From 0308fe8664659a4d9869a973288b514d6cc65018 Mon Sep 17 00:00:00 2001 From: Peter Sanchez Date: Tue, 21 Nov 2023 19:07:12 -0600 Subject: [PATCH] Working on adding support for session expire and configuration --- go.mod | 4 ++-- go.sum | 6 ++---- server/server.go | 24 ++++++++++++++++++++++-- sessions/middleware.go | 12 ++++++++++++ sessions/sessions.go | 4 ---- 5 files changed, 38 insertions(+), 12 deletions(-) delete mode 100644 sessions/sessions.go diff --git a/go.mod b/go.mod index 248ef8f..f3586bc 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/Masterminds/squirrel v1.5.4 github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387 github.com/alexedwards/scs/postgresstore v0.0.0-20211203064041-370cc303b69f - github.com/alexedwards/scs/v2 v2.6.0 + github.com/alexedwards/scs/v2 v2.7.0 github.com/go-playground/validator/v10 v10.12.0 github.com/labstack/echo/v4 v4.10.2 github.com/lib/pq v1.10.4 @@ -16,6 +16,7 @@ require ( github.com/segmentio/ksuid v1.0.4 github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec golang.org/x/crypto v0.7.0 + golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa golang.org/x/text v0.8.0 petersanchez.com/carrier v0.1.1 ) @@ -64,7 +65,6 @@ require ( github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect github.com/vektah/gqlparser/v2 v2.5.1 // indirect - golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect golang.org/x/net v0.8.0 // indirect golang.org/x/sys v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect diff --git a/go.sum b/go.sum index cd10885..e0d638c 100644 --- a/go.sum +++ b/go.sum @@ -54,8 +54,8 @@ github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387 h1:loy0fjI90v github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387/go.mod h1:GuR5j/NW7AU7tDAQUDGCtpiPxWIOy/c3kiRDnlwiCHc= github.com/alexedwards/scs/postgresstore v0.0.0-20211203064041-370cc303b69f h1:5jiSGWqKk8pJrjaN/KEANWe/4I767+d6FiKoDGpChik= github.com/alexedwards/scs/postgresstore v0.0.0-20211203064041-370cc303b69f/go.mod h1:TDDdV/xnjj+/4zBQ9a2k+i2AbuAdY7SQjPUh5zoTZ3M= -github.com/alexedwards/scs/v2 v2.6.0 h1:vxNyhWZOnlWK9NsYlgFjSaP5IGN7Cm/sf6/slLJNBos= -github.com/alexedwards/scs/v2 v2.6.0/go.mod h1:ToaROZxyKukJKT/xLcVQAChi5k6+Pn1Gvmdl7h3RRj8= +github.com/alexedwards/scs/v2 v2.7.0 h1:DY4rqLCM7UIR9iwxFS0++z1NhTzQlKV30aMHkJCDWKw= +github.com/alexedwards/scs/v2 v2.7.0/go.mod h1:ToaROZxyKukJKT/xLcVQAChi5k6+Pn1Gvmdl7h3RRj8= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= @@ -455,8 +455,6 @@ golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= diff --git a/server/server.go b/server/server.go index b7d2ee6..efa47c2 100644 --- a/server/server.go +++ b/server/server.go @@ -70,7 +70,20 @@ type GraphQL struct { // MiddlewareConfig is a config struct to set default middlewares type MiddlewareConfig struct { - Sessions bool + Sessions bool + + // GetSessionManager should be used to customize the values of the + // scs.SessionManager instance. A function was chosen because of the + // various options it supports. This makes it easier for others to + // integrate their specific needs versus a large type with a ton of + // flags that we would have to parse through. + GetSessionManager func(srv *Server) *scs.SessionManager + + // If true then the session expirey date (note, this is NOT the cookie + // expiry date) is extended by the default session lifetime amount from + // time.Now() + SessionTimeout bool + ServerContext bool } @@ -522,7 +535,11 @@ func (s *Server) DefaultMiddlewareWithConfig(conf *MiddlewareConfig) *Server { } if conf.Sessions && s.Session == nil { - s.Session = s.GetSessionManager() + if conf.GetSessionManager != nil { + s.Session = conf.GetSessionManager(s) + } else { + s.Session = s.GetSessionManager() + } } // Set custom context @@ -544,6 +561,9 @@ func (s *Server) DefaultMiddlewareWithConfig(conf *MiddlewareConfig) *Server { if conf.Sessions { s.e.Use(sessions.LoadAndSave(s.Session)) // Must be first s.e.Use(sessions.Middleware(s.Session)) + if conf.SessionTimeout { + s.e.Use(sessions.TimeoutMiddleware(s.Session, s.Session.Lifetime)) + } } if conf.ServerContext { s.e.Use(Middleware(s)) diff --git a/sessions/middleware.go b/sessions/middleware.go index 68700ef..b50ef72 100644 --- a/sessions/middleware.go +++ b/sessions/middleware.go @@ -3,6 +3,7 @@ package sessions import ( "context" "errors" + "time" "github.com/alexedwards/scs/v2" "github.com/labstack/echo/v4" @@ -38,3 +39,14 @@ func Middleware(session *scs.SessionManager) echo.MiddlewareFunc { } } } + +// TimeoutMiddleware will alter the session expiration date by adding the duration +// given to the current timestamp. +func TimeoutMiddleware(session *scs.SessionManager, exp time.Duration) echo.MiddlewareFunc { + return func(next echo.HandlerFunc) echo.HandlerFunc { + return func(c echo.Context) error { + session.SetDeadline(c.Request().Context(), time.Now().Add(exp)) + return next(c) + } + } +} diff --git a/sessions/sessions.go b/sessions/sessions.go deleted file mode 100644 index 7e8256a..0000000 --- a/sessions/sessions.go +++ /dev/null @@ -1,4 +0,0 @@ -// Package sessions implements a gobwebs Session interface -// -// This is a TODO still. For now it's a holder for session related middleware -package sessions -- 2.45.2