1
0
mirror of https://github.com/astaxie/beego.git synced 2024-11-26 11:01:29 +00:00

Merge pull request #1897 from yuyongsheng/develop

add/get session id into/from http header, check the session name in http header
This commit is contained in:
astaxie 2016-04-21 13:04:28 +08:00
commit e89f562396
3 changed files with 95 additions and 36 deletions

View File

@ -83,14 +83,17 @@ type WebConfig struct {
// SessionConfig holds session related config // SessionConfig holds session related config
type SessionConfig struct { type SessionConfig struct {
SessionOn bool SessionOn bool
SessionProvider string SessionProvider string
SessionName string SessionName string
SessionGCMaxLifetime int64 SessionGCMaxLifetime int64
SessionProviderConfig string SessionProviderConfig string
SessionCookieLifeTime int SessionCookieLifeTime int
SessionAutoSetCookie bool SessionAutoSetCookie bool
SessionDomain string SessionDomain string
EnableSidInHttpHeader bool // enable store/get the sessionId into/from http headers
SessionNameInHttpHeader string
EnableSidInUrlQuery bool // enable get the sessionId from Url Query params
} }
// LogConfig holds Log related config // LogConfig holds Log related config
@ -183,14 +186,17 @@ func newBConfig() *Config {
XSRFKey: "beegoxsrf", XSRFKey: "beegoxsrf",
XSRFExpire: 0, XSRFExpire: 0,
Session: SessionConfig{ Session: SessionConfig{
SessionOn: false, SessionOn: false,
SessionProvider: "memory", SessionProvider: "memory",
SessionName: "beegosessionID", SessionName: "beegosessionID",
SessionGCMaxLifetime: 3600, SessionGCMaxLifetime: 3600,
SessionProviderConfig: "", SessionProviderConfig: "",
SessionCookieLifeTime: 0, //set cookie default is the browser life SessionCookieLifeTime: 0, //set cookie default is the browser life
SessionAutoSetCookie: true, SessionAutoSetCookie: true,
SessionDomain: "", SessionDomain: "",
EnableSidInHttpHeader: false, // enable store/get the sessionId into/from http headers
SessionNameInHttpHeader: "Beegosessionid",
EnableSidInUrlQuery: false, // enable get the sessionId from Url Query params
}, },
}, },
Log: LogConfig{ Log: LogConfig{

View File

@ -47,13 +47,16 @@ func registerSession() error {
sessionConfig := AppConfig.String("sessionConfig") sessionConfig := AppConfig.String("sessionConfig")
if sessionConfig == "" { if sessionConfig == "" {
conf := map[string]interface{}{ conf := map[string]interface{}{
"cookieName": BConfig.WebConfig.Session.SessionName, "cookieName": BConfig.WebConfig.Session.SessionName,
"gclifetime": BConfig.WebConfig.Session.SessionGCMaxLifetime, "gclifetime": BConfig.WebConfig.Session.SessionGCMaxLifetime,
"providerConfig": filepath.ToSlash(BConfig.WebConfig.Session.SessionProviderConfig), "providerConfig": filepath.ToSlash(BConfig.WebConfig.Session.SessionProviderConfig),
"secure": BConfig.Listen.EnableHTTPS, "secure": BConfig.Listen.EnableHTTPS,
"enableSetCookie": BConfig.WebConfig.Session.SessionAutoSetCookie, "enableSetCookie": BConfig.WebConfig.Session.SessionAutoSetCookie,
"domain": BConfig.WebConfig.Session.SessionDomain, "domain": BConfig.WebConfig.Session.SessionDomain,
"cookieLifeTime": BConfig.WebConfig.Session.SessionCookieLifeTime, "cookieLifeTime": BConfig.WebConfig.Session.SessionCookieLifeTime,
"enableSidInHttpHeader": BConfig.WebConfig.Session.EnableSidInHttpHeader,
"sessionNameInHttpHeader": BConfig.WebConfig.Session.SessionNameInHttpHeader,
"enableSidInUrlQuery": BConfig.WebConfig.Session.EnableSidInUrlQuery,
} }
confBytes, err := json.Marshal(conf) confBytes, err := json.Marshal(conf)
if err != nil { if err != nil {

