Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL encode session cookie #54

Merged
merged 2 commits into from
Nov 23, 2023
Merged

URL encode session cookie #54

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8214b1c
url encode session cookie
jeremy5189 Nov 22, 2023
ca1756d
Handle err
jeremy5189 Nov 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,5 @@ banjax
*.tmp
tmp
logs

keys
23 changes: 16 additions & 7 deletions internal/session_cookie.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"fmt"
"log"
"math/rand"
"net/url"
"strconv"
"strings"
"time"
Expand All @@ -25,7 +26,7 @@ import (
)

const (
CookieName = "deflect_session"
SessionCookieName = "deflect_session"
ExpireTimeByteLength = 8
IdByteLength = 4
HmacByteLength = 4
Expand Down Expand Up @@ -118,19 +119,26 @@ func sessionCookieEndPoint(c *gin.Context, config *Config) error {
set in the logs: dsc=cookie, dsc_new=False
*/
clientIp := c.Request.Header.Get("X-Client-IP")
dsc, err := c.Cookie(CookieName)
dsc, err := c.Cookie(SessionCookieName)
urlDecodedDsc, decodeErr := url.QueryUnescape(dsc)

// if fail to decode, use the original dsc
if decodeErr != nil {
log.Printf("DSC: fail to urldecode cookie %s, use the original one\n", dsc)
urlDecodedDsc = dsc
}

if err == nil {
// cookie exists, validate it
validateErr := validateSessionCookie(dsc, config.SessionCookieHmacSecret, time.Now(), clientIp)
validateErr := validateSessionCookie(urlDecodedDsc, config.SessionCookieHmacSecret, time.Now(), clientIp)
if validateErr == nil {
// cookie is valid, do not attach cookie but only report dsc_new=false
// fmt.Printf("DSC: [%s] cookie %s is valid, report dsc_new=false\n", clientIp, dsc)
attachSessionCookie(c, config, dsc, false)
// log.Printf("DSC: [%s] cookie %s is valid, report dsc_new=false\n", clientIp, urlDecodedDsc)
attachSessionCookie(c, config, urlDecodedDsc, false)
} else {
// cookie is invalid, create a new one
newDsc := newSessionCookie(config.SessionCookieHmacSecret, config.SessionCookieTtlSeconds, clientIp)
log.Printf("DSC: [%s] cookie %s is not valid, issue new: %s\n", clientIp, dsc, newDsc)
log.Printf("DSC: [%s] cookie %s is not valid, issue new: %s\n", clientIp, urlDecodedDsc, newDsc)
attachSessionCookie(c, config, newDsc, true)
}
return nil
Expand All @@ -145,7 +153,8 @@ func sessionCookieEndPoint(c *gin.Context, config *Config) error {

func attachSessionCookie(c *gin.Context, config *Config, dsc string, dsc_new bool) {
if dsc_new {
c.SetCookie(CookieName, dsc, config.SessionCookieTtlSeconds, "/", "", false, true)
urlEncodedDsc := url.QueryEscape(dsc)
c.SetCookie(SessionCookieName, urlEncodedDsc, config.SessionCookieTtlSeconds, "/", "", false, true)
}
// for nginx log
c.Header("X-Deflect-Session", dsc)
Expand Down
Loading