2016-01-05 00:32:53 +01:00
|
|
|
package routes
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"crypto/rand"
|
|
|
|
|
"encoding/base64"
|
|
|
|
|
"fmt"
|
|
|
|
|
"io"
|
|
|
|
|
"net/http"
|
|
|
|
|
"net/url"
|
2016-04-09 21:09:57 +02:00
|
|
|
"strings"
|
2016-01-05 00:32:53 +01:00
|
|
|
"time"
|
2016-03-16 22:49:43 +01:00
|
|
|
|
|
|
|
|
"github.com/ansible-semaphore/semaphore/database"
|
|
|
|
|
"github.com/ansible-semaphore/semaphore/models"
|
|
|
|
|
"github.com/ansible-semaphore/semaphore/util"
|
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
"gopkg.in/redis.v3"
|
2016-01-05 00:32:53 +01:00
|
|
|
)
|
|
|
|
|
|
2016-04-09 21:09:57 +02:00
|
|
|
func resetSessionExpiry(sessionID string, ttl time.Duration) {
|
|
|
|
|
var cmd *redis.BoolCmd
|
|
|
|
|
|
|
|
|
|
if ttl == 0 {
|
|
|
|
|
cmd = database.Redis.Persist(sessionID)
|
|
|
|
|
} else {
|
|
|
|
|
cmd = database.Redis.Expire(sessionID, ttl)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := cmd.Err(); err != nil {
|
2016-01-05 00:32:53 +01:00
|
|
|
fmt.Println("Cannot reset session expiry:", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func authentication(c *gin.Context) {
|
2016-04-09 21:09:57 +02:00
|
|
|
var redisKey string
|
|
|
|
|
ttl := 7 * 24 * time.Hour
|
|
|
|
|
|
|
|
|
|
if authHeader := strings.ToLower(c.Request.Header.Get("authorization")); len(authHeader) > 0 {
|
|
|
|
|
redisKey = "token-session:" + strings.Replace(authHeader, "bearer ", "", 1)
|
|
|
|
|
ttl = 0
|
|
|
|
|
} else {
|
|
|
|
|
cookie, err := c.Request.Cookie("semaphore")
|
|
|
|
|
if err != nil {
|
|
|
|
|
// create cookie
|
|
|
|
|
new_cookie := make([]byte, 32)
|
|
|
|
|
if _, err := io.ReadFull(rand.Reader, new_cookie); err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cookie_value := url.QueryEscape(base64.URLEncoding.EncodeToString(new_cookie))
|
|
|
|
|
cookie = &http.Cookie{Name: "semaphore", Value: cookie_value, Path: "/", HttpOnly: true}
|
|
|
|
|
http.SetCookie(c.Writer, cookie)
|
2016-01-05 00:32:53 +01:00
|
|
|
}
|
|
|
|
|
|
2016-04-09 21:09:57 +02:00
|
|
|
redisKey = "session:" + cookie.Value
|
2016-01-05 00:32:53 +01:00
|
|
|
}
|
|
|
|
|
|
2016-04-09 21:09:57 +02:00
|
|
|
s, err := database.Redis.Get(redisKey).Result()
|
2016-01-05 00:32:53 +01:00
|
|
|
if err == redis.Nil {
|
|
|
|
|
// create a session
|
|
|
|
|
temp_session := models.Session{}
|
|
|
|
|
s = string(temp_session.Encode())
|
|
|
|
|
|
2016-04-09 21:09:57 +02:00
|
|
|
if err := database.Redis.Set(redisKey, s, 0).Err(); err != nil {
|
2016-01-05 00:32:53 +01:00
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
} else if err != nil {
|
2016-04-09 21:09:57 +02:00
|
|
|
fmt.Println("Cannot get session from redis:", err)
|
2016-01-05 00:32:53 +01:00
|
|
|
c.AbortWithStatus(500)
|
|
|
|
|
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-09 21:09:57 +02:00
|
|
|
sess, err := models.DecodeSession(redisKey, s)
|
2016-01-05 00:32:53 +01:00
|
|
|
if err != nil {
|
|
|
|
|
fmt.Println("Cannot decode session:", err)
|
|
|
|
|
util.AuthFailed(c)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-18 23:03:28 +01:00
|
|
|
if sess.UserID != nil {
|
|
|
|
|
user, err := models.FetchUser(*sess.UserID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
fmt.Println("Can't find user", err)
|
|
|
|
|
c.AbortWithStatus(403)
|
|
|
|
|
return
|
|
|
|
|
}
|
2016-01-05 00:32:53 +01:00
|
|
|
|
|
|
|
|
c.Set("user", user)
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-09 21:09:57 +02:00
|
|
|
// reset session expiry
|
|
|
|
|
go resetSessionExpiry(redisKey, ttl)
|
|
|
|
|
|
|
|
|
|
c.Set("session", sess)
|
2016-01-05 00:32:53 +01:00
|
|
|
c.Next()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func MustAuthenticate(c *gin.Context) {
|
|
|
|
|
if _, exists := c.Get("user"); !exists {
|
|
|
|
|
util.AuthFailed(c)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.Next()
|
|
|
|
|
}
|
