aboutsummaryrefslogtreecommitdiffstats
path: root/services/auth/source/oauth2/store.go
blob: f00264f997d27c534ec32d4cf96ad2854bcc9199 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package oauth2

import (
	"encoding/gob"
	"fmt"
	"net/http"

	"code.gitea.io/gitea/modules/log"

	chiSession "gitea.com/go-chi/session"
	"github.com/gorilla/sessions"
)

// SessionsStore creates a gothic store from our session
type SessionsStore struct {
	maxLength int64
}

// Get should return a cached session.
func (st *SessionsStore) Get(r *http.Request, name string) (*sessions.Session, error) {
	return st.getOrNew(r, name, false)
}

// New should create and return a new session.
//
// Note that New should never return a nil session, even in the case of
// an error if using the Registry infrastructure to cache the session.
func (st *SessionsStore) New(r *http.Request, name string) (*sessions.Session, error) {
	return st.getOrNew(r, name, true)
}

// getOrNew gets the session from the chi-session if it exists. Override permits the overriding of an unexpected object.
func (st *SessionsStore) getOrNew(r *http.Request, name string, override bool) (*sessions.Session, error) {
	chiStore := chiSession.GetSession(r)

	session := sessions.NewSession(st, name)

	rawData := chiStore.Get(name)
	if rawData != nil {
		oldSession, ok := rawData.(*sessions.Session)
		if ok {
			session.ID = oldSession.ID
			session.IsNew = oldSession.IsNew
			session.Options = oldSession.Options
			session.Values = oldSession.Values

			return session, nil
		} else if !override {
			log.Error("Unexpected object in session at name: %s: %v", name, rawData)
			return nil, fmt.Errorf("unexpected object in session at name: %s", name)
		}
	}

	session.IsNew = override
	session.ID = chiStore.ID() // Simply copy the session id from the chi store

	return session, chiStore.Set(name, session)
}

// Save should persist session to the underlying store implementation.
func (st *SessionsStore) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error {
	chiStore := chiSession.GetSession(r)

	if session.IsNew {
		_, _ = chiSession.RegenerateSession(w, r)
		session.IsNew = false
	}

	if err := chiStore.Set(session.Name(), session); err != nil {
		return err
	}

	if st.maxLength > 0 {
		sizeWriter := &sizeWriter{}

		_ = gob.NewEncoder(sizeWriter).Encode(session)
		if sizeWriter.size > st.maxLength {
			return fmt.Errorf("encode session: Data too long: %d > %d", sizeWriter.size, st.maxLength)
		}
	}

	return chiStore.Release()
}

type sizeWriter struct {
	size int64
}

func (s *sizeWriter) Write(data []byte) (int, error) {
	s.size += int64(len(data))
	return len(data), nil
}

var _ (sessions.Store) = &SessionsStore{}