func init() { gothic.Store = sessions.NewFilesystemStore(os.TempDir(), []byte("goth-example")) goth.UseProviders( twitter.New(os.Getenv("TWITTER_KEY"), os.Getenv("TWITTER_SECRET"), "http://localhost:3000/auth/twitter/callback"), // If you'd like to use authenticate instead of authorize in Twitter provider, use this instead. // twitter.NewAuthenticate(os.Getenv("TWITTER_KEY"), os.Getenv("TWITTER_SECRET"), "http://localhost:3000/auth/twitter/callback"), facebook.New(os.Getenv("FACEBOOK_KEY"), os.Getenv("FACEBOOK_SECRET"), "http://localhost:3000/auth/facebook/callback"), gplus.New("281140391713-b1dskle4dtsi6nn4ce01tbkpcp3aovs6.apps.googleusercontent.com", "cIM92vsFvLyfhIZASmAo2ZaE", "http://localhost:8080/auth/gplus/callback"), github.New(os.Getenv("GITHUB_KEY"), os.Getenv("GITHUB_SECRET"), "http://localhost:3000/auth/github/callback"), spotify.New(os.Getenv("SPOTIFY_KEY"), os.Getenv("SPOTIFY_SECRET"), "http://localhost:3000/auth/spotify/callback"), linkedin.New(os.Getenv("LINKEDIN_KEY"), os.Getenv("LINKEDIN_SECRET"), "http://localhost:3000/auth/linkedin/callback"), lastfm.New(os.Getenv("LASTFM_KEY"), os.Getenv("LASTFM_SECRET"), "http://localhost:3000/auth/lastfm/callback"), twitch.New(os.Getenv("TWITCH_KEY"), os.Getenv("TWITCH_SECRET"), "http://localhost:3000/auth/twitch/callback"), dropbox.New(os.Getenv("DROPBOX_KEY"), os.Getenv("DROPBOX_SECRET"), "http://localhost:3000/auth/dropbox/callback"), digitalocean.New(os.Getenv("DIGITALOCEAN_KEY"), os.Getenv("DIGITALOCEAN_SECRET"), "http://localhost:3000/auth/digitalocean/callback", "read"), bitbucket.New(os.Getenv("BITBUCKET_KEY"), os.Getenv("BITBUCKET_SECRET"), "http://localhost:3000/auth/bitbucket/callback"), instagram.New(os.Getenv("INSTAGRAM_KEY"), os.Getenv("INSTAGRAM_SECRET"), "http://localhost:3000/auth/instagram/callback"), box.New(os.Getenv("BOX_KEY"), os.Getenv("BOX_SECRET"), "http://localhost:3000/auth/box/callback"), salesforce.New(os.Getenv("SALESFORCE_KEY"), os.Getenv("SALESFORCE_SECRET"), "http://localhost:3000/auth/salesforce/callback"), amazon.New(os.Getenv("AMAZON_KEY"), os.Getenv("AMAZON_SECRET"), "http://localhost:3000/auth/amazon/callback"), yammer.New(os.Getenv("YAMMER_KEY"), os.Getenv("YAMMER_SECRET"), "http://localhost:3000/auth/yammer/callback"), onedrive.New(os.Getenv("ONEDRIVE_KEY"), os.Getenv("ONEDRIVE_SECRET"), "http://localhost:3000/auth/onedrive/callback"), ) //set a global session globalSessions, _ = session.NewManager("memory", `{"cookieName":"gosessionid", "enableSetCookie,omitempty": true, "gclifetime":3600, "maxLifetime": 3600, "secure": false, "sessionIDHashFunc": "sha1", "sessionIDHashKey": "", "cookieLifeTime": 3600, "providerConfig": ""}`) go globalSessions.GC() }
func NewSession(w http.ResponseWriter, r *http.Request, name ...string) *Session { var sessionName string if len(name) == 0 { sessionName = DefaultSessionName } else { sessionName = name[0] } s := &Session{ w: w, r: r, sessionStore: sessions.NewFilesystemStore( "", Config.SessionStoreAuthenticationKey, Config.SessionStoreEncryptionKey, ), } s.sessionStore.Options = &sessions.Options{ Path: "/", MaxAge: 30 * 60, } s.session, _ = s.sessionStore.Get(r, sessionName) return s }
