2017-02-15 19:06:19 +01:00
package sessions
import (
"net/http"
"time"
2017-07-10 17:32:42 +02:00
"github.com/kataras/iris/context"
2017-02-15 19:06:19 +01:00
)
2017-07-10 17:32:42 +02:00
// A Sessions manager should be responsible to Start a sesion, based
// on a Context, which should return
// a compatible Session interface, type. If the external session manager
// doesn't qualifies, then the user should code the rest of the functions with empty implementation.
//
// Sessions should be responsible to Destroy a session based
// on the Context.
type Sessions struct {
config Config
provider * provider
}
2017-02-15 19:06:19 +01:00
// New returns a new fast, feature-rich sessions manager
2017-07-10 17:32:42 +02:00
// it can be adapted to an iris station
func New ( cfg Config ) * Sessions {
return & Sessions {
2017-02-15 19:06:19 +01:00
config : cfg . Validate ( ) ,
provider : newProvider ( ) ,
}
}
// UseDatabase adds a session database to the manager's provider,
// a session db doesn't have write access
2017-07-10 17:32:42 +02:00
func ( s * Sessions ) UseDatabase ( db Database ) {
2017-02-15 19:06:19 +01:00
s . provider . RegisterDatabase ( db )
}
2017-07-31 20:49:30 +02:00
// updateCookie gains the ability of updating the session browser cookie to any method which wants to update it
2019-02-16 20:03:48 +01:00
func ( s * Sessions ) updateCookie ( ctx context . Context , sid string , expires time . Duration , options ... context . CookieOption ) {
2017-07-31 20:49:30 +02:00
cookie := & http . Cookie { }
2017-02-15 19:06:19 +01:00
2017-07-31 20:49:30 +02:00
// The RFC makes no mention of encoding url value, so here I think to encode both sessionid key and the value using the safe(to put and to use as cookie) url-encoding
cookie . Name = s . config . Cookie
2017-03-18 11:22:20 +01:00
2017-07-31 20:49:30 +02:00
cookie . Value = sid
cookie . Path = "/"
2018-04-22 13:00:08 +02:00
cookie . Domain = formatCookieDomain ( ctx , s . config . DisableSubdomainPersistence )
2017-07-31 20:49:30 +02:00
cookie . HttpOnly = true
2019-08-16 11:41:20 +02:00
if ! s . config . DisableSubdomainPersistence {
cookie . SameSite = http . SameSiteLaxMode // allow subdomain sharing.
}
2017-07-31 20:49:30 +02:00
// MaxAge=0 means no 'Max-Age' attribute specified.
// MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
// MaxAge>0 means Max-Age attribute present and given in seconds
if expires >= 0 {
if expires == 0 { // unlimited life
cookie . Expires = CookieExpireUnlimited
} else { // > 0
cookie . Expires = time . Now ( ) . Add ( expires )
2017-02-15 19:06:19 +01:00
}
2017-07-31 20:49:30 +02:00
cookie . MaxAge = int ( cookie . Expires . Sub ( time . Now ( ) ) . Seconds ( ) )
}
2017-02-15 19:06:19 +01:00
2017-07-31 20:49:30 +02:00
// set the cookie to secure if this is a tls wrapped request
// and the configuration allows it.
if ctx . Request ( ) . TLS != nil && s . config . CookieSecureTLS {
cookie . Secure = true
}
Publish the new version :airplane: | Look description please!
# FAQ
### Looking for free support?
http://support.iris-go.com
https://kataras.rocket.chat/channel/iris
### Looking for previous versions?
https://github.com/kataras/iris#version
### Should I upgrade my Iris?
Developers are not forced to upgrade if they don't really need it. Upgrade whenever you feel ready.
> Iris uses the [vendor directory](https://docs.google.com/document/d/1Bz5-UB7g2uPBdOx-rw5t9MxJwkfpx90cqG9AFL0JAYo) feature, so you get truly reproducible builds, as this method guards against upstream renames and deletes.
**How to upgrade**: Open your command-line and execute this command: `go get -u github.com/kataras/iris`.
For further installation support, please click [here](http://support.iris-go.com/d/16-how-to-install-iris-web-framework).
### About our new home page
http://iris-go.com
Thanks to [Santosh Anand](https://github.com/santoshanand) the http://iris-go.com has been upgraded and it's really awesome!
[Santosh](https://github.com/santoshanand) is a freelancer, he has a great knowledge of nodejs and express js, Android, iOS, React Native, Vue.js etc, if you need a developer to find or create a solution for your problem or task, please contact with him.
