mirror of
https://github.com/astaxie/beego.git
synced 2024-11-22 17:30:56 +00:00
Merge pull request #1897 from yuyongsheng/develop
add/get session id into/from http header, check the session name in http header
This commit is contained in:
astaxie
commit
e89f562396
38
config.go
38
config.go
@ -83,14 +83,17 @@ type WebConfig struct {
|
|||||||
|
|
||||||
// SessionConfig holds session related config
|
// SessionConfig holds session related config
|
||||||
type SessionConfig struct {
|
type SessionConfig struct {
|
||||||
SessionOn bool
|
SessionOn bool
|
||||||
SessionProvider string
|
SessionProvider string
|
||||||
SessionName string
|
SessionName string
|
||||||
SessionGCMaxLifetime int64
|
SessionGCMaxLifetime int64
|
||||||
SessionProviderConfig string
|
SessionProviderConfig string
|
||||||
SessionCookieLifeTime int
|
SessionCookieLifeTime int
|
||||||
SessionAutoSetCookie bool
|
SessionAutoSetCookie bool
|
||||||
SessionDomain string
|
SessionDomain string
|
||||||
|
EnableSidInHttpHeader bool // enable store/get the sessionId into/from http headers
|
||||||
|
SessionNameInHttpHeader string
|
||||||
|
EnableSidInUrlQuery bool // enable get the sessionId from Url Query params
|
||||||
}
|
}
|
||||||
|
|
||||||
// LogConfig holds Log related config
|
// LogConfig holds Log related config
|
||||||
@ -183,14 +186,17 @@ func newBConfig() *Config {
|
|||||||
XSRFKey: "beegoxsrf",
|
XSRFKey: "beegoxsrf",
|
||||||
XSRFExpire: 0,
|
XSRFExpire: 0,
|
||||||
Session: SessionConfig{
|
Session: SessionConfig{
|
||||||
SessionOn: false,
|
SessionOn: false,
|
||||||
SessionProvider: "memory",
|
SessionProvider: "memory",
|
||||||
SessionName: "beegosessionID",
|
SessionName: "beegosessionID",
|
||||||
SessionGCMaxLifetime: 3600,
|
SessionGCMaxLifetime: 3600,
|
||||||
SessionProviderConfig: "",
|
SessionProviderConfig: "",
|
||||||
SessionCookieLifeTime: 0, //set cookie default is the browser life
|
SessionCookieLifeTime: 0, //set cookie default is the browser life
|
||||||
SessionAutoSetCookie: true,
|
SessionAutoSetCookie: true,
|
||||||
SessionDomain: "",
|
SessionDomain: "",
|
||||||
|
EnableSidInHttpHeader: false, // enable store/get the sessionId into/from http headers
|
||||||
|
SessionNameInHttpHeader: "Beegosessionid",
|
||||||
|
EnableSidInUrlQuery: false, // enable get the sessionId from Url Query params
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Log: LogConfig{
|
Log: LogConfig{
|
||||||
|
|||||||
17
hooks.go
17
hooks.go
@ -47,13 +47,16 @@ func registerSession() error {
|
|||||||
sessionConfig := AppConfig.String("sessionConfig")
|
sessionConfig := AppConfig.String("sessionConfig")
|
||||||
if sessionConfig == "" {
|
if sessionConfig == "" {
|
||||||
conf := map[string]interface{}{
|
conf := map[string]interface{}{
|
||||||
"cookieName": BConfig.WebConfig.Session.SessionName,
|
"cookieName": BConfig.WebConfig.Session.SessionName,
|
||||||
"gclifetime": BConfig.WebConfig.Session.SessionGCMaxLifetime,
|
"gclifetime": BConfig.WebConfig.Session.SessionGCMaxLifetime,
|
||||||
"providerConfig": filepath.ToSlash(BConfig.WebConfig.Session.SessionProviderConfig),
|
"providerConfig": filepath.ToSlash(BConfig.WebConfig.Session.SessionProviderConfig),
|
||||||
"secure": BConfig.Listen.EnableHTTPS,
|
"secure": BConfig.Listen.EnableHTTPS,
|
||||||
"enableSetCookie": BConfig.WebConfig.Session.SessionAutoSetCookie,
|
"enableSetCookie": BConfig.WebConfig.Session.SessionAutoSetCookie,
|
||||||
"domain": BConfig.WebConfig.Session.SessionDomain,
|
"domain": BConfig.WebConfig.Session.SessionDomain,
|
||||||
"cookieLifeTime": BConfig.WebConfig.Session.SessionCookieLifeTime,
|
"cookieLifeTime": BConfig.WebConfig.Session.SessionCookieLifeTime,
|
||||||
|
"enableSidInHttpHeader": BConfig.WebConfig.Session.EnableSidInHttpHeader,
|
||||||
|
"sessionNameInHttpHeader": BConfig.WebConfig.Session.SessionNameInHttpHeader,
|
||||||
|
"enableSidInUrlQuery": BConfig.WebConfig.Session.EnableSidInUrlQuery,
|
||||||
}
|
}
|
||||||
confBytes, err := json.Marshal(conf)
|
confBytes, err := json.Marshal(conf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@ -31,10 +31,12 @@ import (
|
|||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/textproto"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"time"
|
"time"
|
||||||
@ -81,15 +83,18 @@ func Register(name string, provide Provider) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type managerConfig struct {
|
type managerConfig struct {
|
||||||
CookieName string `json:"cookieName"`
|
CookieName string `json:"cookieName"`
|
||||||
EnableSetCookie bool `json:"enableSetCookie,omitempty"`
|
EnableSetCookie bool `json:"enableSetCookie,omitempty"`
|
||||||
Gclifetime int64 `json:"gclifetime"`
|
Gclifetime int64 `json:"gclifetime"`
|
||||||
Maxlifetime int64 `json:"maxLifetime"`
|
Maxlifetime int64 `json:"maxLifetime"`
|
||||||
Secure bool `json:"secure"`
|
Secure bool `json:"secure"`
|
||||||
CookieLifeTime int `json:"cookieLifeTime"`
|
CookieLifeTime int `json:"cookieLifeTime"`
|
||||||
ProviderConfig string `json:"providerConfig"`
|
ProviderConfig string `json:"providerConfig"`
|
||||||
Domain string `json:"domain"`
|
Domain string `json:"domain"`
|
||||||
SessionIDLength int64 `json:"sessionIDLength"`
|
SessionIDLength int64 `json:"sessionIDLength"`
|
||||||
|
EnableSidInHttpHeader bool `json:"enableSidInHttpHeader"`
|
||||||
|
SessionNameInHttpHeader string `json:"sessionNameInHttpHeader"`
|
||||||
|
EnableSidInUrlQuery bool `json:"enableSidInUrlQuery"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Manager contains Provider and its configuration.
