have user data persist between restarts in redis session

data/config.example.json

@@ -13,7 +13,12 @@
   },
   "server_config": {
     "port": 8080,
-    "base_url": "https://profile.example.com"
+    "base_url": "https://profile.example.com",
+    "session_store": "redis",
+    "redis_config": {
+      "redis_url": "redis://localhost:6379/0",
+      "prefix": ""
+    }
   },
   "email_config": {
     "username": "noreply",

go.mod

@@ -6,7 +6,10 @@ require github.com/go-ldap/ldap/v3 v3.4.13
 
 require (
 	github.com/Azure/go-ntlmssp v0.1.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/google/uuid v1.6.0 // indirect
+	github.com/redis/go-redis/v9 v9.20.0 // indirect
+	go.uber.org/atomic v1.11.0 // indirect
 	golang.org/x/crypto v0.48.0 // indirect
 )

go.sum

@@ -2,6 +2,8 @@ github.com/Azure/go-ntlmssp v0.1.0 h1:DjFo6YtWzNqNvQdrwEyr/e4nhU3vRiwenz5QX7sFz+
 github.com/Azure/go-ntlmssp v0.1.0/go.mod h1:NYqdhxd/8aAct/s4qSYZEerdPuH1liG2/X9DiVTbhpk=
 github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e h1:4dAU9FXIyQktpoUAgOJK3OTFc/xug0PCXYCqU0FgDKI=
 github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
@@ -30,8 +32,12 @@ github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZ
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/redis/go-redis/v9 v9.20.0 h1:WnQYxLkgO2xiXTCJY0ldIiI8dNqCDlQAG+AtaH7a2a0=
+github.com/redis/go-redis/v9 v9.20.0/go.mod h1:v/M13XI1PVCDcm01VtPFOADfZtHf8YW3baQf57KlIkA=
 github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
 golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
 golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=

src/main/config.go

@@ -21,9 +21,16 @@ type StyleConfig struct {
 	LogoPath    string `json:"logo_path"`
 }
 
+type RedisConfig struct {
+	RedisURL string `json:"redis_url"`
+	Prefix   string `json:"prefix"`
+}
+
 type WebserverConfig struct {
-	Port    int    `json:"port"`
+	Port            int         `json:"port"`
-	BaseURL string `json:"base_url"`
+	BaseURL         string      `json:"base_url"`
+	SessionStore    string      `json:"session_store"`
+	RedisConfigInfo RedisConfig `json:"redis_config"`
 }
 
 type EmailConfig struct {

src/main/login.go

@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	"astraltech.xyz/accountmanager/src/logging"
+	"astraltech.xyz/accountmanager/src/store"
 )
 
 type LoginPageData struct {
@@ -32,9 +33,15 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
 
 		logging.Infof("New Login request for %s\n", username)
 		newUserData, err := authenticateUser(username, password)
-		userDataMutex.Lock()
+
-		userData[username] = newUserData
+		userDataErr := userData.Create(username, newUserData)
-		userDataMutex.Unlock()
+		if userDataErr == store.ErrKeyAlreadyExists {
+			userData.Update(username, newUserData)
+		} else if userDataErr != nil {
+			logging.Error(userDataErr.Error())
+			return
+		}
+
 		if err == ErrPasswordExpired {
 			http.Redirect(w, r, "/reset-password?token=this_is_the_only_token_that_works", http.StatusFound)
 		} else if err != nil {

src/main/main.go

@@ -7,7 +7,6 @@ import (
 	"log"
 	"net/http"
 	"strings"
-	"sync"
 
 	"astraltech.xyz/accountmanager/src/components"
 	"astraltech.xyz/accountmanager/src/email"
@@ -15,6 +14,7 @@ import (
 	"astraltech.xyz/accountmanager/src/ldap"
 	"astraltech.xyz/accountmanager/src/logging"
 	"astraltech.xyz/accountmanager/src/session"
+	"astraltech.xyz/accountmanager/src/store"
 )
 
 var (
@@ -31,8 +31,7 @@ type UserData struct {
 }
 
 var (
-	userData      = make(map[string]*UserData)
+	userData store.KeyValueStore[*UserData]
-	userDataMutex sync.RWMutex
 )
 