The amount of the next two or three donations you'll send they will be immediately transferred to his own account balance, so be generous please!
Read more at https://github.com/kataras/iris/blob/master/HISTORY.md
Former-commit-id: eec2d71bbe011d6b48d2526eb25919e36e5ad94e
2017-06-03 22:22:52 +02:00
2017-07-31 20:49:30 +02:00
// encode the session id cookie client value right before send it.
cookie . Value = s . encodeCookieValue ( cookie . Value )
2019-02-16 20:03:48 +01:00
for _ , opt := range options {
opt ( cookie )
}
2017-12-15 14:46:18 +01:00
AddCookie ( ctx , cookie , s . config . AllowReclaim )
2017-07-31 20:49:30 +02:00
}
2019-02-16 20:03:48 +01:00
// Start creates or retrieves an existing session for the particular request.
func ( s * Sessions ) Start ( ctx context . Context , cookieOptions ... context . CookieOption ) * Session {
2017-08-02 08:40:54 +02:00
cookieValue := s . decodeCookieValue ( GetCookie ( ctx , s . config . Cookie ) )
2017-07-31 20:49:30 +02:00
2019-07-24 18:51:42 +02:00
if cookieValue == "" { // cookie doesn't exist, let's generate a session and set a cookie.
2019-07-23 16:47:28 +02:00
sid := s . config . SessionIDGenerator ( ctx )
2017-07-31 20:49:30 +02:00
sess := s . provider . Init ( sid , s . config . Expires )
2018-04-22 12:52:36 +02:00
sess . isNew = s . provider . db . Len ( sid ) == 0
2017-08-01 10:00:30 +02:00
2019-02-16 20:03:48 +01:00
s . updateCookie ( ctx , sid , s . config . Expires , cookieOptions ... )
2017-03-18 11:22:20 +01:00
2017-07-10 17:32:42 +02:00
return sess
2017-02-15 19:06:19 +01:00
}
2017-07-10 17:32:42 +02:00
2019-07-24 18:51:42 +02:00
return s . provider . Read ( cookieValue , s . config . Expires )
}
const contextSessionKey = "_iris_session"
// Handler returns a sessions middleware to register on application routes.
func ( s * Sessions ) Handler ( cookieOptions ... context . CookieOption ) context . Handler {
return func ( ctx context . Context ) {
session := s . Start ( ctx , cookieOptions ... )
ctx . Values ( ) . Set ( contextSessionKey , session )
ctx . Next ( )
}
}
// Get returns a *Session from the same request life cycle,
// can be used inside a chain of handlers of a route.
//
// The `Sessions.Start` should be called previously,
// e.g. register the `Sessions.Handler` as middleware.
// Then call `Get` package-level function as many times as you want.
// The `Sessions.Start` can be called more than one time in the same request life cycle as well.
func Get ( ctx context . Context ) * Session {
if v := ctx . Values ( ) . Get ( contextSessionKey ) ; v != nil {
if sess , ok := v . ( * Session ) ; ok {
return sess
}
}
2017-07-10 17:32:42 +02:00
2019-07-24 18:51:42 +02:00
return nil
2017-02-15 19:06:19 +01:00
}
2019-02-16 20:03:48 +01:00
// StartWithPath same as `Start` but it explicitly accepts the cookie path option.
func ( s * Sessions ) StartWithPath ( ctx context . Context , path string ) * Session {
return s . Start ( ctx , context . CookiePath ( path ) )
}
2017-08-14 15:21:51 +02:00
// ShiftExpiration move the expire date of a session to a new date
2017-08-07 05:04:35 +02:00
// by using session default timeout configuration.
2018-08-14 15:29:04 +02:00
// It will return `ErrNotImplemented` if a database is used and it does not support this feature, yet.
2019-02-16 20:03:48 +01:00
func ( s * Sessions ) ShiftExpiration ( ctx context . Context , cookieOptions ... context . CookieOption ) error {
return s . UpdateExpiration ( ctx , s . config . Expires , cookieOptions ... )
2017-07-31 20:49:30 +02:00
}
2017-08-14 15:21:51 +02:00
// UpdateExpiration change expire date of a session to a new date
2017-08-07 05:04:35 +02:00
// by using timeout value passed by `expires` receiver.
2018-08-14 15:29:04 +02:00
// It will return `ErrNotFound` when trying to update expiration on a non-existence or not valid session entry.
// It will return `ErrNotImplemented` if a database is used and it does not support this feature, yet.
