Esempio n. 1
0
func LoggedIn(w http.ResponseWriter, r *http.Request, s *securecookie.SecureCookie) bool {
	if cookie, err := r.Cookie("whiteboard"); err == nil {
		value := make(map[string]string)
		if err = s.Decode("whiteboard", cookie.Value, &value); err == nil {
			return true
		}
		return false
	}
	return false
}
Esempio n. 2
0
// SetMaxAge restricts the maximum age, in seconds, of the session record
// both in database and a browser. This is to change session storage configuration.
// If you want just to remove session use your session `s` object and change it's
// `Options.MaxAge` to -1, as specified in
//    http://godoc.org/github.com/gorilla/sessions#Options
//
// Default is the one provided by this package value - `sessionExpire`.
// Set it to 0 for no restriction.
// Because we use `MaxAge` also in SecureCookie crypting algorithm you should
// use this function to change `MaxAge` value.
func (s *DynamoDBStore) SetMaxAge(v int) {
	var c *securecookie.SecureCookie
	var ok bool
	s.Options.MaxAge = v
	for i := range s.Codecs {
		if c, ok = s.Codecs[i].(*securecookie.SecureCookie); ok {
			c.MaxAge(v)
		} else {
			fmt.Printf("Can't change MaxAge on codec %v\n", s.Codecs[i])
		}
	}
}
Esempio n. 3
0
func StoreCookie(w http.ResponseWriter, r *http.Request, storedCookie *securecookie.SecureCookie, cookieName, cookieValue string) {
	value := map[string]string{
		cookieName: cookieValue,
	}
	if encoded, err := storedCookie.Encode(cookieName, value); err == nil {
		cookie := &http.Cookie{
			Name:  cookieName,
			Value: encoded,
			Path:  "/",
		}
		http.SetCookie(w, cookie)
	}
}
Esempio n. 4
0
func FetchCookie(r *http.Request, storedCookie *securecookie.SecureCookie, cookieName string) string {
	if cookie, err := r.Cookie(cookieName); err == nil {
		value := make(map[string]string)
		if cookie != nil {
			err = storedCookie.Decode(cookieName, cookie.Value, &value)
			if len(value[cookieName]) > 0 && err == nil {
				return value[cookieName]
			}
		}
	}

	return ""
}
Esempio n. 5
0
func Connect(w http.ResponseWriter, r *http.Request, u auth.User, sessionStore sessions.Store, secureCookie *securecookie.SecureCookie, dbStore *Store) {
	StatCount("connect call", 1)
	session, err := sessionStore.Get(r, SESSIONNAME)
	if err != nil {
		xlog.Errorf("Error fetching session: %v", err)
		session, _ = sessionStore.New(r, SESSIONNAME)
	}

	if userID, ok := session.Values["userID"].(int); ok {
		xlog.Debugf("Connect: already logged in (userID = %d), connecting account", userID)
		// we have a valid session -> connect account to user
		username := u.Provider() + ":" + u.Id()

		err := dbStore.AddUser(username, userID)
		if err != nil {
			xlog.Errorf("Error adding user: %v", err)
			http.Error(w, err.Error(), http.StatusForbidden)
			return
		}

		w.Header().Set("Location", "/settings")
	} else {
		xlog.Debugf("Connect: not logged in, actually log in user.")
		// no valid session -> actually login user
		username := u.Provider() + ":" + u.Id()
		xlog.Debugf("Connect: username = %s", username)
		userID, err := dbStore.CreateUser(username)
		if err != nil {
			xlog.Errorf("Error creating user: %v", err)
			http.Error(w, err.Error(), http.StatusForbidden)
			return
		}

		xlog.Debugf("Connect: userID = %d", userID)

		// set session values
		session.Values["userID"] = userID
		session.Values["username"] = username
		session.Values["email"] = u.Email()
		session.Values["name"] = u.Name()
		session.Save(r, w)

		// set XSRF-TOKEN for AngularJS
		xsrftoken, _ := secureCookie.Encode(XSRFTOKEN, username)
		http.SetCookie(w, &http.Cookie{Name: XSRFTOKEN, Value: xsrftoken, Path: "/"})

		w.Header().Set("Location", "/")
	}
	w.WriteHeader(http.StatusFound)
}
Esempio n. 6
0
func CreateCookie(s *securecookie.SecureCookie) (*http.Cookie, error) {
	var err error

	// Create secure cookie with login info
	value := map[string]string{
		"authenticated": "true",
	}
	if encoded, err := s.Encode("whiteboard", value); err == nil {
		cookie := &http.Cookie{
			Name:  "whiteboard",
			Value: encoded,
			Path:  "/",
		}
		cookie.MaxAge = 10000
		return cookie, err
	}

	return nil, err
}
Esempio n. 7
0
func VerifyXSRFToken(w http.ResponseWriter, r *http.Request, sessionStore sessions.Store, secureCookie *securecookie.SecureCookie) bool {
	xsrftoken := r.Header.Get(XSRFTOKENHEADER)
	userID := ""

	err := secureCookie.Decode(XSRFTOKEN, xsrftoken, &userID)
	if err == nil {
		session, _ := sessionStore.Get(r, SESSIONNAME)

		if userID != "" && userID == session.Values["username"].(string) {
			xlog.Infof("XSRF verification success for user %s", session.Values["username"].(string))
			return true
		}
		xlog.Errorf("XSRF issue: userID = %s session = %s", userID, session.Values["username"].(string))
	}

	xlog.Errorf("XSRF verification failed: %v (Request: %#v", err, *r)
	http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
	StatCount("XSRF verification failed", 1)
	return false
}
Esempio n. 8
0
func (ac *agentCredentials) Cookie(sc *securecookie.SecureCookie) (*http.Cookie, error) {
	encoded, err := json.Marshal(ac)
	if err != nil {
		return nil, err
	}

	secured, err := sc.Encode(agentCookieName, encoded)
	if err != nil {
		return nil, err
	}

	cookie := &http.Cookie{
		Name:     agentCookieName,
		Value:    secured,
		Path:     "/",
		Expires:  time.Now().Add(agentCookieDuration),
		HttpOnly: true,
	}
	return cookie, nil
}