 var ErrPasswordExpired = errors.New("Password expired")
@@ -94,16 +93,22 @@ func profileHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	data, err := userData.Get(sessionData.UserID)
+	if err != nil {
+		logging.Error(err.Error())
+		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		return
+	}
+
 	if r.Method == http.MethodGet {
 		tmpl := template.Must(template.ParseFiles("src/pages/profile_page.html"))
-		userDataMutex.RLock()
+
 		tmpl.Execute(w, ProfileData{
 			Username:    sessionData.UserID,
-			Email:       userData[sessionData.UserID].Email,
+			Email:       data.Email,
-			DisplayName: userData[sessionData.UserID].DisplayName,
+			DisplayName: data.DisplayName,
 			CSRFToken:   sessionData.CSRFToken,
 		})
-		userDataMutex.RUnlock()
 		return
 	}
 }
@@ -198,8 +203,10 @@ func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 	w.Write([]byte(`{"success": true}`))
 
+	user_data, err := userData.Get(sessionData.UserID)
+
 	data := map[string]any{
-		"Username":    userData[sessionData.UserID].DisplayName,
+		"Username":    user_data.DisplayName,
 		"ServiceName": "Astral Tech",
 	}
 
@@ -207,13 +214,11 @@ func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		logging.Errorf("Failed to load email template: %s", err.Error())
 	}
-	noReplyEmail.SendEmail([]string{userData[sessionData.UserID].Email}, "Password expired", email_template)
+	noReplyEmail.SendEmail([]string{user_data.Email}, "Password expired", email_template)
 }
 
 func main() {
 	logging.Info("Starting the server")
-	sessionManager = session.GetSessionManager()
-	sessionManager.SetStoreType(session.InMemory)
 
 	var err error
 	serverConfig, err = loadServerConfig("./data/config.json")
@@ -221,6 +226,19 @@ func main() {
 		log.Fatal("Could not load server config")
 	}
 
+	sessionManager = session.GetSessionManager()
+	if serverConfig.WebserverConfig.SessionStore == "in_memory" {
+		sessionManager.SetStoreType(session.InMemory)
+		userData = store.NewMemoryStore[*UserData]()
+	} else if serverConfig.WebserverConfig.SessionStore == "redis" {
+		sessionManager.SetStoreType(session.Redis, serverConfig.WebserverConfig.RedisConfigInfo.RedisURL, serverConfig.WebserverConfig.RedisConfigInfo.Prefix)
+		userData = store.NewRedisStore[*UserData](serverConfig.WebserverConfig.RedisConfigInfo.RedisURL, serverConfig.WebserverConfig.RedisConfigInfo.Prefix)
+	} else {
+		logging.Warnf("'%s' is an unknown session store type defaulting to in memory", serverConfig.WebserverConfig.SessionStore)
+		sessionManager.SetStoreType(session.InMemory)
+		userData = store.NewMemoryStore[*UserData]()
+	}
+
 	noReplyEmail = email.CreateEmailAccount(email.EmailAccountData{
 		Username: serverConfig.EmailConfig.Username,
 		Password: serverConfig.EmailConfig.Password,

src/session/session_errors.go

@@ -1,7 +0,0 @@
-package session
-
-import "errors"
-
-var ErrSessionNotFound = errors.New("session not found")
-var ErrSessionAlreadyExists = errors.New("session already exists")
-var ErrSessionExpired = errors.New("session expired")

src/session/session_helpers.go

@@ -2,7 +2,6 @@ package session
 
 import (
 	"crypto/rand"
-	"crypto/sha256"
 	"encoding/base64"
 )
 
@@ -16,9 +15,3 @@ func GenerateSessionToken(length int) (string, error) {
 	token := base64.RawURLEncoding.EncodeToString(b)
 	return token, nil
 }
-
-// more helper
-func hashSession(session_id string) string {
-	tokenEncoded := sha256.Sum256([]byte(session_id))
-	return base64.RawURLEncoding.EncodeToString(tokenEncoded[:])
-}

