-
Notifications
You must be signed in to change notification settings - Fork 1
/
session_manager.go
153 lines (125 loc) · 3.33 KB
/
session_manager.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
package phpsessgo
import (
"net/http"
"strings"
"github.com/tiket-oss/phpsessgo/phpencode"
)
type SessionManager interface {
Start(w http.ResponseWriter, r *http.Request) (session *Session, err error)
Save(session *Session) error
SessionName() string
SIDCreator() SessionIDCreator
Encoder() SessionEncoder
SetCookieString(string) string
}
// NewSessionManager create new instance of SessionManager
func NewSessionManager(config SessionManagerConfig) SessionManager {
sessionManager := &sessionManager{
sessionName: DefaultSessionName,
sidCreator: &UUIDCreator{},
encoder: &PHPSessionEncoder{},
config: config,
}
return sessionManager
}
func NewSessionManagerRaw(
sessionName string,
sidCreator SessionIDCreator,
encoder SessionEncoder,
config SessionManagerConfig,
) SessionManager {
return &sessionManager{
sessionName: sessionName,
sidCreator: sidCreator,
encoder: encoder,
config: config,
}
}
// SessionManager handle session creation/modification
type sessionManager struct {
sessionName string
sidCreator SessionIDCreator
encoder SessionEncoder
config SessionManagerConfig
}
// Start is adoption of PHP start_session() to return current active session
func (m *sessionManager) Start(w http.ResponseWriter, r *http.Request) (session *Session, err error) {
session = NewSession()
var raw string
var phpSession phpencode.PhpSession
sessionID := m.getFromCookies(r.Cookies())
if sessionID == "" {
sessionID = m.sidCreator.CreateSID()
session.SessionID = sessionID
// http.SetCookie(w, &http.Cookie{
// Name: m.sessionName,
// Value: sessionID,
// HttpOnly: m.config.CookieHttpOnly,
// Path: m.config.CookiePath,
// Domain: m.config.CookieDomain,
// })
w.Header().Add("Set-Cookie", m.SetCookieString(sessionID))
return
}
session.SessionID = sessionID
raw, err = Read(sessionID)
if err != nil {
return
}
phpSession, err = m.encoder.Decode(raw)
if err != nil {
return
}
session.Value = phpSession
return
}
// Save the session
func (m *sessionManager) Save(session *Session) error {
sessionData, err := m.encoder.Encode(session.Value)
if err != nil {
return err
}
return Write(session.SessionID, sessionData)
}
func (m *sessionManager) SessionName() string {
return m.sessionName
}
func (m *sessionManager) SIDCreator() SessionIDCreator {
return m.sidCreator
}
func (m *sessionManager) Encoder() SessionEncoder {
return m.encoder
}
func (m *sessionManager) getFromCookies(cookies []*http.Cookie) string {
for _, cookie := range cookies {
if cookie.Name == m.sessionName {
return cookie.Value
}
}
return ""
}
// SetCookieString naive approach to get lowercase Domain and Path attribute
func (m *sessionManager) SetCookieString(sessionID string) string {
var builder strings.Builder
builder.WriteString(m.SessionName())
builder.WriteString("=")
builder.WriteString(sessionID)
builder.WriteString("; ")
if m.config.CookiePath != "" {
builder.WriteString("path=")
builder.WriteString(m.config.CookiePath)
builder.WriteString("; ")
}
if m.config.CookieDomain != "" {
builder.WriteString("domain=")
builder.WriteString(m.config.CookieDomain)
builder.WriteString("; ")
}
if m.config.CookieSecure {
builder.WriteString("secure; ")
}
if m.config.CookieHttpOnly {
builder.WriteString("httponly")
}
return builder.String()
}