mirror of
https://github.com/astaxie/beego.git
synced 2024-11-26 10:01:28 +00:00
Merge pull request #1897 from yuyongsheng/develop
add/get session id into/from http header, check the session name in http header
This commit is contained in:
astaxie
commit
e89f562396
@ -91,6 +91,9 @@ type SessionConfig struct {
|
|||||||
SessionCookieLifeTime int
|
SessionCookieLifeTime int
|
||||||
SessionAutoSetCookie bool
|
SessionAutoSetCookie bool
|
||||||
SessionDomain string
|
SessionDomain string
|
||||||
|
EnableSidInHttpHeader bool // enable store/get the sessionId into/from http headers
|
||||||
|
SessionNameInHttpHeader string
|
||||||
|
EnableSidInUrlQuery bool // enable get the sessionId from Url Query params
|
||||||
}
|
}
|
||||||
|
|
||||||
// LogConfig holds Log related config
|
// LogConfig holds Log related config
|
||||||
@ -191,6 +194,9 @@ func newBConfig() *Config {
|
|||||||
SessionCookieLifeTime: 0, //set cookie default is the browser life
|
SessionCookieLifeTime: 0, //set cookie default is the browser life
|
||||||
SessionAutoSetCookie: true,
|
SessionAutoSetCookie: true,
|
||||||
SessionDomain: "",
|
SessionDomain: "",
|
||||||
|
EnableSidInHttpHeader: false, // enable store/get the sessionId into/from http headers
|
||||||
|
SessionNameInHttpHeader: "Beegosessionid",
|
||||||
|
EnableSidInUrlQuery: false, // enable get the sessionId from Url Query params
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Log: LogConfig{
|
Log: LogConfig{
|
||||||
|
|||||||
3
hooks.go
3
hooks.go
@ -54,6 +54,9 @@ func registerSession() error {
|
|||||||
"enableSetCookie": BConfig.WebConfig.Session.SessionAutoSetCookie,
|
"enableSetCookie": BConfig.WebConfig.Session.SessionAutoSetCookie,
|
||||||
"domain": BConfig.WebConfig.Session.SessionDomain,
|
"domain": BConfig.WebConfig.Session.SessionDomain,
|
||||||
"cookieLifeTime": BConfig.WebConfig.Session.SessionCookieLifeTime,
|
"cookieLifeTime": BConfig.WebConfig.Session.SessionCookieLifeTime,
|
||||||
|
"enableSidInHttpHeader": BConfig.WebConfig.Session.EnableSidInHttpHeader,
|
||||||
|
"sessionNameInHttpHeader": BConfig.WebConfig.Session.SessionNameInHttpHeader,
|
||||||
|
"enableSidInUrlQuery": BConfig.WebConfig.Session.EnableSidInUrlQuery,
|
||||||
}
|
}
|
||||||
confBytes, err := json.Marshal(conf)
|
confBytes, err := json.Marshal(conf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@ -31,10 +31,12 @@ import (
|
|||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/textproto"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"time"
|
"time"
|
||||||
@ -90,6 +92,9 @@ type managerConfig struct {
|
|||||||
ProviderConfig string `json:"providerConfig"`
|
ProviderConfig string `json:"providerConfig"`
|
||||||
Domain string `json:"domain"`
|
Domain string `json:"domain"`
|
||||||
SessionIDLength int64 `json:"sessionIDLength"`
|
SessionIDLength int64 `json:"sessionIDLength"`
|
||||||
|
EnableSidInHttpHeader bool `json:"enableSidInHttpHeader"`
|
||||||
|
SessionNameInHttpHeader string `json:"sessionNameInHttpHeader"`
|
||||||
|
EnableSidInUrlQuery bool `json:"enableSidInUrlQuery"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Manager contains Provider and its configuration.
|
// Manager contains Provider and its configuration.