func main() { // //After user has had opportunity to change config: // //1 init the db db = initdb() // Defer the close of the DB in the main function so we'll have a pool of connections maintained until the program exits defer db.Close() //2 setup our session store store = sessions.NewFilesystemStore("", []byte(Config.App.Secret)) //Initialize the ancillary packages forum.Initialize(db) user.Initialize(db) graf.Initialize(Config, db, store, router, decoder) wshub.Initialize(10*time.Second, 60*time.Second, 60*time.Second*9/10, 4096, 256) //Bundled static assets are handled by gotogether gotogether.Handle("/static/") //Create a subrouter for GET requests g := router.Methods("GET").Subrouter() g.Handle("/", graf.Handler(graf.AboutHandler)).Name("about") g.Handle("/", graf.Handler(graf.IndexHandler)).Name("index") g.Handle("/about", graf.Handler(graf.AboutHandler)).Name("about") g.Handle("/forum/{id:[0-9]+}", graf.Handler(graf.ForumHandler)).Name("forum") g.Handle("/thread/{id:[0-9]+}", graf.Handler(graf.ThreadHandler)).Name("thread") g.Handle("/thread", graf.Handler(graf.ThreadRootHandler)).Name("threadRoot") //Form for creating new posts g.Handle("/login", graf.Handler(graf.LoginHandler)).Name("login") g.Handle("/logout", graf.Handler(graf.LogoutHandler)).Name("logout") g.Handle("/register", graf.Handler(graf.RegisterHandler)).Name("register") g.HandleFunc(`/ws/thread/{id:[0-9]+}`, graf.ThreadWsHandler) g.HandleFunc("/loaderio-38b140f4cb51d3ffca9d71c7529a336d/", func(w http.ResponseWriter, req *http.Request) { fmt.Fprintf(w, "loaderio-38b140f4cb51d3ffca9d71c7529a336d") }) //Create a subrouter for POST requests p := router.Methods("POST").Subrouter() p.Handle("/thread", graf.Handler(graf.PostThreadHandler)).Name("postThread") p.Handle("/login", graf.Handler(graf.PostLoginHandler)).Name("postLogin") p.Handle("/register", graf.Handler(graf.PostRegisterHandler)).Name("postRegister") p.Handle("/vote", graf.Handler(graf.PostVoteHandler)).Name("postVote") //Notify the http package about our router http.Handle("/", router) fmt.Println("Server launched on port ", Config.App.Port) //Launch ws server // go http.ListenAndServe(fmt.Sprintf("%s:8443", Config.App.Host), nil) //Launch the server if err := http.ListenAndServe(fmt.Sprintf("%s:%s", Config.App.Host, Config.App.Port), nil); err != nil { panic(err) } }
// InitSettings attempts to populate all the fields of the Settings struct. It will return an error if it fails, // otherwise it returns nil for success. func (s *Settings) InitSettings(envVars EnvVars) error { if len(envVars.ClientID) == 0 { return errors.New("Unable to find '" + ClientIDEnvVar + "' in environment. Exiting.\n") } if len(envVars.ClientSecret) == 0 { return errors.New("Unable to find '" + ClientSecretEnvVar + "' in environment. Exiting.\n") } if len(envVars.Hostname) == 0 { return errors.New("Unable to find '" + HostnameEnvVar + "' in environment. Exiting.\n") } if len(envVars.LoginURL) == 0 { return errors.New("Unable to find '" + LoginURLEnvVar + "' in environment. Exiting.\n") } if len(envVars.UAAURL) == 0 { return errors.New("Unable to find '" + UAAURLEnvVar + "' in environment. Exiting.\n") } if len(envVars.APIURL) == 0 { return errors.New("Unable to find '" + APIURLEnvVar + "' in environment. Exiting.\n") } s.ConsoleAPI = envVars.APIURL s.LoginURL = envVars.LoginURL s.TokenContext = context.TODO() // Setup OAuth2 Client Service. s.OAuthConfig = &oauth2.Config{ ClientID: envVars.ClientID, ClientSecret: envVars.ClientSecret, RedirectURL: envVars.Hostname + "/oauth2callback", Scopes: []string{"cloud_controller.read", "cloud_controller.write", "cloud_controller.admin", "scim.read", "openid"}, Endpoint: oauth2.Endpoint{ AuthURL: envVars.LoginURL + "/oauth/authorize", TokenURL: envVars.UAAURL + "/oauth/token", }, } // Initialize Sessions. // Temp FIXME that fixes the problem of using a cookie store which would cause the secure encoding // of the oauth 2.0 token struct in production to exceed the max size of 4096 bytes. filesystemStore := sessions.NewFilesystemStore("", []byte("some key")) filesystemStore.MaxLength(4096 * 4) s.Sessions = filesystemStore // Want to save a struct into the session. Have to register it. gob.Register(oauth2.Token{}) return nil }
