Simplify redis store options
This commit is contained in:
Joel Speed
Brian Van Klaveren
parent
f2562e8973
commit
296d989e58
|
|
@ -17,7 +17,6 @@ import (
|
||||||
"github.com/pusher/oauth2_proxy/pkg/apis/options"
|
"github.com/pusher/oauth2_proxy/pkg/apis/options"
|
||||||
"github.com/pusher/oauth2_proxy/pkg/apis/sessions"
|
"github.com/pusher/oauth2_proxy/pkg/apis/sessions"
|
||||||
"github.com/pusher/oauth2_proxy/pkg/cookies"
|
"github.com/pusher/oauth2_proxy/pkg/cookies"
|
||||||
"github.com/pusher/oauth2_proxy/pkg/sessions/utils"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// TicketData is a structure representing the ticket used in server session storage
|
// TicketData is a structure representing the ticket used in server session storage
|
||||||
|
|
@ -30,45 +29,24 @@ type TicketData struct {
|
||||||
// interface that stores sessions in redis
|
// interface that stores sessions in redis
|
||||||
type SessionStore struct {
|
type SessionStore struct {
|
||||||
CookieCipher *cookie.Cipher
|
CookieCipher *cookie.Cipher
|
||||||
CookieDomain string
|
CookieOptions *options.CookieOptions
|
||||||
CookieExpire time.Duration
|
|
||||||
CookieHTTPOnly bool
|
|
||||||
CookieName string
|
|
||||||
CookiePath string
|
|
||||||
CookieSecret string
|
|
||||||
CookieSecure bool
|
|
||||||
Client *redis.Client
|
Client *redis.Client
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewRedisSessionStore initialises a new instance of the SessionStore from
|
// NewRedisSessionStore initialises a new instance of the SessionStore from
|
||||||
// the configuration given
|
// the configuration given
|
||||||
func NewRedisSessionStore(opts options.RedisStoreOptions, cookieOpts *options.CookieOptions) (sessions.SessionStore, error) {
|
func NewRedisSessionStore(opts *options.SessionOptions, cookieOpts *options.CookieOptions) (sessions.SessionStore, error) {
|
||||||
opt, err := redis.ParseURL(opts.RedisConnectionURL)
|
opt, err := redis.ParseURL(opts.RedisStoreOptions.RedisConnectionURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("unable to parse redis url: %s", err)
|
return nil, fmt.Errorf("unable to parse redis url: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
var cookieCipher *cookie.Cipher
|
|
||||||
if len(cookieOpts.CookieSecret) > 0 {
|
|
||||||
var err error
|
|
||||||
cookieCipher, err = cookie.NewCipher(utils.SecretBytes(cookieOpts.CookieSecret))
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("unable to create cookieCipher: %v", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
client := redis.NewClient(opt)
|
client := redis.NewClient(opt)
|
||||||
|
|
||||||
rs := &SessionStore{
|
rs := &SessionStore{
|
||||||
Client: client,
|
Client: client,
|
||||||
CookieCipher: cookieCipher,
|
CookieCipher: opts.Cipher,
|
||||||
CookieDomain: cookieOpts.CookieDomain,
|
CookieOptions: cookieOpts,
|
||||||
CookieExpire: cookieOpts.CookieExpire,
|
|
||||||
CookieHTTPOnly: cookieOpts.CookieHTTPOnly,
|
|
||||||
CookieName: cookieOpts.CookieName,
|
|
||||||
CookiePath: cookieOpts.CookiePath,
|
|
||||||
CookieSecret: cookieOpts.CookieSecret,
|
|
||||||
CookieSecure: cookieOpts.CookieSecure,
|
|
||||||
}
|
}
|
||||||
return rs, nil
|
return rs, nil
|
||||||
|
|
||||||
|
|
@ -79,7 +57,7 @@ func NewRedisSessionStore(opts options.RedisStoreOptions, cookieOpts *options.Co
|
||||||
func (store *SessionStore) Save(rw http.ResponseWriter, req *http.Request, s *sessions.SessionState) error {
|
func (store *SessionStore) Save(rw http.ResponseWriter, req *http.Request, s *sessions.SessionState) error {
|
||||||
// Old sessions that we are refreshing would have a request cookie
