gawells/Self-Service-Dashboard
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

make the session logic a little more concrete

Browse Source
This commit is contained in:
gawells
2026-04-01 00:09:04 -04:00
parent 737a1908e0
commit 0402a6ff9c
2 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/main.go
View File

@@ -234,7 +234,7 @@ func logoutHandler(w http.ResponseWriter, r *http.Request) {
} }
logging.Infof("handling logout event for %s", sessionData.data.Username) logging.Infof("handling logout event for %s", sessionData.data.Username)
deleteSession(token) deleteSession(hashSession(token))
http.Redirect(w, r, "/login", http.StatusSeeOther) http.Redirect(w, r, "/login", http.StatusSeeOther)
} }

26
src/main/session.go
View File

@@ -19,7 +19,7 @@ type SessionData struct {
} }
var ( var (
sessions = make(map[string]SessionData) sessions = make(map[string]*SessionData)
sessionMutex sync.Mutex sessionMutex sync.Mutex
) )
@@ -46,8 +46,7 @@ func createSession(userData *UserData) *http.Cookie {
return nil return nil
} }
tokenEncoded := sha256.Sum256([]byte(token)) encodedToken := hashSession(token)
tokenEncodedString := string(tokenEncoded[:])
sessionMutex.Lock() sessionMutex.Lock()
defer sessionMutex.Unlock() defer sessionMutex.Unlock()
@@ -55,7 +54,7 @@ func createSession(userData *UserData) *http.Cookie {
if userData != nil { if userData != nil {
loggedIn = true loggedIn = true
} }
sessions[tokenEncodedString] = SessionData{ sessions[encodedToken] = &SessionData{
data: userData, data: userData,
timeCreated: time.Now(), timeCreated: time.Now(),
CSRFToken: CSRFToken, CSRFToken: CSRFToken,
@@ -81,26 +80,25 @@ func validateSession(r *http.Request) (bool, *SessionData) {
return false, &SessionData{} return false, &SessionData{}
} }
token := cookie.Value token := cookie.Value
token = hashSession(token)
tokenEncoded := sha256.Sum256([]byte(token))
tokenEncodedString := string(tokenEncoded[:])
sessionMutex.Lock() sessionMutex.Lock()
sessionData, exists := sessions[tokenEncodedString] sessionData, exists := sessions[token]
sessionMutex.Unlock() sessionMutex.Unlock()
if !exists || !sessionData.loggedIn { if !exists || !sessionData.loggedIn {
return false, &SessionData{} return false, &SessionData{}
} }
logging.Infof("Validated session for %s", sessionData.data.Username) logging.Infof("Validated session for %s", sessionData.data.Username)
return true, &sessionData return true, sessionData
}
func hashSession(session_id string) string {
tokenEncoded := sha256.Sum256([]byte(session_id))
return base64.RawURLEncoding.EncodeToString(tokenEncoded[:])
} }
func deleteSession(session_id string) { func deleteSession(session_id string) {
sessionMutex.Lock() sessionMutex.Lock()
delete(sessions, session_id)
tokenEncoded := sha256.Sum256([]byte(session_id))
tokenEncodedString := string(tokenEncoded[:])
delete(sessions, tokenEncodedString)
sessionMutex.Unlock() sessionMutex.Unlock()
} }