func init() { util.Configure() util.ConfigureLogger() var ( githubKey = viper.GetString("AUTH_CLIENT_ID") githubSecret = viper.GetString("AUTH_CLIENT_SECRET") githubPermissions = []string{"user:email", "repo", "admin:repo_hook", "admin:org_hook", "admin:org"} stateTime = time.Now().UnixNano() hash = strconv.Itoa(int(stateTime)) err error ) goth.UseProviders(github.New(githubKey, githubSecret, "", githubPermissions[0], githubPermissions[1], githubPermissions[2], githubPermissions[3], githubPermissions[4])) generateFromPassword(err, hash) setState() gothic.Store = sessions.NewFilesystemStore(os.TempDir(), state_hash) getProviderName() }
func TestRunAs(t *testing.T) { msm := new(DefaultSecurityManager) r, _ := realm.NewIni("ini", strings.NewReader(ini)) msm.SetRealm(r) tmpFile, _ := ioutil.TempDir("", "runas") msm.SetSessionManager(gorilla.NewGorillaManager(sessions.NewFilesystemStore(tmpFile, []byte("something-very-secret")))) subject, _ := msm.CreateSubject(&SubjectContext{ CreateSessions: true, Request: &http.Request{}, ResponseWriter: &httptest.ResponseRecorder{}, }) subject.Login(authc.NewToken("foo", "password")) assert.True(t, subject.IsAuthenticated(), "User is not authenticated after successful login") assert.Equal(t, "foo", fmt.Sprintf("%s", subject.Principal())) assert.False(t, subject.IsPermitted("everything")) err := subject.RunAs([]interface{}{"bar"}) assert.Nil(t, err) assert.True(t, subject.IsAuthenticated(), "User is not authenticated after successful runas") assert.Equal(t, "bar", fmt.Sprintf("%s", subject.Principal())) assert.True(t, subject.IsPermitted("everything")) subject.ReleaseRunAs() assert.True(t, subject.IsAuthenticated(), "User is not authenticated after successful runas") assert.Equal(t, "foo", fmt.Sprintf("%s", subject.Principal())) assert.False(t, subject.IsPermitted("everything")) }
// NewFilesystemStore returns a new FilesystemStore. // // The path argument is the directory where sessions will be saved. If empty // it will use os.TempDir(). // // See NewCookieStore() for a description of the other parameters. func NewFilesystemStore(path string, keyPairs ...[]byte) FilesystemStore { return &filesystemStore{sessions.NewFilesystemStore(path, keyPairs...)} }
cookieName = "pnw_conf" authToken = "AUTHID" authDate = "AUTHDA" csrfToken = "CSRFTK" minPasswordLength = 8 nsConv = 1000000000 // second -> nanosecond conversion allowance = (3600 * nsConv) * 8 // 8 hours ) var ( store = sessions.NewFilesystemStore( "store", []byte("2CA434288F3FAB93963CBA1A5B836EEF"), []byte("0655A28CAAEB0448132026D863771C5F"), ) ) func init() { // Secure cookie options. store.Options = &sessions.Options{ // Domain: "localhost", // Set this when we have a domain name. Path: "/", MaxAge: 3600 * 8, // 8 hours HttpOnly: true, // Secure: true, // Set this when TLS is set up. } }
func CreateSessionStore(secret string, domain string, secure bool) { Store = sessions.NewFilesystemStore("", []byte(secret)) Store.Options = &sessions.Options{Domain: domain, Path: "/", Secure: secure, HttpOnly: true, MaxAge: 7 * 86400} }
func init() { Store = sessions.NewFilesystemStore(os.TempDir(), []byte(AppKey)) goth.UseProviders(&faux.Provider{}) }
func init() { gothic.Store = sessions.NewFilesystemStore(os.TempDir(), []byte("goth-example")) }
