func expiresFromDuration(d time.Duration) (expires time.Time, maxAge int) {
switch d {
case -1:
// persistent
expires = util.Now().UTC().AddDate(20, 0, 0)
case 0:
expires = time.Time{}
default:
expires = util.Now().UTC().Add(d)
maxAge = int(d.Seconds())
}
return expires, maxAge
}
func (m *SessionMiddleware) Before(c *Controller) {
defer func() {
if err := recover(); err != nil {
switch err.(type) {
case ErrSession:
Log.Error("%v", err)
case ErrSessionExpected:
Log.Info("%v", err)
default:
panic(err)
}
c.Session = make(Session)
}
}()
cookie, err := c.Request.Cookie(appConfig.Session.Name)
if err != nil {
panic(NewErrSessionExpected("new session"))
}
sess := appConfig.Session.Store.Load(cookie.Value)
expiresStr, ok := sess[SessionExpiresKey]
if !ok {
panic(NewErrSession("expires value not found"))
}
expires, err := strconv.ParseInt(expiresStr, 10, 64)
if err != nil {
panic(NewErrSession(err.Error()))
}
if expires < util.Now().Unix() {
panic(NewErrSessionExpected("session has been expired"))
}
c.Session = sess
}
func (l *entryLogger) Output(level Level, message string) {
l.logger.mu.Lock()
defer l.logger.mu.Unlock()
l.entry.Level = level
l.entry.Time = util.Now()
l.entry.Message = message
l.logger.buf.Reset()
format := Formatter.Format
if int(level) < len(l.logger.formatFuncs) {
format = l.logger.formatFuncs[level]
}
if err := format(l.logger.formatter, &l.logger.buf, l.entry); err != nil {
fmt.Fprintf(os.Stderr, "kocha: log: %v\n", err)
}
l.logger.buf.WriteByte('\n')
if _, err := io.Copy(l.logger.out, &l.logger.buf); err != nil {
fmt.Fprintf(os.Stderr, "kocha: log: failed to write log: %v\n", err)
}
}
func (m *SessionMiddleware) before(app *Application, c *Context) (err error) {
defer func() {
switch err.(type) {
case nil:
// do nothing.
case ErrSession:
app.Logger.Info(err)
default:
app.Logger.Error(err)
}
if c.Session == nil {
c.Session = make(Session)
}
err = nil
}()
cookie, err := c.Request.Cookie(m.Name)
if err != nil {
return NewErrSession("new session")
}
sess, err := m.Store.Load(cookie.Value)
if err != nil {
return err
}
expiresStr, ok := sess[m.ExpiresKey]
if !ok {
return fmt.Errorf("expires value not found")
}
expires, err := strconv.ParseInt(expiresStr, 10, 64)
if err != nil {
return err
}
if expires < util.Now().Unix() {
return NewErrSession("session has been expired")
}
c.Session = sess
return nil
}
func TestSessionMiddleware_After(t *testing.T) {
app := kocha.NewTestApp()
origNow := util.Now
util.Now = func() time.Time { return time.Unix(1383820443, 0) }
defer func() {
util.Now = origNow
}()
r, err := http.NewRequest("GET", "/", nil)
if err != nil {
t.Fatal(err)
}
w := httptest.NewRecorder()
req, res := &kocha.Request{Request: r}, &kocha.Response{ResponseWriter: w}
c := &kocha.Context{Request: req, Response: res}
c.Session = make(kocha.Session)
m := &kocha.SessionMiddleware{Store: &NullSessionStore{}}
m.SessionExpires = time.Duration(1) * time.Second
m.CookieExpires = time.Duration(2) * time.Second
if err := m.Process(app, c, func() error {
return nil
}); err != nil {
t.Error(err)
}
var (
actual interface{} = c.Session
expected interface{} = kocha.Session{
m.ExpiresKey: "1383820444", // + time.Duration(1) * time.Second
}
)
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
c.Session[m.ExpiresKey] = "1383820444"
value, err := m.Store.Save(c.Session)
if err != nil {
t.Fatal(err)
}
c1 := res.Cookies()[0]
c2 := &http.Cookie{
Name: m.Name,
Value: value,
Path: "/",
Expires: util.Now().UTC().Add(m.CookieExpires),
MaxAge: 2,
Secure: false,
HttpOnly: m.HttpOnly,
}
actual = c1.Name
expected = c2.Name
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
actual, err = m.Store.Load(c1.Value)
if err != nil {
t.Error(err)
}
expected, err = m.Store.Load(c2.Value)
if err != nil {
t.Error(err)
}
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
actual = c1.Path
expected = c2.Path
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
actual = c1.Expires
expected = c2.Expires
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
actual = c1.MaxAge
expected = c2.MaxAge
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
actual = c1.Secure
expected = c2.Secure
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
actual = c1.HttpOnly
expected = c2.HttpOnly
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
}
func TestSessionMiddlewareAfter(t *testing.T) {
oldAppConfig := appConfig
appConfig = newTestAppConfig()
origNow := util.Now
util.Now = func() time.Time { return time.Unix(1383820443, 0) }
defer func() {
util.Now = origNow
appConfig = oldAppConfig
}()
r, err := http.NewRequest("GET", "/", nil)
if err != nil {
t.Fatal(err)
}
w := httptest.NewRecorder()
req, res := newRequest(r), newResponse(w)
c := &Controller{Request: req, Response: res}
c.Session = make(Session)
appConfig.Session.SessionExpires = time.Duration(1) * time.Second
appConfig.Session.CookieExpires = time.Duration(2) * time.Second
m := &SessionMiddleware{}
m.After(c)
var (
actual interface{} = c.Session
expected interface{} = Session{
SessionExpiresKey: "1383820444", // + time.Duration(1) * time.Second
}
)
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
c.Session[SessionExpiresKey] = "1383820444"
c1 := res.Cookies()[0]
c2 := &http.Cookie{
Name: appConfig.Session.Name,
Value: appConfig.Session.Store.Save(c.Session),
Path: "/",
Expires: util.Now().UTC().Add(appConfig.Session.CookieExpires),
MaxAge: 2,
Secure: false,
HttpOnly: appConfig.Session.HttpOnly,
}
actual = c1.Name
expected = c2.Name
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
actual = appConfig.Session.Store.Load(c1.Value)
expected = appConfig.Session.Store.Load(c2.Value)
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
actual = c1.Path
expected = c2.Path
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
actual = c1.Expires
expected = c2.Expires
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
actual = c1.MaxAge
expected = c2.MaxAge
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
actual = c1.Secure
expected = c2.Secure
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
actual = c1.HttpOnly
expected = c2.HttpOnly
if !reflect.DeepEqual(actual, expected) {
t.Errorf("Expect %v, but %v", expected, actual)
}
}