Add simple sessions

2025-09-13 15:19:08 +00:00 · 2023-03-05 23:19:03 +01:00 · 2023-03-05 23:19:03 +01:00 · db871f328a
commit db871f328a
parent 5f5ff34337
6 changed files with 109 additions and 6 deletions
--- a/pkg/server/api.go
+++ b/pkg/server/api.go
@ -11,6 +11,11 @@ import (
 )

 func HandleAPI(w http.ResponseWriter, r *http.Request) {
+	_, s := GetSession(r)
+	if s == nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		return
+	}
 	defer func() {
 		if r := recover(); r != nil {
 			slog.Error("Recovered Panic Handling HTTP API Request", fmt.Errorf("%v", r), "stack", debug.Stack())
@ -18,7 +23,7 @@ func HandleAPI(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	}()
-	ctx, cancel := context.WithTimeout(r.Context(), time.Second*10)
+	ctx, cancel := context.WithTimeout(context.WithValue(r.Context(), SessionKey, s), time.Second*10)
 	defer cancel()

 	err := apiHandler.HandleRequest(ctx, r.Body, w)
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@ -15,6 +15,7 @@ import (
 var server http.Server
 var mux = http.NewServeMux()
 var apiHandler *jsonrpc.Handler
+var stopCleanup chan struct{}

 func StartWebserver(conf *definitions.Config, _apiHandler *jsonrpc.Handler) {
 	server.Addr = ":8080"
@ -29,6 +30,10 @@ func StartWebserver(conf *definitions.Config, _apiHandler *jsonrpc.Handler) {
 	mux.HandleFunc("/ws/api", HandleWebsocketAPI)
 	mux.HandleFunc("/", HandleWebinterface)

+	stopCleanup = make(chan struct{})
+
+	go CleanupSessions(stopCleanup)
+
 	go func() {
 		if err := server.ListenAndServe(); !errors.Is(err, http.ErrServerClosed) {
 			slog.Error("Webserver error", err)
@ -38,6 +43,7 @@ func StartWebserver(conf *definitions.Config, _apiHandler *jsonrpc.Handler) {
 }

 func ShutdownWebserver(ctx context.Context) error {
+	stopCleanup <- struct{}{}
 	err := server.Shutdown(ctx)
 	if err != nil {
 		return fmt.Errorf("Shutting down: %w", err)
--- a/pkg/server/session.go
+++ b/pkg/server/session.go
@ -1,15 +1,98 @@
 package server

-import "net/http"
+import (
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+type SessionKeyType string
+
+const SessionKey SessionKeyType = "session"
+
+type Session struct {
+	Username string
+	Expires  time.Time
+}
+
+var sessionsSync sync.Mutex
+var sessions map[string]*Session = map[string]*Session{}
+
+func GetSession(r *http.Request) (string, *Session) {
+	c, err := r.Cookie("session")
+	if err != nil {
+		return "", nil
+	}
+	s, ok := sessions[c.Value]
+	if ok {
+		return c.Value, s
+	}
+	return "", nil
+}
+
+func GenerateSession(w http.ResponseWriter, username string) {
+	id := uuid.New().String()
+	expires := time.Now().Add(time.Minute * 5)
+	sessionsSync.Lock()
+	defer sessionsSync.Unlock()
+	sessions[id] = &Session{
+		Username: username,
+		Expires:  expires,
+	}
+	http.SetCookie(w, &http.Cookie{Name: "session", HttpOnly: true, SameSite: http.SameSiteStrictMode, Value: id, Expires: expires})
+}
+
+func CleanupSessions(stop chan struct{}) {
+	tick := time.NewTicker(time.Minute)
+	for {
+		select {
+		case <-tick.C:
+			ids := []string{}
+			sessionsSync.Lock()
+			for id, s := range sessions {
+				if time.Now().After(s.Expires) {
+					ids = append(ids, id)
+				}
+			}
+			for _, id := range ids {
+				delete(sessions, id)
+			}
+			sessionsSync.Unlock()
+		case <-stop:
+			return
+		}
+	}
+}

 func HandleLogin(w http.ResponseWriter, r *http.Request) {
-
+	username := r.PostFormValue("username")
+	password := r.PostFormValue("password")
+	if username == "admin" && password == "12345" {
+		GenerateSession(w, username)
+		w.WriteHeader(http.StatusOK)
+		http.Redirect(w, r, "/", http.StatusFound)
+	}
+	w.WriteHeader(http.StatusUnauthorized)
 }

 func HandleLogout(w http.ResponseWriter, r *http.Request) {
-
+	http.SetCookie(w, &http.Cookie{Name: "session", Value: "", Expires: time.Now()})
+	w.WriteHeader(http.StatusOK)
 }

 func HandleSession(w http.ResponseWriter, r *http.Request) {
-
+	id, s := GetSession(r)
+	if s == nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+	sessionsSync.Lock()
+	defer sessionsSync.Unlock()
+	if s != nil {
+		s.Expires = time.Now().Add(time.Minute * 5)
+	}
+	http.SetCookie(w, &http.Cookie{Name: "session", HttpOnly: true, SameSite: http.SameSiteStrictMode, Value: id, Expires: s.Expires})
+	w.WriteHeader(http.StatusOK)
 }
--- a/pkg/server/websocket.go
+++ b/pkg/server/websocket.go
@ -13,7 +13,13 @@ import (
 )

 func HandleWebsocketAPI(w http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithCancel(r.Context())
+	_, s := GetSession(r)
+	if s == nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
+	ctx, cancel := context.WithCancel(context.WithValue(r.Context(), SessionKey, s))
 	defer cancel()
 	c, err := websocket.Accept(w, r, nil)
 	if err != nil {