func init() { // N.B. this should not be necessary. gob.Register(map[PasteID][]byte(nil)) gob.Register(&PastePermissionSet{}) gob.Register(PastePermission{}) arguments.register() arguments.parse() runtime.GOMAXPROCS(runtime.NumCPU()) RegisterTemplateFunction("encryptionAllowed", func(ri *RenderContext) bool { return Env() == EnvironmentDevelopment || RequestIsHTTPS(ri.Request) }) RegisterTemplateFunction("editAllowed", func(ri *RenderContext) bool { return isEditAllowed(ri.Obj.(*Paste), ri.Request) }) RegisterTemplateFunction("render", renderPaste) RegisterTemplateFunction("pasteURL", pasteURL) RegisterTemplateFunction("pasteWillExpire", func(p *Paste) bool { return p.Expiration != "" && p.Expiration != "-1" }) RegisterTemplateFunction("pasteFromID", func(id PasteID) *Paste { p, err := pasteStore.Get(id, nil) if err != nil { return nil } return p }) RegisterTemplateFunction("truncatedPasteBody", func(p *Paste, lines int) string { reader, _ := p.Reader() defer reader.Close() bufReader := bufio.NewReader(reader) s := "" n := 0 for n < lines { line, err := bufReader.ReadString('\n') if err != io.EOF && err != nil { break } s = s + line if err == io.EOF { break } n++ } if n == lines { s += "..." } return s }) RegisterTemplateFunction("pasteBody", func(p *Paste) string { reader, _ := p.Reader() defer reader.Close() b := &bytes.Buffer{} io.Copy(b, reader) return b.String() }) RegisterTemplateFunction("requestVariable", requestVariable) sesdir := filepath.Join(arguments.root, "sessions") os.Mkdir(sesdir, 0700) sessionKeyFile := filepath.Join(arguments.root, "session.key") sessionKey, err := SlurpFile(sessionKeyFile) if err != nil { sessionKey = securecookie.GenerateRandomKey(32) err = ioutil.WriteFile(sessionKeyFile, sessionKey, 0600) if err != nil { glog.Fatal("session.key not found, and an attempt to create one failed: ", err) } } sessionStore = sessions.NewFilesystemStore(sesdir, sessionKey) sessionStore.Options.Path = "/" sessionStore.Options.MaxAge = 86400 * 365 clientKeyFile := filepath.Join(arguments.root, "client_session_enc.key") clientOnlySessionEncryptionKey, err := SlurpFile(clientKeyFile) if err != nil { clientOnlySessionEncryptionKey = securecookie.GenerateRandomKey(32) err = ioutil.WriteFile(clientKeyFile, clientOnlySessionEncryptionKey, 0600) if err != nil { glog.Fatal("client_session_enc.key not found, and an attempt to create one failed: ", err) } } clientOnlySessionStore = sessions.NewCookieStore(sessionKey, clientOnlySessionEncryptionKey) if Env() != EnvironmentDevelopment { clientOnlySessionStore.Options.Secure = true } clientOnlySessionStore.Options.Path = "/" clientOnlySessionStore.Options.MaxAge = 0 clientLongtermSessionStore = sessions.NewCookieStore(sessionKey, clientOnlySessionEncryptionKey) if Env() != EnvironmentDevelopment { clientLongtermSessionStore.Options.Secure = true } clientLongtermSessionStore.Options.Path = "/" clientLongtermSessionStore.Options.MaxAge = 86400 * 365 pastedir := filepath.Join(arguments.root, "pastes") os.Mkdir(pastedir, 0700) pasteStore = NewFilesystemPasteStore(pastedir) pasteStore.PasteDestroyCallback = PasteCallback(pasteDestroyCallback) pasteExpirator = gotimeout.NewExpirator(filepath.Join(arguments.root, "expiry.gob"), &ExpiringPasteStore{pasteStore}) ephStore = gotimeout.NewMap() accountPath := filepath.Join(arguments.root, "accounts") os.Mkdir(accountPath, 0700) userStore = &PromoteFirstUserToAdminStore{ Path: accountPath, AccountStore: &CachingUserStore{ AccountStore: &ManglingUserStore{ account.NewFilesystemStore(accountPath, &AuthChallengeProvider{}), }, }, } }
// InitSettings attempts to populate all the fields of the Settings struct. It will return an error if it fails, // otherwise it returns nil for success. func (s *Settings) InitSettings(envVars EnvVars) error { if len(envVars.ClientID) == 0 { return errors.New("Unable to find '" + ClientIDEnvVar + "' in environment. Exiting.\n") } if len(envVars.ClientSecret) == 0 { return errors.New("Unable to find '" + ClientSecretEnvVar + "' in environment. Exiting.\n") } if len(envVars.Hostname) == 0 { return errors.New("Unable to find '" + HostnameEnvVar + "' in environment. Exiting.