|
// Old sessions that we are refreshing would have a request cookie
|
||||||
// New sessions don't, so we ignore the error. storeValue will check requestCookie
|
// New sessions don't, so we ignore the error. storeValue will check requestCookie
|
||||||
requestCookie, _ := req.Cookie(store.CookieName)
|
requestCookie, _ := req.Cookie(store.CookieOptions.CookieName)
|
||||||
value, err := s.EncodeSessionState(store.CookieCipher)
|
value, err := s.EncodeSessionState(store.CookieCipher)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
@ -89,15 +67,12 @@ func (store *SessionStore) Save(rw http.ResponseWriter, req *http.Request, s *se
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
ticketCookie := cookies.MakeCookie(
|
ticketCookie := cookies.MakeCookieFromOptions(
|
||||||
req,
|
req,
|
||||||
store.CookieName,
|
store.CookieOptions.CookieName,
|
||||||
ticketString,
|
ticketString,
|
||||||
store.CookiePath,
|
store.CookieOptions,
|
||||||
store.CookieDomain,
|
store.CookieOptions.CookieExpire,
|
||||||
store.CookieHTTPOnly,
|
|
||||||
store.CookieSecure,
|
|
||||||
store.CookieExpire,
|
|
||||||
time.Now(),
|
time.Now(),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -108,7 +83,7 @@ func (store *SessionStore) Save(rw http.ResponseWriter, req *http.Request, s *se
|
||||||
// Load reads sessions.SessionState information from a ticket
|
// Load reads sessions.SessionState information from a ticket
|
||||||
// cookie within the HTTP request object
|
// cookie within the HTTP request object
|
||||||
func (store *SessionStore) Load(req *http.Request) (*sessions.SessionState, error) {
|
func (store *SessionStore) Load(req *http.Request) (*sessions.SessionState, error) {
|
||||||
requestCookie, err := req.Cookie(store.CookieName)
|
requestCookie, err := req.Cookie(store.CookieOptions.CookieName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("error loading session: %s", err)
|
return nil, fmt.Errorf("error loading session: %s", err)
|
||||||
}
|
}
|
||||||
|
|
@ -122,12 +97,12 @@ func (store *SessionStore) Load(req *http.Request) (*sessions.SessionState, erro
|
||||||
|
|
||||||
// LoadSessionFromString loads the session based on the ticket value
|
// LoadSessionFromString loads the session based on the ticket value
|
||||||
func (store *SessionStore) LoadSessionFromString(value string) (*sessions.SessionState, error) {
|
func (store *SessionStore) LoadSessionFromString(value string) (*sessions.SessionState, error) {
|
||||||
ticket, err := decodeTicket(store.CookieName, value)
|
ticket, err := decodeTicket(store.CookieOptions.CookieName, value)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
result, err := store.Client.Get(ticket.asHandle(store.CookieName)).Result()
|
result, err := store.Client.Get(ticket.asHandle(store.CookieOptions.CookieName)).Result()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
@ -151,17 +126,14 @@ func (store *SessionStore) LoadSessionFromString(value string) (*sessions.Sessio
|
||||||
// Clear clears any saved session information for a given ticket cookie
|
// Clear clears any saved session information for a given ticket cookie
|
||||||
// from redis, and then clears the session
|
// from redis, and then clears the session
|
||||||
func (store *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) error {
|
func (store *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) error {
|
||||||
requestCookie, _ := req.Cookie(store.CookieName)
|
requestCookie, _ := req.Cookie(store.CookieOptions.CookieName)
|
||||||
|
|
||||||
// We go ahead and clear the cookie first, always.
|
// We go ahead and clear the cookie first, always.