2019-02-16 20:03:48 +01:00
func ( s * Sessions ) UpdateExpiration ( ctx context . Context , expires time . Duration , cookieOptions ... context . CookieOption ) error {
2017-08-02 08:40:54 +02:00
cookieValue := s . decodeCookieValue ( GetCookie ( ctx , s . config . Cookie ) )
2018-08-14 15:29:04 +02:00
if cookieValue == "" {
return ErrNotFound
}
2017-08-01 07:34:18 +02:00
2018-08-14 15:29:04 +02:00
// we should also allow it to expire when the browser closed
err := s . provider . UpdateExpiration ( cookieValue , expires )
if err == nil || expires == - 1 {
2019-02-16 20:03:48 +01:00
s . updateCookie ( ctx , cookieValue , expires , cookieOptions ... )
2017-07-31 20:49:30 +02:00
}
2018-08-14 15:29:04 +02:00
return err
2017-07-31 20:49:30 +02:00
}
2018-04-22 13:13:40 +02:00
// DestroyListener is the form of a destroy listener.
// Look `OnDestroy` for more.
type DestroyListener func ( sid string )
// OnDestroy registers one or more destroy listeners.
// A destroy listener is fired when a session has been removed entirely from the server (the entry) and client-side (the cookie).
// Note that if a destroy listener is blocking, then the session manager will delay respectfully,
// use a goroutine inside the listener to avoid that behavior.
func ( s * Sessions ) OnDestroy ( listeners ... DestroyListener ) {
for _ , ln := range listeners {
s . provider . registerDestroyListener ( ln )
}
}
2017-03-18 22:43:04 +01:00
// Destroy remove the session data and remove the associated cookie.
2017-07-10 17:32:42 +02:00
func ( s * Sessions ) Destroy ( ctx context . Context ) {
cookieValue := GetCookie ( ctx , s . config . Cookie )
2017-03-18 22:43:04 +01:00
// decode the client's cookie value in order to find the server's session id
// to destroy the session data.
cookieValue = s . decodeCookieValue ( cookieValue )
2017-02-15 19:06:19 +01:00
if cookieValue == "" { // nothing to destroy
return
}
2018-04-04 09:25:00 +02:00
RemoveCookie ( ctx , s . config )
2017-03-18 11:22:20 +01:00
2017-02-15 19:06:19 +01:00
s . provider . Destroy ( cookieValue )
}
// DestroyByID removes the session entry
// from the server-side memory (and database if registered).
// Client's session cookie will still exist but it will be reseted on the next request.
//
// It's safe to use it even if you are not sure if a session with that id exists.
2017-03-18 22:43:04 +01:00
//
// Note: the sid should be the original one (i.e: fetched by a store )
// it's not decoded.
2017-07-10 17:32:42 +02:00
func ( s * Sessions ) DestroyByID ( sid string ) {
2017-02-15 19:06:19 +01:00
s . provider . Destroy ( sid )
}
// DestroyAll removes all sessions
// from the server-side memory (and database if registered).
// Client's session cookie will still exist but it will be reseted on the next request.
2017-07-10 17:32:42 +02:00
func ( s * Sessions ) DestroyAll ( ) {
2017-02-15 19:06:19 +01:00
s . provider . DestroyAll ( )
}
2017-03-18 22:43:04 +01:00
// let's keep these funcs simple, we can do it with two lines but we may add more things in the future.
2017-07-10 17:32:42 +02:00
func ( s * Sessions ) decodeCookieValue ( cookieValue string ) string {
2017-08-02 08:40:54 +02:00
if cookieValue == "" {
return ""
}
2019-07-15 08:58:05 +02:00
var cookieValueDecoded string
2017-08-02 08:40:54 +02:00
2017-03-18 22:43:04 +01:00
if decode := s . config . Decode ; decode != nil {
err := decode ( s . config . Cookie , cookieValue , & cookieValueDecoded )
if err == nil {
2019-07-15 08:58:05 +02:00
cookieValue = cookieValueDecoded
2017-03-18 22:43:04 +01:00
} else {
cookieValue = ""
}
}
2017-08-02 08:40:54 +02:00
2017-03-18 22:43:04 +01:00
return cookieValue
}
2017-07-10 17:32:42 +02:00
func ( s * Sessions ) encodeCookieValue ( cookieValue string ) string {
2017-03-18 22:43:04 +01:00
if encode := s . config . Encode ; encode != nil {
newVal , err := encode ( s . config . Cookie , cookieValue )
if err == nil {
cookieValue = newVal
} else {
cookieValue = ""
}
}
return cookieValue
}