View File

@ -31,10 +31,12 @@ import (
"crypto/rand" "crypto/rand"
"encoding/hex" "encoding/hex"
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"io" "io"
"log" "log"
"net/http" "net/http"
"net/textproto"
"net/url" "net/url"
"os" "os"
"time" "time"
@ -81,15 +83,18 @@ func Register(name string, provide Provider) {
} }
type managerConfig struct { type managerConfig struct {
CookieName string `json:"cookieName"` CookieName string `json:"cookieName"`
EnableSetCookie bool `json:"enableSetCookie,omitempty"` EnableSetCookie bool `json:"enableSetCookie,omitempty"`
Gclifetime int64 `json:"gclifetime"` Gclifetime int64 `json:"gclifetime"`
Maxlifetime int64 `json:"maxLifetime"` Maxlifetime int64 `json:"maxLifetime"`
Secure bool `json:"secure"` Secure bool `json:"secure"`
CookieLifeTime int `json:"cookieLifeTime"` CookieLifeTime int `json:"cookieLifeTime"`
ProviderConfig string `json:"providerConfig"` ProviderConfig string `json:"providerConfig"`
Domain string `json:"domain"` Domain string `json:"domain"`
SessionIDLength int64 `json:"sessionIDLength"` SessionIDLength int64 `json:"sessionIDLength"`
EnableSidInHttpHeader bool `json:"enableSidInHttpHeader"`
SessionNameInHttpHeader string `json:"sessionNameInHttpHeader"`
EnableSidInUrlQuery bool `json:"enableSidInUrlQuery"`
} }
// Manager contains Provider and its configuration. // Manager contains Provider and its configuration.
@ -124,6 +129,23 @@ func NewManager(provideName, config string) (*Manager, error) {
if cf.Maxlifetime == 0 { if cf.Maxlifetime == 0 {
cf.Maxlifetime = cf.Gclifetime cf.Maxlifetime = cf.Gclifetime
} }
if cf.EnableSidInHttpHeader {
if cf.SessionNameInHttpHeader == "" {
err = errors.New("SessionNameInHttpHeader is empty")
panic(err)
return nil, err
}
strMimeHeader := textproto.CanonicalMIMEHeaderKey(cf.SessionNameInHttpHeader)
if cf.SessionNameInHttpHeader != strMimeHeader {
strErrMsg := "SessionNameInHttpHeader (" + cf.SessionNameInHttpHeader + ") has the wrong format, it should be like this : " + strMimeHeader
err = errors.New(strErrMsg)
panic(err)
return nil, err
}
}
err = provider.SessionInit(cf.Maxlifetime, cf.ProviderConfig) err = provider.SessionInit(cf.Maxlifetime, cf.ProviderConfig)
if err != nil { if err != nil {
return nil, err return nil, err
@ -149,12 +171,24 @@ func NewManager(provideName, config string) (*Manager, error) {
func (manager *Manager) getSid(r *http.Request) (string, error) { func (manager *Manager) getSid(r *http.Request) (string, error) {
cookie, errs := r.Cookie(manager.config.CookieName) cookie, errs := r.Cookie(manager.config.CookieName)
if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 { if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
errs := r.ParseForm() var sid string
if errs != nil { if manager.config.EnableSidInUrlQuery {
return "", errs errs := r.ParseForm()
if errs != nil {
return "", errs
}
sid = r.FormValue(manager.config.CookieName)
}
// if not found in Cookie / param, then read it from request headers
if manager.config.EnableSidInHttpHeader && sid == "" {
sids, isFound := r.Header[manager.config.SessionNameInHttpHeader]
if isFound && len(sids) != 0 {
return sids[0], nil
}
} }
sid := r.FormValue(manager.config.CookieName)
return sid, nil return sid, nil
} }
@ -198,11 +232,21 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
} }
r.AddCookie(cookie) r.AddCookie(cookie)
if manager.config.EnableSidInHttpHeader {
r.Header.Set(manager.config.SessionNameInHttpHeader, sid)
w.Header().Set(manager.config.SessionNameInHttpHeader, sid)
}
return return
} }
// SessionDestroy Destroy session by its id in http request cookie. // SessionDestroy Destroy session by its id in http request cookie.
func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) { func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
if manager.config.EnableSidInHttpHeader {
r.Header.Del(manager.config.SessionNameInHttpHeader)
w.Header().Del(manager.config.SessionNameInHttpHeader)
}
cookie, err := r.Cookie(manager.config.CookieName) cookie, err := r.Cookie(manager.config.CookieName)
if err != nil || cookie.Value == "" { if err != nil || cookie.Value == "" {
return return
@ -267,6 +311,12 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
http.SetCookie(w, cookie) http.SetCookie(w, cookie)
} }
r.AddCookie(cookie) r.AddCookie(cookie)
if manager.config.EnableSidInHttpHeader {
r.Header.Set(manager.config.SessionNameInHttpHeader, sid)
w.Header().Set(manager.config.SessionNameInHttpHeader, sid)
}
return return
} }