|
||||||
clearCookie := cookies.MakeCookie(
|
clearCookie := cookies.MakeCookieFromOptions(
|
||||||
req,
|
req,
|
||||||
store.CookieName,
|
store.CookieOptions.CookieName,
|
||||||
"",
|
"",
|
||||||
store.CookiePath,
|
store.CookieOptions,
|
||||||
store.CookieDomain,
|
|
||||||
store.CookieHTTPOnly,
|
|
||||||
store.CookieSecure,
|
|
||||||
time.Hour*-1,
|
time.Hour*-1,
|
||||||
time.Now(),
|
time.Now(),
|
||||||
)
|
)
|
||||||
|
|
@ -169,9 +141,9 @@ func (store *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) erro
|
||||||
|
|
||||||
// We only return an error if we had an issue with redis
|
// We only return an error if we had an issue with redis
|
||||||
// If there's an issue decoding the ticket, ignore it
|
// If there's an issue decoding the ticket, ignore it
|
||||||
ticket, _ := decodeTicket(store.CookieName, requestCookie.Value)
|
ticket, _ := decodeTicket(store.CookieOptions.CookieName, requestCookie.Value)
|
||||||
if ticket != nil {
|
if ticket != nil {
|
||||||
deleted, err := store.Client.Del(ticket.asHandle(store.CookieName)).Result()
|
deleted, err := store.Client.Del(ticket.asHandle(store.CookieOptions.CookieName)).Result()
|
||||||
fmt.Println("delted %n", deleted)
|
fmt.Println("delted %n", deleted)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("error clearing cookie from redis: %s", err)
|
return fmt.Errorf("error clearing cookie from redis: %s", err)
|
||||||
|
|
@ -184,7 +156,7 @@ func (store *SessionStore) storeValue(value string, expiresOn time.Time, request
|
||||||
var ticket *TicketData
|
var ticket *TicketData
|
||||||
if requestCookie != nil {
|
if requestCookie != nil {
|
||||||
var err error
|
var err error
|
||||||
ticket, err = decodeTicket(store.CookieName, requestCookie.Value)
|
ticket, err = decodeTicket(store.CookieOptions.CookieName, requestCookie.Value)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
@ -206,13 +178,13 @@ func (store *SessionStore) storeValue(value string, expiresOn time.Time, request
|
||||||
stream := cipher.NewCFBEncrypter(block, ticket.Secret)
|
stream := cipher.NewCFBEncrypter(block, ticket.Secret)
|
||||||
stream.XORKeyStream(ciphertext, []byte(value))
|
stream.XORKeyStream(ciphertext, []byte(value))
|
||||||
|
|
||||||
handle := ticket.asHandle(store.CookieName)
|
handle := ticket.asHandle(store.CookieOptions.CookieName)
|
||||||
expires := expiresOn.Sub(time.Now())
|
expires := expiresOn.Sub(time.Now())
|
||||||
err = store.Client.Set(handle, ciphertext, expires).Err()
|
err = store.Client.Set(handle, ciphertext, expires).Err()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
return ticket.encodeTicket(store.CookieName), nil
|
return ticket.encodeTicket(store.CookieOptions.CookieName), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func newTicket() (*TicketData, error) {
|
func newTicket() (*TicketData, error) {
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ func NewSessionStore(opts *options.SessionOptions, cookieOpts *options.CookieOpt
|
||||||
case options.CookieSessionStoreType:
|
case options.CookieSessionStoreType:
|
||||||
return cookie.NewCookieSessionStore(opts, cookieOpts)
|
return cookie.NewCookieSessionStore(opts, cookieOpts)
|
||||||
case options.RedisSessionStoreType:
|
case options.RedisSessionStoreType:
|
||||||
return redis.NewRedisSessionStore(opts.RedisStoreOptions, cookieOpts)
|
return redis.NewRedisSessionStore(opts, cookieOpts)
|
||||||
default:
|
default:
|
||||||
return nil, fmt.Errorf("unknown session store type '%s'", opts.Type)
|
return nil, fmt.Errorf("unknown session store type '%s'", opts.Type)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue