Skip to content

B
beego
Commit e89f5623 authored by astaxie's avatar astaxie
Browse files
Options

Merge pull request #1897 from yuyongsheng/develop 

add/get session id into/from http header, check the session name in http header
parents 70f3f6b8 5aa085bf
Hide whitespace changes
Inline Side-by-side
Showing with 95 additions and 36 deletions
config.go
View file @ e89f5623
...@@ -83,14 +83,17 @@ type WebConfig struct { ...@@ -83,14 +83,17 @@ type WebConfig struct {
// SessionConfig holds session related config // SessionConfig holds session related config
type SessionConfig struct { type SessionConfig struct {
SessionOn bool SessionOn bool
SessionProvider string SessionProvider string
SessionName string SessionName string
SessionGCMaxLifetime int64 SessionGCMaxLifetime int64
SessionProviderConfig string SessionProviderConfig string
SessionCookieLifeTime int SessionCookieLifeTime int
SessionAutoSetCookie bool SessionAutoSetCookie bool
SessionDomain string SessionDomain string
EnableSidInHttpHeader bool // enable store/get the sessionId into/from http headers
SessionNameInHttpHeader string
EnableSidInUrlQuery bool // enable get the sessionId from Url Query params
} }
// LogConfig holds Log related config // LogConfig holds Log related config
...@@ -183,14 +186,17 @@ func newBConfig() *Config { ...@@ -183,14 +186,17 @@ func newBConfig() *Config {
XSRFKey: "beegoxsrf", XSRFKey: "beegoxsrf",
XSRFExpire: 0, XSRFExpire: 0,
Session: SessionConfig{ Session: SessionConfig{
SessionOn: false, SessionOn: false,
SessionProvider: "memory", SessionProvider: "memory",
SessionName: "beegosessionID", SessionName: "beegosessionID",
SessionGCMaxLifetime: 3600, SessionGCMaxLifetime: 3600,
SessionProviderConfig: "", SessionProviderConfig: "",
SessionCookieLifeTime: 0, //set cookie default is the browser life SessionCookieLifeTime: 0, //set cookie default is the browser life
SessionAutoSetCookie: true, SessionAutoSetCookie: true,
SessionDomain: "", SessionDomain: "",
EnableSidInHttpHeader: false, // enable store/get the sessionId into/from http headers
SessionNameInHttpHeader: "Beegosessionid",
EnableSidInUrlQuery: false, // enable get the sessionId from Url Query params
}, },
}, },
Log: LogConfig{ Log: LogConfig{
......
hooks.go
View file @ e89f5623
...@@ -47,13 +47,16 @@ func registerSession() error { ...@@ -47,13 +47,16 @@ func registerSession() error {
sessionConfig := AppConfig.String("sessionConfig") sessionConfig := AppConfig.String("sessionConfig")
if sessionConfig == "" { if sessionConfig == "" {
conf := map[string]interface{}{ conf := map[string]interface{}{
"cookieName": BConfig.WebConfig.Session.SessionName, "cookieName": BConfig.WebConfig.Session.SessionName,
"gclifetime": BConfig.WebConfig.Session.SessionGCMaxLifetime, "gclifetime": BConfig.WebConfig.Session.SessionGCMaxLifetime,
"providerConfig": filepath.ToSlash(BConfig.WebConfig.Session.SessionProviderConfig), "providerConfig": filepath.ToSlash(BConfig.WebConfig.Session.SessionProviderConfig),
"secure": BConfig.Listen.EnableHTTPS, "secure": BConfig.Listen.EnableHTTPS,
"enableSetCookie": BConfig.WebConfig.Session.SessionAutoSetCookie, "enableSetCookie": BConfig.WebConfig.Session.SessionAutoSetCookie,
"domain": BConfig.WebConfig.Session.SessionDomain, "domain": BConfig.WebConfig.Session.SessionDomain,
"cookieLifeTime": BConfig.WebConfig.Session.SessionCookieLifeTime, "cookieLifeTime": BConfig.WebConfig.Session.SessionCookieLifeTime,
"enableSidInHttpHeader": BConfig.WebConfig.Session.EnableSidInHttpHeader,
"sessionNameInHttpHeader": BConfig.WebConfig.Session.SessionNameInHttpHeader,
"enableSidInUrlQuery": BConfig.WebConfig.Session.EnableSidInUrlQuery,
} }
confBytes, err := json.Marshal(conf) confBytes, err := json.Marshal(conf)
if err != nil { if err != nil {
......
session/session.go
View file @ e89f5623
...@@ -31,10 +31,12 @@ import ( ...@@ -31,10 +31,12 @@ import (
"crypto/rand" "crypto/rand"
"encoding/hex" "encoding/hex"
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"io" "io"
"log" "log"
"net/http" "net/http"
"net/textproto"
"net/url" "net/url"
"os" "os"
"time" "time"
...@@ -81,15 +83,18 @@ func Register(name string, provide Provider) { ...@@ -81,15 +83,18 @@ func Register(name string, provide Provider) {
} }
type managerConfig struct { type managerConfig struct {
CookieName string `json:"cookieName"` CookieName string `json:"cookieName"`
EnableSetCookie bool `json:"enableSetCookie,omitempty"` EnableSetCookie bool `json:"enableSetCookie,omitempty"`
Gclifetime int64 `json:"gclifetime"` Gclifetime int64 `json:"gclifetime"`
Maxlifetime int64 `json:"maxLifetime"` Maxlifetime int64 `json:"maxLifetime"`
Secure bool `json:"secure"` Secure bool `json:"secure"`
CookieLifeTime int `json:"cookieLifeTime"` CookieLifeTime int `json:"cookieLifeTime"`
ProviderConfig string `json:"providerConfig"` ProviderConfig string `json:"providerConfig"`
Domain string `json:"domain"` Domain string `json:"domain"`
SessionIDLength int64 `json:"sessionIDLength"` SessionIDLength int64 `json:"sessionIDLength"`
EnableSidInHttpHeader bool `json:"enableSidInHttpHeader"`
SessionNameInHttpHeader string `json:"sessionNameInHttpHeader"`
EnableSidInUrlQuery bool `json:"enableSidInUrlQuery"`
} }
// Manager contains Provider and its configuration. // Manager contains Provider and its configuration.
...@@ -124,6 +129,23 @@ func NewManager(provideName, config string) (*Manager, error) { ...@@ -124,6 +129,23 @@ func NewManager(provideName, config string) (*Manager, error) {
if cf.Maxlifetime == 0 { if cf.Maxlifetime == 0 {
cf.Maxlifetime = cf.Gclifetime cf.Maxlifetime = cf.Gclifetime
} }
if cf.EnableSidInHttpHeader {
if cf.SessionNameInHttpHeader == "" {
err = errors.New("SessionNameInHttpHeader is empty")
panic(err)
return nil, err
}
strMimeHeader := textproto.CanonicalMIMEHeaderKey(cf.SessionNameInHttpHeader)
if cf.SessionNameInHttpHeader != strMimeHeader {
strErrMsg := "SessionNameInHttpHeader (" + cf.SessionNameInHttpHeader + ") has the wrong format, it should be like this : " + strMimeHeader
err = errors.New(strErrMsg)
panic(err)
return nil, err
}
}
err = provider.SessionInit(cf.Maxlifetime, cf.ProviderConfig) err = provider.SessionInit(cf.Maxlifetime, cf.ProviderConfig)
if err != nil { if err != nil {
return nil, err return nil, err
...@@ -149,12 +171,24 @@ func NewManager(provideName, config string) (*Manager, error) { ...@@ -149,12 +171,24 @@ func NewManager(provideName, config string) (*Manager, error) {
func (manager *Manager) getSid(r *http.Request) (string, error) { func (manager *Manager) getSid(r *http.Request) (string, error) {
cookie, errs := r.Cookie(manager.config.CookieName) cookie, errs := r.Cookie(manager.config.CookieName)
if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 { if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
errs := r.ParseForm() var sid string
if errs != nil { if manager.config.EnableSidInUrlQuery {
return "", errs errs := r.ParseForm()
if errs != nil {
return "", errs
}
sid = r.FormValue(manager.config.CookieName)
}
// if not found in Cookie / param, then read it from request headers
if manager.config.EnableSidInHttpHeader && sid == "" {
sids, isFound := r.Header[manager.config.SessionNameInHttpHeader]
if isFound && len(sids) != 0 {
return sids[0], nil
}
} }
sid := r.FormValue(manager.config.CookieName)
return sid, nil return sid, nil
} }
...@@ -198,11 +232,21 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se ...@@ -198,11 +232,21 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
} }
r.AddCookie(cookie) r.AddCookie(cookie)
if manager.config.EnableSidInHttpHeader {
r.Header.Set(manager.config.SessionNameInHttpHeader, sid)
w.Header().Set(manager.config.SessionNameInHttpHeader, sid)
}
return return
} }
// SessionDestroy Destroy session by its id in http request cookie. // SessionDestroy Destroy session by its id in http request cookie.
func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) { func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
if manager.config.EnableSidInHttpHeader {
r.Header.Del(manager.config.SessionNameInHttpHeader)
w.Header().Del(manager.config.SessionNameInHttpHeader)
}
cookie, err := r.Cookie(manager.config.CookieName) cookie, err := r.Cookie(manager.config.CookieName)
if err != nil || cookie.Value == "" { if err != nil || cookie.Value == "" {
return return
...@@ -267,6 +311,12 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque ...@@ -267,6 +311,12 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
http.SetCookie(w, cookie) http.SetCookie(w, cookie)
} }
r.AddCookie(cookie) r.AddCookie(cookie)
if manager.config.EnableSidInHttpHeader {
r.Header.Set(manager.config.SessionNameInHttpHeader, sid)
w.Header().Set(manager.config.SessionNameInHttpHeader, sid)
}
return return
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment