finish session manager update

2026-04-01 14:56:43 -04:00
parent f651894a0f
commit 33ea56fb0c
3 changed files with 51 additions and 157 deletions
--- a/src/main/main.go
+++ b/src/main/main.go
@@ -13,22 +13,27 @@ import (
 	"time"
 	"astraltech.xyz/accountmanager/src/logging"
-	"astraltech.xyz/accountmanager/src/worker"
+	"astraltech.xyz/accountmanager/src/session"
 )
 var (
 	ldapServer      *LDAPServer
 	ldapServerMutex sync.Mutex
 	serverConfig    *ServerConfig
 	sessionManager  *session.SessionManager
 )
 type UserData struct {
 	isAuth      bool
 	Username    string
 	DisplayName string
 	Email       string
 }
 var (
 	userData      = make(map[string]UserData)
 	userDataMutex sync.RWMutex
 )
 var (
 	photoCreatedTimestamp = make(map[string]time.Time)
 	photoCreatedMutex     sync.Mutex
@@ -83,14 +88,13 @@ func authenticateUser(username, password string) (UserData, error) {
 	entry := userSearch.LDAPSearch.Entries[0]
 	user := UserData{
 		isAuth:      true,
 		Username:    username,
 		DisplayName: entry.GetAttributeValue("displayName"),
 		Email:       entry.GetAttributeValue("mail"),
 	}
 	photoData := entry.GetRawAttributeValue("jpegphoto")
 	if len(photoData) > 0 {
-		createUserPhoto(user.Username, photoData)
+		createUserPhoto(username, photoData)
 	}
 	return user, nil
 }
@@ -119,15 +123,19 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
 		password := r.FormValue("password")
 		logging.Infof("New Login request for %s\n", username)
-		userData, err := authenticateUser(username, password)
+		newUserData, err := authenticateUser(username, password)
 		userDataMutex.Lock()
 		userData[username] = newUserData
 		userDataMutex.Unlock()
 		if err != nil {
 			log.Print(err)
 			tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
 		} else {
-			if userData.isAuth == true {
+			if newUserData.isAuth == true {
-				cookie := createSession(&userData)
+				cookie, err := sessionManager.CreateSession(username)
-				if cookie == nil {
+				if err != nil {
-					http.Error(w, "Session error", 500)
+					logging.Error(err.Error())
 					http.Error(w, "Session error", http.StatusInternalServerError)
 					return
 				}
 				http.SetCookie(w, cookie)
@@ -148,20 +156,23 @@ type ProfileData struct {
 func profileHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
-	exist, sessionData := validateSession(r)
+	sessionData, err := sessionManager.GetSession(r)
-	if !exist {
+	if err != nil {
 		logging.Error(err.Error())
 		http.Redirect(w, r, "/login", http.StatusSeeOther)
 		return
 	}
 	if r.Method == http.MethodGet {
 		tmpl := template.Must(template.ParseFiles("src/pages/profile_page.html"))
 		userDataMutex.RLock()
 		tmpl.Execute(w, ProfileData{
-			Username:    sessionData.data.Username,
+			Username:    sessionData.UserID,
-			Email:       sessionData.data.Email,
+			Email:       userData[sessionData.UserID].Email,
-			DisplayName: sessionData.data.DisplayName,
+			DisplayName: userData[sessionData.UserID].DisplayName,
 			CSRFToken:   sessionData.CSRFToken,
 		})
 		userDataMutex.RUnlock()
 		return
 	}
 }
@@ -225,27 +236,29 @@ func logoutHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	token := cookie.Value
-	exist, sessionData := validateSession(r)
+	sessionData, err := sessionManager.GetSession(r)
-	if exist {
+	if err != nil {
 		logging.Error(err.Error())
 	}
 	if r.FormValue("csrf_token") != sessionData.CSRFToken {
 		http.Error(w, "Unable to log user out", http.StatusForbidden)
-			logging.Debugf("%s attempted to logout with invalid csrf token", sessionData.data.Username)
+		logging.Debugf("%s attempted to logout with invalid csrf token", sessionData.UserID)
 		return
 	}
-	}
+	logging.Infof("handling logout event for %s", sessionData.UserID)
 	logging.Infof("handling logout event for %s", sessionData.data.Username)
-	deleteSession(hashSession(token))
+	sessionManager.DeleteSession(token)
 	http.Redirect(w, r, "/login", http.StatusSeeOther)
 }
 func uploadPhotoHandler(w http.ResponseWriter, r *http.Request) {
-	exist, sessionData := validateSession(r)
+	sessionData, err := sessionManager.GetSession(r)
-	if !exist {
+	if err != nil {
 		logging.Error(err.Error())
 		http.Redirect(w, r, "/login", http.StatusSeeOther)
 		return
 	}
-	err := r.ParseMultipartForm(10 << 20) // 10MB limit
+	err = r.ParseMultipartForm(10 << 20) // 10MB limit
 	if err != nil {
 		http.Error(w, "Bad request", http.StatusBadRequest)
 		return
@@ -273,11 +286,11 @@ func uploadPhotoHandler(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "Failed to read file", http.StatusInternalServerError)
 		return
 	}
-	userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", sessionData.data.Username, serverConfig.LDAPConfig.BaseDN)
+	userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", sessionData.UserID, serverConfig.LDAPConfig.BaseDN)
 	ldapServerMutex.Lock()
 	defer ldapServerMutex.Unlock()