\n") } if len(envVars.LoginURL) == 0 { return errors.New("Unable to find '" + LoginURLEnvVar + "' in environment. Exiting.\n") } if len(envVars.UAAURL) == 0 { return errors.New("Unable to find '" + UAAURLEnvVar + "' in environment. Exiting.\n") } if len(envVars.APIURL) == 0 { return errors.New("Unable to find '" + APIURLEnvVar + "' in environment. Exiting.\n") } if len(envVars.LogURL) == 0 { return errors.New("Unable to find '" + LogURLEnvVar + "' in environment. Exiting.\n") } if len(envVars.SessionKey) == 0 { return errors.New("Unable to find '" + SessionKeyEnvVar + "' in environment. Exiting.\n") } s.ConsoleAPI = envVars.APIURL s.LoginURL = envVars.LoginURL s.TokenContext = context.TODO() s.UaaURL = envVars.UAAURL s.LogURL = envVars.LogURL s.PProfEnabled = ((envVars.PProfEnabled == "true") || (envVars.PProfEnabled == "1")) if s.BuildInfo = envVars.BuildInfo; len(s.BuildInfo) == 0 { s.BuildInfo = "developer-build" } s.SecureCookies = ((envVars.SecureCookies == "true") || (envVars.SecureCookies == "1")) // Setup OAuth2 Client Service. s.OAuthConfig = &oauth2.Config{ ClientID: envVars.ClientID, ClientSecret: envVars.ClientSecret, RedirectURL: envVars.Hostname + "/oauth2callback", Scopes: []string{"cloud_controller.read", "cloud_controller.write", "cloud_controller.admin", "scim.read", "openid"}, Endpoint: oauth2.Endpoint{ AuthURL: envVars.LoginURL + "/oauth/authorize", TokenURL: envVars.UAAURL + "/oauth/token", }, } s.StateGenerator = func() (string, error) { return GenerateRandomString(32) } // Initialize Sessions. // Temp FIXME that fixes the problem of using a cookie store which would cause the secure encoding // of the oauth 2.0 token struct in production to exceed the max size of 4096 bytes. filesystemStore := sessions.NewFilesystemStore("", []byte(envVars.SessionKey)) filesystemStore.MaxLength(4096 * 4) filesystemStore.Options = &sessions.Options{ HttpOnly: true, Secure: s.SecureCookies, } s.Sessions = filesystemStore // Want to save a struct into the session. Have to register it. gob.Register(oauth2.Token{}) s.HighPrivilegedOauthConfig = &clientcredentials.Config{ ClientID: envVars.ClientID, ClientSecret: envVars.ClientSecret, Scopes: []string{"scim.read"}, TokenURL: envVars.UAAURL + "/oauth/token", } return nil }
package lib import ( "github.com/go4r/handy" "github.com/gorilla/sessions" "net/http" "net/url" ) var ( DefaultSessionKeyPars = [][]byte{[]byte(`2TZs4ESupxTybxm9JYXEeV6FuvI8YNKA`)} DefaultSessionStore sessions.Store = sessions.NewFilesystemStore("private/sessions", DefaultSessionKeyPars...) DefaultSessionName = "handy_session" ) func init() { handy.Server.Context().MapProviders(handy.ProvidersMap{ "cookies": func(c *handy.Context) func() interface{} { var cookies = &Cookies{map[string]*http.Cookie{}, c.Get("request").(*http.Request)} c.CleanupFunc(func() { w := c.Get("response").(http.ResponseWriter) for _, v := range cookies.Cookies { v.Value = url.QueryEscape(v.Value) http.SetCookie(w, v) } }) return func() interface{} { return cookies } }, "session.store": func(c *handy.Context) func() interface{} {
package main import ( "github.com/gorilla/securecookie" "github.com/gorilla/sessions" "time" ) // Session store for users var store = sessions.NewFilesystemStore( // Path "app/sessions", // Secret key with strength set to 64 []byte(securecookie.GenerateRandomKey(64)), ) type User struct { // ID is an int64 that is a users identification // number. Id uint64 // Username is a string with max-size set to 255 // and is the username that a user will use when // logging in to the web interface. Username string `sql:"size:255;unique"` // Password is a string with max-size set to 255 // and is the password that a user will use when // logging in to the web interface. Password string `sql:"size:255"`