src/session/session_in_memory.go

@@ -1,94 +0,0 @@
-package session
-
-import (
-	"sync"
-	"time"
-
-	"astraltech.xyz/accountmanager/src/logging"
-	"astraltech.xyz/accountmanager/src/worker"
-)
-
-type MemoryStore struct {
-	sessions map[string]*SessionData
-	lock     sync.RWMutex
-}
-
-func NewMemoryStore() *MemoryStore {
-	logging.Debug("Creating new in memory session store")
-	store := &MemoryStore{
-		sessions: make(map[string]*SessionData),
-	}
-	worker.CreateWorker(time.Minute*5, store.cleanup)
-	return store
-}
-
-func (m *MemoryStore) Create(sessionID string, session *SessionData) (err error) {
-	hashedSession := hashSession(sessionID)
-
-	m.lock.Lock()
-	defer m.lock.Unlock()
-	_, exist := m.sessions[hashedSession]
-	if exist {
-		return ErrSessionAlreadyExists
-	}
-
-	m.sessions[hashedSession] = session
-	return nil
-}
-func (m *MemoryStore) Get(sessionID string) (*SessionData, error) {
-	m.lock.RLock()
-	hashed := hashSession(sessionID)
-	data, exists := m.sessions[hashed]
-	m.lock.RUnlock()
-	if exists == false {
-		return nil, ErrSessionNotFound
-	}
-	if time.Now().After(data.ExpiresAt) {
-		_ = m.Delete(sessionID) // ignore error
-		return nil, ErrSessionExpired
-	}
-	copy := *data
-	return &copy, nil
-}
-func (m *MemoryStore) Update(sessionID string, session *SessionData) error {
-	hashedSession := hashSession(sessionID)
-
-	m.lock.Lock()
-	defer m.lock.Unlock()
-	_, exist := m.sessions[hashedSession]
-	if !exist {
-		return ErrSessionNotFound
-	}
-	m.sessions[hashedSession] = session
-	return nil
-}
-
-func (m *MemoryStore) cleanup() {
-	logging.Debug("Cleaning up memory store sessions")
-	now := time.Now()
-
-	m.lock.Lock()
-	defer m.lock.Unlock()
-
-	deleted := 0
-	for id, session := range m.sessions {
-		if now.After(session.ExpiresAt) {
-			delete(m.sessions, id)
-			deleted = deleted + 1
-		}
-	}
-	logging.Infof("Cleaned up %d stale sessions", deleted)
-}
-
-func (m *MemoryStore) Delete(sessionID string) error {
-	hashedSession := hashSession(sessionID)
-
-	m.lock.Lock()
-	defer m.lock.Unlock()
-	_, exist := m.sessions[hashedSession]
-	if !exist {
-		return ErrSessionNotFound
-	}
-	delete(m.sessions, hashedSession)
-	return nil
-}

src/session/session_manager.go

@@ -6,12 +6,14 @@ import (
 	"time"
 
 	"astraltech.xyz/accountmanager/src/logging"
+	"astraltech.xyz/accountmanager/src/store"
+	"astraltech.xyz/accountmanager/src/worker"
 )
 
 const SessionCookieName = "session_token"
 
 type SessionManager struct {
-	store SessionStore
+	store store.KeyValueStore[*SessionData]
 }
 
 var instance *SessionManager
@@ -21,6 +23,7 @@ type StoreType int
 
 const (
 	InMemory StoreType = iota
+	Redis
 )
 
 func GetSessionManager() *SessionManager {
@@ -30,12 +33,23 @@ func GetSessionManager() *SessionManager {
 	return instance
 }
 
-func (manager *SessionManager) SetStoreType(storeType StoreType) {
+func (manager *SessionManager) SetStoreType(storeType StoreType, params ...any) {
 	logging.Infof("Changing session manager store type")
 	switch storeType {
 	case InMemory:
 		{
-			manager.store = NewMemoryStore()
+			manager.store = store.NewMemoryStore[*SessionData]()
+			worker.CreateWorker(time.Minute*5, func() {
+				inMemStore, _ := manager.store.(*store.MemoryStore[*SessionData])
+				cleanupInMemoryStore(inMemStore)
+			})
+			break
+		}
+	case Redis:
+		{
+			url, _ := params[0].(string)
+			prefix, _ := params[1].(string)
+			manager.store = store.NewRedisStore[*SessionData](url, prefix)
 			break
 		}
 	}
@@ -65,10 +79,10 @@ func (manager *SessionManager) CreateSession(userID string) (cookie *http.Cookie
 		Name:     SessionCookieName,
 		Value:    token,
 		Path:     "/",
-		HttpOnly: true, // Essential: prevents JS access
+		HttpOnly: true,
-		Secure:   true, // Set to TRUE in production (HTTPS)
+		Secure:   true,
 		SameSite: http.SameSiteLaxMode,
-		MaxAge:   3600, // 1 hour
+		MaxAge:   3600,
 	}
 	return newCookie, nil
 }
@@ -87,9 +101,32 @@ func (manager *SessionManager) GetSession(r *http.Request) (*SessionData, error)
 	if err != nil {
 		return nil, ErrSessionNotFound
 	}
+
+	if time.Now().After(data.ExpiresAt) {
+		_ = manager.store.Delete(token)
+		return nil, ErrSessionExpired
+	}
+
 	return data, nil
 }
 
+func cleanupInMemoryStore(m *store.MemoryStore[*SessionData]) {
+	logging.Debug("Cleaning up memory store sessions")
+	now := time.Now()
+
+	m.Lock.Lock()
+	defer m.Lock.Unlock()
+
+	deleted := 0
+	for id, session := range m.Sessions {
+		if now.After(session.ExpiresAt) {
+			delete(m.Sessions, id)
+			deleted = deleted + 1
+		}
+	}
+	logging.Infof("Cleaned up %d stale sessions", deleted)
+}
+
 func (manager *SessionManager) DeleteSession(sessionId string) error {
 	return manager.store.Delete(sessionId)
 }

src/session/session_store.go

@@ -1,16 +1,17 @@
 package session
 
-import "time"
+import (
+	"errors"
+	"time"
+)
+
+var ErrSessionNotFound = errors.New("Session not found")
+var ErrSessionAlreadyExists = errors.New("Session already exists")
+var ErrSessionExpired = errors.New("Session expired")
+var ErrSessionBackend = errors.New("Session backend")
 
 type SessionData struct {
-	UserID    string
+	UserID    string    `json:"userid"`
-	CSRFToken string
+	CSRFToken string    `json:"csrftoken"`
-	ExpiresAt time.Time
+	ExpiresAt time.Time `json:"expiresat"`
-}
-
-type SessionStore interface {
-	Create(sessionID string, session *SessionData) error
-	Get(sessionID string) (*SessionData, error)
-	Update(sessionID string, session *SessionData) error
-	Delete(sessionID string) error
 }

src/store/store.go

@@ -0,0 +1,10 @@
+package store
+
+// A simple key value store that can either just be single instance in memory or a redis server (for now)
+
+type KeyValueStore[Value any] interface {
+	Create(key string, value Value) error
+	Get(key string) (Value, error)
+	Update(key string, session Value) error
+	Delete(key string) error
+}

src/store/store_errros.go

@@ -0,0 +1,8 @@
+package store
+
+import "errors"
+
+var ErrKeyNotFound = errors.New("Key not found")
+var ErrKeyAlreadyExists = errors.New("Key already exists")
+var ErrKeyExpired = errors.New("Key expired")
+var ErrKeyBackend = errors.New("Key backend")

src/store/store_helpers.go

@@ -0,0 +1,11 @@
+package store
+
+import (
+	"crypto/sha256"
+	"encoding/base64"
+)
+
+func HashKey(key string) string {
+	tokenEncoded := sha256.Sum256([]byte(key))
+	return base64.RawURLEncoding.EncodeToString(tokenEncoded[:])
+}

src/store/store_in_memory.go

@@ -0,0 +1,73 @@
+package store
+
+import (
+	"sync"
+
+	"astraltech.xyz/accountmanager/src/logging"
+)
+
+type MemoryStore[Value any] struct {
+	Sessions map[string]Value
+	Lock     sync.RWMutex
+}
+
+func NewMemoryStore[Value any]() *MemoryStore[Value] {
+	logging.Debug("Creating new in memory session store")
+	store := &MemoryStore[Value]{
+		Sessions: make(map[string]Value),
+	}
+	return store
+}
+
+func (m *MemoryStore[Value]) Create(key string, session Value) (err error) {
+	hashedkey := HashKey(key)
+
+	m.Lock.Lock()
+	defer m.Lock.Unlock()
+	_, exist := m.Sessions[hashedkey]
+	if exist {
+		return ErrKeyAlreadyExists
+	}
+
+	m.Sessions[hashedkey] = session
+	return nil
+}
+
+func (m *MemoryStore[Value]) Get(key string) (Value, error) {
+	var data Value
+
+	m.Lock.RLock()
+	hashedkey := HashKey(key)
+	data, exists := m.Sessions[hashedkey]
+	m.Lock.RUnlock()
+	if exists == false {
+		return data, ErrKeyNotFound
+	}
+	return data, nil
+}
+
+func (m *MemoryStore[Value]) Update(sessionID string, session Value) error {
+	hashedkey := HashKey(sessionID)
+
+	m.Lock.Lock()
+	defer m.Lock.Unlock()
+	_, exist := m.Sessions[hashedkey]
+	if !exist {
+		return ErrKeyNotFound
+	}
+	m.Sessions[hashedkey] = session
+	return nil
+}
+
+func (m *MemoryStore[Value]) Delete(sessionID string) error {
+	hashedkey := HashKey(sessionID)
+
+	m.Lock.Lock()
+	defer m.Lock.Unlock()
+	_, exist := m.Sessions[hashedkey]
+	if !exist {
+		return ErrKeyNotFound
+	}
+	delete(m.Sessions, hashedkey)
+	return nil
+}

src/store/store_redis.go

@@ -0,0 +1,114 @@
+package store
+
+import (
+	"context"
+	"encoding/json"
+	"time"
+
+	"astraltech.xyz/accountmanager/src/logging"
+	"github.com/redis/go-redis/v9"
+)
+
+type RedisStore[Value any] struct {
+	client *redis.Client
+	ctx    context.Context
+	prefix string
+}
+
+func (m *RedisStore[Value]) RedisHash(value_to_hash string) string {
+	return m.prefix + HashKey(value_to_hash)
+}
+
+func NewRedisStore[Value any](redis_server string, prefix string) *RedisStore[Value] {
+	logging.Debug("Creating new redis session store")
+
+	opts, err := redis.ParseURL(redis_server)
+	if err != nil {
+		logging.Errorf("Failed to parse redis url %s", err.Error())
+	}
+
+	rdb := redis.NewClient(opts)
+
+	ctx := context.Background()
+	if err := rdb.Ping(ctx).Err(); err != nil {
+		logging.Errorf("Failed to connect to redis server %s", redis_server)
+	} else {
+		logging.Infof("Successfully connected to redis server %s", redis_server)
+	}
+
+	store := &RedisStore[Value]{
+		client: rdb,
+		ctx:    ctx,
+		prefix: prefix,
+	}
+	return store
+}
+
+func (m *RedisStore[Value]) Create(key string, value Value) (err error) {
+	hashedSession := m.RedisHash(key)
+
+	data, err := json.Marshal(value)
+	if err != nil {
+		return ErrKeyBackend
+	}
+
+	created, err := m.client.SetNX(m.ctx, hashedSession, data, time.Hour).Result()
+	if err != nil {
+		logging.Error(err.Error())
+		return ErrKeyBackend
+	}
+
+	if !created {
+		return ErrKeyAlreadyExists
+	}
+	return nil
+}
+func (m *RedisStore[Value]) Get(sessionID string) (Value, error) {
+	hashed := m.RedisHash(sessionID)
+	var session_data Value
+
+	data, err := m.client.Get(m.ctx, hashed).Bytes()
+	if err == redis.Nil {
+		return session_data, ErrKeyNotFound
+	} else if err != nil {
+		logging.Error(err.Error())
+		return session_data, ErrKeyBackend
+	}
+
+	if err := json.Unmarshal(data, &session_data); err != nil {
+		logging.Error(err.Error())
+		return session_data, ErrKeyBackend
+	}
+
+	return session_data, nil
+}
+
+func (m *RedisStore[Value]) Update(key string, value Value) error {
+	hashedSession := m.RedisHash(key)
+
+	data, err := json.Marshal(value)
+	if err != nil {
+		return ErrKeyBackend
+	}
+
+	updated, err := m.client.SetXX(m.ctx, hashedSession, data, time.Hour).Result()
+	if err != nil {
+		logging.Error(err.Error())
+		return ErrKeyBackend
+	}
+
+	if !updated {
+		return ErrKeyNotFound
+	}
+	return nil
+}
+
+func (m *RedisStore[Value]) Delete(sessionID string) error {
+	hashedSession := m.RedisHash(sessionID)
+	err := m.client.Del(m.ctx, hashedSession).Err()
+	if err != nil {
+		logging.Error(err.Error())
+		return ErrKeyBackend
+	}
+	return nil
+}