iridium/neko
2
2
Fork 0
mirror of https://github.com/m1k1o/neko.git synced 2024-07-24 14:40:50 +12:00
Code Issues Packages Projects Releases Wiki Activity
014b757734
neko/internal/session/auth.go
Miroslav Šedivý 4f1e3c879a read cookies only if enabled.
2021-04-24 21:11:07 +02:00

81 lines
1.7 KiB
Go
Raw Blame History

package session
import (
"fmt"
"net/http"
"strings"
"time"
"demodesk/neko/internal/types"
)
func (manager *SessionManagerCtx) CookieSetToken(w http.ResponseWriter, token string) {
sameSite := http.SameSiteDefaultMode
if manager.config.CookieSecure {
sameSite = http.SameSiteNoneMode
}
http.SetCookie(w, &http.Cookie{
Name: manager.config.CookieName,
Value: token,
Expires: manager.config.CookieExpiration,
Secure: manager.config.CookieSecure,
SameSite: sameSite,
HttpOnly: true,
})
}
func (manager *SessionManagerCtx) CookieClearToken(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie(manager.config.CookieName)
if err != nil {
return
}
cookie.Value = ""
cookie.Expires = time.Unix(0, 0)
http.SetCookie(w, cookie)
}
func (manager *SessionManagerCtx) Authenticate(r *http.Request) (types.Session, error) {
token, ok := manager.getToken(r)
if !ok {
return nil, fmt.Errorf("no authentication provided")
}
session, ok := manager.GetByToken(token)
if !ok {
return nil, fmt.Errorf("session not found")
}
if !session.Profile().CanLogin {
return nil, fmt.Errorf("login disabled")
}
return session, nil
}
func (manager *SessionManagerCtx) getToken(r *http.Request) (string, bool) {
if manager.CookieEnabled() {
// get from Cookie
cookie, err := r.Cookie(manager.config.CookieName)
if err == nil {
return cookie.Value, true
}
}
// get from Header
reqToken := r.Header.Get("Authorization")
splitToken := strings.Split(reqToken, "Bearer ")
if len(splitToken) == 2 {
return strings.TrimSpace(splitToken[1]), true
}
// get from URL
token := r.URL.Query().Get("token")
if token != "" {
return token, true
}
return "", false
}
Reference in New Issue View Git Blame Copy Permalink