codegirl007
/
sponsorahacker
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16 Commits
1 Branch
0 Tags
701 KiB
 
 
 
Tree: 2d049a25bf
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2d049a25bf'
${ noResults }
sponsorahacker/auth/sessions.go

155 lines
3.6 KiB
Raw Blame History

package auth
import (
"encoding/json"
"fmt"
"github.com/gin-contrib/sessions"
"github.com/gin-gonic/gin"
"github.com/gorilla/securecookie"
"github.com/markbates/goth"
"net/url"
"sponsorahacker/config"
"sponsorahacker/db"
"strconv"
"time"
)
type SessionStore interface {
CreateSession(*gin.Context) error
GetSession(string) (Session, error)
DeleteSession(string) error
}
type SessionManager struct {
DB *db.DBClient
}
type Session struct {
sessionId string
sessionData string
createdOn string
modifiedOn string
expiresOn string
}
var secureCookie *securecookie.SecureCookie
func NewSessionManager(db *db.DBClient) SessionManager {
return SessionManager{DB: db}
}
func (s *SessionManager) CreateSession(user goth.User, c *gin.Context) error {
// create a new row that will store the user data
sessionData, err := json.Marshal(user)
if err != nil {
fmt.Printf("error marshalling user: %v", err)
}
auth := Session{
sessionData: string(sessionData),
createdOn: time.Now().Format("20060102150405"),
modifiedOn: time.Now().Format("20060102150405"),
expiresOn: user.ExpiresAt.Format("20060102150405"),
}
// todo: insert the query once you figure the rest out
result, err := s.DB.Exec(`
INSERT INTO sessions (sessionData, createdOn, modifiedOn, expiresOn)
VALUES (?, ?, ?, ?);`, auth.sessionData, auth.createdOn, auth.modifiedOn, auth.expiresOn)
if result == nil {
fmt.Printf("error getting result from database while creating the session: %v", err)
return err
}
sessionId, err := result.LastInsertId()
if err != nil {
fmt.Printf("error getting session id from database while creating the session: %v", err)
}
hash := []byte(config.GetEnvVar("COOKIE_HASH"))
block := []byte(config.GetEnvVar("COOKIE_BLOCK"))
secureCookie = securecookie.New(hash, block)
cookieValue := map[string]string{
"sessionId": strconv.Itoa(int(sessionId)),
}
encoded, err := secureCookie.Encode("_session", cookieValue)
if err != nil {
fmt.Printf("error encoding cookie value: %v", err)
return err
}
c.SetCookie("_session", encoded, 3600, "/", "localhost", false, true)
return nil
}
func (s *SessionManager) GetSession(session sessions.Session) (Session, error) {
// query for one row
result, err := s.DB.Query(`SELECT sessionData FROM sessions WHERE sessionId=$1 LIMIT 1`, session.ID())
// if err, then return an empty struct
if err != nil {
return Session{}, err
}
// else go through the results and create a Session
for result.Next() {
var s Session
// unless there is an error, of course, then return an empty struct
if err := result.StructScan(&s); err != nil {
return Session{}, err
}
return s, nil
}
// if we get nothing, well, we go nothing
return Session{}, nil
}
func (s *SessionManager) DeleteSession(c *gin.Context) error {
if cookie, err := c.Request.Cookie("_session"); err == nil {
value := make(map[string]string)
cookieValue, _ := url.QueryUnescape(cookie.Value)
hash := []byte(config.GetEnvVar("COOKIE_HASH"))
block := []byte(config.GetEnvVar("COOKIE_BLOCK"))
secureCookie := securecookie.New(hash, block)
err = secureCookie.Decode("_session", cookieValue, &value)
if err != nil {
fmt.Printf("error decoding cookie value: %v", err)
return err
}
sessionId := value["sessionId"]
sessionIdInt, err := strconv.Atoi(sessionId)
if err != nil {
fmt.Printf("error converting sessionId to int: %v", err)
return err
}
_, err = s.DB.Exec(`DELETE FROM sessions WHERE ID = ?`, sessionIdInt)
if err != nil {
return err
}
if err != nil {
return err
}
}
c.SetCookie("_session", "", -1, "/", "localhost", false, true)
return nil
}