|
||||||
@ -124,6 +129,23 @@ func NewManager(provideName, config string) (*Manager, error) {
|
|||||||
if cf.Maxlifetime == 0 {
|
if cf.Maxlifetime == 0 {
|
||||||
cf.Maxlifetime = cf.Gclifetime
|
cf.Maxlifetime = cf.Gclifetime
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if cf.EnableSidInHttpHeader {
|
||||||
|
if cf.SessionNameInHttpHeader == "" {
|
||||||
|
err = errors.New("SessionNameInHttpHeader is empty")
|
||||||
|
panic(err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
strMimeHeader := textproto.CanonicalMIMEHeaderKey(cf.SessionNameInHttpHeader)
|
||||||
|
if cf.SessionNameInHttpHeader != strMimeHeader {
|
||||||
|
strErrMsg := "SessionNameInHttpHeader (" + cf.SessionNameInHttpHeader + ") has the wrong format, it should be like this : " + strMimeHeader
|
||||||
|
err = errors.New(strErrMsg)
|
||||||
|
panic(err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
err = provider.SessionInit(cf.Maxlifetime, cf.ProviderConfig)
|
err = provider.SessionInit(cf.Maxlifetime, cf.ProviderConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@ -149,12 +171,24 @@ func NewManager(provideName, config string) (*Manager, error) {
|
|||||||
func (manager *Manager) getSid(r *http.Request) (string, error) {
|
func (manager *Manager) getSid(r *http.Request) (string, error) {
|
||||||
cookie, errs := r.Cookie(manager.config.CookieName)
|
cookie, errs := r.Cookie(manager.config.CookieName)
|
||||||
if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
|
if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
|
||||||
|
var sid string
|
||||||
|
if manager.config.EnableSidInUrlQuery {
|
||||||
errs := r.ParseForm()
|
errs := r.ParseForm()
|
||||||
if errs != nil {
|
if errs != nil {
|
||||||
return "", errs
|
return "", errs
|
||||||
}
|
}
|
||||||
|
|
||||||
sid := r.FormValue(manager.config.CookieName)
|
sid = r.FormValue(manager.config.CookieName)
|
||||||
|
}
|
||||||
|
|
||||||
|
// if not found in Cookie / param, then read it from request headers
|
||||||
|
if manager.config.EnableSidInHttpHeader && sid == "" {
|
||||||
|
sids, isFound := r.Header[manager.config.SessionNameInHttpHeader]
|
||||||
|
if isFound && len(sids) != 0 {
|
||||||
|
return sids[0], nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return sid, nil
|
return sid, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -198,11 +232,21 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
|
|||||||
}
|
}
|
||||||
r.AddCookie(cookie)
|
r.AddCookie(cookie)
|
||||||
|
|
||||||
|
if manager.config.EnableSidInHttpHeader {
|
||||||
|
r.Header.Set(manager.config.SessionNameInHttpHeader, sid)
|
||||||
|
w.Header().Set(manager.config.SessionNameInHttpHeader, sid)
|
||||||
|
}
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// SessionDestroy Destroy session by its id in http request cookie.
|
// SessionDestroy Destroy session by its id in http request cookie.
|
||||||
func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
|
func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if manager.config.EnableSidInHttpHeader {
|
||||||
|
r.Header.Del(manager.config.SessionNameInHttpHeader)
|
||||||
|
w.Header().Del(manager.config.SessionNameInHttpHeader)
|
||||||
|
}
|
||||||
|
|
||||||
cookie, err := r.Cookie(manager.config.CookieName)
|
cookie, err := r.Cookie(manager.config.CookieName)
|
||||||
if err != nil || cookie.Value == "" {
|
if err != nil || cookie.Value == "" {
|
||||||
return
|
return
|
||||||
@ -267,6 +311,12 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
|
|||||||
http.SetCookie(w, cookie)
|
http.SetCookie(w, cookie)
|
||||||
}
|
}
|
||||||
r.AddCookie(cookie)
|
r.AddCookie(cookie)
|
||||||
|
|
||||||
|
if manager.config.EnableSidInHttpHeader {
|
||||||
|
r.Header.Set(manager.config.SessionNameInHttpHeader, sid)
|
||||||
|
w.Header().Set(manager.config.SessionNameInHttpHeader, sid)
|
||||||
|
}
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user