sha1..

session.go

@@ -0,0 +1,161 @@
+// Package session (session manager) control process session lifetime create, update and destroy
+package session
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+var milis int64 = 1000
+
+// for provider fun
+var provides = make(map[string]Provider)
+
+// ProviderNames return slice of strings - registered Provider names
+func ProviderNames() []string {
+	var prdnames []string
+	for pn := range provides {
+		prdnames = append(prdnames, pn)
+	}
+	return prdnames
+}
+
+// MilisPerSec return time resolution (milliseconds / 1sec)
+func MilisPerSec() int64 {
+	return milis
+}
+
+// Session interface implement storage for one session and have maxLifetime and lastAccessTime
+type Session interface {
+	//set session value and update last access time
+	Set(key, value interface{}) error
+	//get session value and update last access time
+	Get(key interface{}) (v any, err error)
+	//delete session value
+	Delete(key interface{}) error
+	//get session id for session
+	SessionID() string
+}
+
+// Provider interace implement lifecycle for one session
+type Provider interface {
+	//create new session using sid value
+	Init(sid string) (Session, error)
+	//read return existing session by id or if not exist create new session
+	Read(sid string) (Session, error)
+	//destroy remove session with sid from storage if exist
+	Destroy(sid string) error
+	//regenerate id change old sid to newsid and preserve existing session data
+	RegenerateID(oldsid, newsid string) (err error)
+	//gc remove all sessions with > maxLifetime
+	GC(maxlifetime int64)
+}
+
+// Register makes a session provide available by the provided name.
+// If Register is called twice with the same name or if driver is nil, it panics.
+func Register(name string, provide Provider) {
+	if provide == nil {
+		panic("session: Register provide is nil, must be import any session storage implementation")
+	}
+	if _, dup := provides[name]; dup {
+		panic("session: Already registered provider: " + name)
+	}
+	provides[name] = provide
+}
+
+// Manager controls all sessions with registered storage provider
+type Manager struct {
+	cookieName  string
+	provider    Provider
+	maxlifetime int64
+	secure      bool
+}
+
+// NewManager create new *Manager for provideName, cookieName and maxlifetime in seconds
+func NewManager(providerName, cookieName string, maxlifetime int64, ssl bool) (*Manager, error) {
+	var provider Provider
+	var ok bool
+	if provider, ok = provides[providerName]; !ok {
+		return nil, fmt.Errorf("session: Provider: %q not found (forgotten import?)", providerName)
+	}
+	m := &Manager{
+		cookieName: cookieName, provider: provider,
+		maxlifetime: maxlifetime, secure: ssl,
+	}
+	m.GC()
+	return m, nil
+}
+
+// generate new secure 32 byte sessionID
+func (manager *Manager) sessionID() (sid string, err error) {
+	b := make([]byte, 32)
+	if _, err = io.ReadFull(rand.Reader, b); err != nil {
+		return "", fmt.Errorf("Session manager error: generate sessionID failed: %w", err)
+	}
+	return base64.URLEncoding.EncodeToString(b), nil
+}
+
+// SessionStart start session for next http response
+func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (session Session, err error) {
+	var cookie *http.Cookie
+	var sid string
+	if cookie, err = r.Cookie(manager.cookieName); err != nil || cookie == nil {
+		if sid, err = manager.sessionID(); err != nil {
+			return nil, err
+		}
+		if session, err = manager.provider.Init(sid); err != nil {
+			return nil, fmt.Errorf("Session init failed: %w", err)
+		}
+		cookie := http.Cookie{
+			Name: manager.cookieName, Value: url.QueryEscape(sid), Path: "/",
+			HttpOnly: true, MaxAge: int(manager.maxlifetime),
+			Secure: manager.secure,
+		}
+		http.SetCookie(w, &cookie)
+	} else {
+		if sid, err = url.QueryUnescape(cookie.Value); err != nil {
+			return nil, fmt.Errorf("Session cookie decode error: %v", err)
+		}
+		if session, err = manager.provider.Read(sid); err != nil {
+			return nil, fmt.Errorf("Session provider read error: %w", err)
+		}
+	}
+	return
+}
+
+// SessionDestroy end session and delete session data at the server
+func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) (err error) {
+	var cookie *http.Cookie
+	if cookie, err = r.Cookie(manager.cookieName); err != nil || cookie.Value == "" {
+		return
+	}
+
+	manager.provider.Destroy(cookie.Value)
+	rmcookie := http.Cookie{
+		Name: manager.cookieName, Path: "/", HttpOnly: true,
+		Expires: time.Now(), MaxAge: -1,
+	}
+	http.SetCookie(w, &rmcookie)
+	return nil
+}
+
+// RegenerateID vhange sid and preserve all session data
+func (manager *Manager) RegenerateID(w http.ResponseWriter, r *http.Request) {
+	if ck, err := r.Cookie(manager.cookieName); err == nil && ck.Value != "" {
+		if newid, err := manager.sessionID(); err != nil {
+			manager.provider.RegenerateID(ck.Value, newid)
+		}
+	}
+}
+
+// GC remove sessions which exceeded manager.maxLifetime
+func (manager *Manager) GC() {
+	manager.provider.GC(manager.maxlifetime)
+	msec := milis * manager.maxlifetime
+	time.AfterFunc(time.Duration(msec), func() { manager.GC() })
+}