	resp.Session.UserID = session.UserID.Hex()
	resp.Session.Expire = session.Expire
	resp.Session.Remaining = int(session.Expire - time.Now().Unix())

	return resp, nil
}