|
// Manager contains Provider and its configuration.
|
||||||
@ -124,6 +129,23 @@ func NewManager(provideName, config string) (*Manager, error) {
|
|||||||
if cf.Maxlifetime == 0 {
|
if cf.Maxlifetime == 0 {
|
||||||
cf.Maxlifetime = cf.Gclifetime
|
cf.Maxlifetime = cf.Gclifetime
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if cf.EnableSidInHttpHeader {
|
||||||
|
if cf.SessionNameInHttpHeader == "" {
|
||||||
|
err = errors.New("SessionNameInHttpHeader is empty")
|
||||||
|
panic(err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
strMimeHeader := textproto.CanonicalMIMEHeaderKey(cf.SessionNameInHttpHeader)
|
||||||
|
if cf.SessionNameInHttpHeader != strMimeHeader {
|
||||||
|
strErrMsg := "SessionNameInHttpHeader (" + cf.SessionNameInHttpHeader + ") has the wrong format, it should be like this : " + strMimeHeader
|
||||||
|
err = errors.New(strErrMsg)
|
||||||
|
panic(err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
err = provider.SessionInit(cf.Maxlifetime, cf.ProviderConfig)
|
err = provider.SessionInit(cf.Maxlifetime, cf.ProviderConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@ -149,12 +171,24 @@ func NewManager(provideName, config string) (*Manager, error) {
|
|||||||
func (manager *Manager) getSid(r *http.Request) (string, error) {
|
func (manager *Manager) getSid(r *http.Request) (string, error) {
|
||||||
cookie, errs := r.Cookie(manager.config.CookieName)
|
cookie, errs := r.Cookie(manager.config.CookieName)
|
||||||
if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
|
if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
|
||||||
errs := r.ParseForm()
|
var sid string
|
||||||
if errs != nil {
|
if manager.config.EnableSidInUrlQuery {
|
||||||
return "", errs
|
errs := r.ParseForm()
|
||||||
|
if errs != nil {
|
||||||
|
return "", errs
|
||||||
|
}
|
||||||
|
|
||||||
|
sid = r.FormValue(manager.config.CookieName)
|
||||||
|
}
|
||||||
|
|
||||||
|
// if not found in Cookie / param, then read it from request headers
|
||||||
|
if manager.config.EnableSidInHttpHeader && sid == "" {
|
||||||
|
sids, isFound := r.Header[manager.config.SessionNameInHttpHeader]
|
||||||
|
if isFound && len(sids) != 0 {
|
||||||
|
return sids[0], nil
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sid := r.FormValue(manager.config.CookieName)
|
|
||||||
return sid, nil
|
return sid, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -198,11 +232,21 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
|
|||||||
}
|
}
|
||||||
r.AddCookie(cookie)
|
r.AddCookie(cookie)
|
||||||
|
|
||||||
|
if manager.config.EnableSidInHttpHeader {
|
||||||
|
r.Header.Set(manager.config.SessionNameInHttpHeader, sid)
|
||||||
|
w.Header().Set(manager.config.SessionNameInHttpHeader, sid)
|
||||||
|
}
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// SessionDestroy Destroy session by its id in http request cookie.
|
// SessionDestroy Destroy session by its id in http request cookie.
|
||||||
func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
|
func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if manager.config.EnableSidInHttpHeader {
|
||||||
|
r.Header.Del(manager.config.SessionNameInHttpHeader)
|
||||||
|
w.Header().Del(manager.config.SessionNameInHttpHeader)
|
||||||
|
}
|
||||||
|
|
||||||
cookie, err := r.Cookie(manager.config.CookieName)
|
cookie, err := r.Cookie(manager.config.CookieName)
|
||||||
if err != nil || cookie.Value == "" {
|
if err != nil || cookie.Value == "" {
|
||||||
return
|
return
|
||||||
@ -267,6 +311,12 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
|
|||||||
http.SetCookie(w, cookie)
|
http.SetCookie(w, cookie)
|
||||||
}
|
}
|
||||||
r.AddCookie(cookie)
|
r.AddCookie(cookie)
|
||||||
|
|
||||||
|
if manager.config.EnableSidInHttpHeader {
|
||||||
|
r.Header.Set(manager.config.SessionNameInHttpHeader, sid)
|
||||||
|
w.Header().Set(manager.config.SessionNameInHttpHeader, sid)
|
||||||
|
}
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user