 	modifyLDAPAttribute(ldapServer, userDN, "jpegphoto", []string{string(data)})
-	createUserPhoto(sessionData.data.Username, data)
+	createUserPhoto(sessionData.UserID, data)
 }
 func faviconHandler(w http.ResponseWriter, r *http.Request) {
@@ -293,14 +306,15 @@ func logoHandler(w http.ResponseWriter, r *http.Request) {
 func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
-	exist, sessionData := validateSession(r)
+	sessionData, err := sessionManager.GetSession(r)
-	if !exist {
+	if err != nil {
 		logging.Error(err.Error())
 		w.WriteHeader(http.StatusUnauthorized)
 		w.Write([]byte(`{"success": false, "error": "Not authenticated"}`))
 		return
 	}
-	err := r.ParseMultipartForm(10 << 20)
+	err = r.ParseMultipartForm(10 << 20)
 	if err != nil {
 		w.WriteHeader(http.StatusBadRequest)
 		w.Write([]byte(`{"success": false, "error": "Bad request"}`))
@@ -325,7 +339,7 @@ func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
 	userDN := fmt.Sprintf(
 		"uid=%s,cn=users,cn=accounts,%s",
-		sessionData.data.Username,
+		sessionData.UserID,
 		serverConfig.LDAPConfig.BaseDN,
 	)
@@ -349,6 +363,7 @@ func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
 func main() {
 	logging.Info("Starting the server")
 	sessionManager = session.CreateSessionManager(session.InMemory)
 	var err error = nil
 	blankPhotoData, err = ReadFile("static/blank_profile.jpg")
@@ -366,7 +381,6 @@ func main() {
 	ldapServerMutex.Unlock()
 	defer closeLDAPServer(ldapServer)
 	worker.CreateWorker(time.Minute*5, cleanupSessions)
 	HandleFunc("/favicon.ico", faviconHandler)
 	HandleFunc("/logo", logoHandler)
--- a/src/main/session.go
+++ b/src/main/session.go
@@ -1,124 +0,0 @@
 package main
 import (
 	"crypto/rand"
 	"crypto/sha256"
 	"encoding/base64"
 	"net/http"
 	"sync"
 	"time"
 	"astraltech.xyz/accountmanager/src/logging"
 )
 type SessionData struct {
 	loggedIn    bool
 	data        *UserData
 	timeCreated time.Time
 	CSRFToken   string
 }
 var (
 	sessions     = make(map[string]*SessionData)
 	sessionMutex sync.Mutex
 )
 func GenerateSessionToken(length int) (string, error) {
 	b := make([]byte, length)
 	_, err := rand.Read(b)
 	if err != nil {
 		return "", err
 	}
 	token := base64.RawURLEncoding.EncodeToString(b)
 	return token, nil
 }
 func createSession(userData *UserData) *http.Cookie {
 	logging.Debugf("Creating a new session for %s", userData.Username)
 	token, err := GenerateSessionToken(32) // Use crypto/rand for this
 	if err != nil {
 		logging.Error(err.Error())
 		return nil
 	}
 	CSRFToken, err := GenerateSessionToken(32)
 	if err != nil {
 		logging.Error(err.Error())
 		return nil
 	}
 	encodedToken := hashSession(token)
 	sessionMutex.Lock()
 	defer sessionMutex.Unlock()
 	loggedIn := false
 	if userData != nil {
 		loggedIn = true
 	}
 	sessions[encodedToken] = &SessionData{
 		data:        userData,
 		timeCreated: time.Now(),
 		CSRFToken:   CSRFToken,
 		loggedIn:    loggedIn,
 	}
 	cookie := &http.Cookie{
 		Name:     "session_token",
 		Value:    token,
 		Path:     "/",
 		HttpOnly: true, // Essential: prevents JS access
 		Secure:   true, // Set to TRUE in production (HTTPS)
 		SameSite: http.SameSiteLaxMode,
 		MaxAge:   3600, // 1 hour
 	}
 	return cookie
 }
 func validateSession(r *http.Request) (bool, *SessionData) {
 	logging.Debugf("Validating session")
 	cookie, err := r.Cookie("session_token")
 	if err != nil {
 		logging.Error(err.Error())
 		return false, &SessionData{}
 	}
 	token := cookie.Value
 	token = hashSession(token)
 	sessionMutex.Lock()
 	sessionData, exists := sessions[token]
 	sessionMutex.Unlock()
 	if !exists || !sessionData.loggedIn {
 		return false, &SessionData{}
 	}
 	logging.Infof("Validated session for %s", sessionData.data.Username)
 	return true, sessionData
 }
 func hashSession(session_id string) string {
 	tokenEncoded := sha256.Sum256([]byte(session_id))
 	return base64.RawURLEncoding.EncodeToString(tokenEncoded[:])
 }
 func cleanupSessions() {
 	logging.Debug("Cleaning up stale session\n")
 	sessionMutex.Lock()
 	sessions_to_delete := []string{}
 	for session_token, session_data := range sessions {
 		timeUntilRemoval := time.Minute * 5
 		if session_data.loggedIn {
 			timeUntilRemoval = time.Hour
 		}
 		if time.Since(session_data.timeCreated) > timeUntilRemoval {
 			sessions_to_delete = append(sessions_to_delete, session_token)
 		}
 	}
 	sessionMutex.Unlock()
 	for _, session_id := range sessions_to_delete {
 		deleteSession(session_id)
 	}
 }
 func deleteSession(session_id string) {
 	sessionMutex.Lock()
 	delete(sessions, session_id)
 	sessionMutex.Unlock()
 }
--- a/src/session/session_manager.go
+++ b/src/session/session_manager.go
@@ -79,3 +79,7 @@ func (manager *SessionManager) GetSession(r *http.Request) (*SessionData, error)
 	}
 	return data, nil
 }
 func (manager *SessionManager) DeleteSession(sessionId string) error {
 	return manager.store.Delete(sessionId)
 }