From 24ad6ffe49de7aff4629c15eda1b792f21b2cd4b Mon Sep 17 00:00:00 2001 From: Simon Eisenmann Date: Thu, 19 Jun 2014 19:37:58 +0200 Subject: [PATCH] Refactored attestation server side and implemented automatic expiry and refresh. --- src/app/spreed-webrtc-server/hub.go | 11 ++- src/app/spreed-webrtc-server/session.go | 95 +++++++++++++++++++------ 2 files changed, 80 insertions(+), 26 deletions(-) diff --git a/src/app/spreed-webrtc-server/hub.go b/src/app/spreed-webrtc-server/hub.go index 5a5691ad..a0498a26 100644 --- a/src/app/spreed-webrtc-server/hub.go +++ b/src/app/spreed-webrtc-server/hub.go @@ -219,7 +219,7 @@ func (h *Hub) CreateSession(request *http.Request, st *SessionToken) *Session { if st == nil { sid := NewRandomString(32) id, _ := h.tickets.Encode("id", sid) - session = NewSession(id, sid) + session = NewSession(h, id, sid) log.Println("Created new session id", len(id), id, sid) } else { if userid == "" { @@ -228,11 +228,9 @@ func (h *Hub) CreateSession(request *http.Request, st *SessionToken) *Session { if !usersEnabled { userid = "" } - session = NewSession(st.Id, st.Sid) + session = NewSession(h, st.Id, st.Sid) } - h.EncodeAttestation(session) - if userid != "" { h.authenticateHandler(session, st, userid) } @@ -257,6 +255,7 @@ func (h *Hub) ValidateSession(id, sid string) bool { } +/* func (h *Hub) EncodeAttestation(session *Session) (string, error) { attestation, err := h.attestations.Encode("attestation", session.Id) @@ -273,7 +272,7 @@ func (h *Hub) DecodeAttestation(token string) (string, error) { err := h.attestations.Decode("attestation", token, &id) return id, err -} +}*/ func (h *Hub) EncodeSessionToken(st *SessionToken) (string, error) { @@ -481,7 +480,7 @@ func (h *Hub) sessionsHandler(c *Connection, srq *DataSessionsRequest, iid strin // Add sessions for forein user. users = user.SessionsData() case "session": - id, err := h.DecodeAttestation(srq.Token) + id, err := c.Session.attestation.Decode(srq.Token) if err != nil { log.Println("Failed to decode incoming attestation", err, srq.Token) return diff --git a/src/app/spreed-webrtc-server/session.go b/src/app/spreed-webrtc-server/session.go index 49a24f2e..af68678b 100644 --- a/src/app/spreed-webrtc-server/session.go +++ b/src/app/spreed-webrtc-server/session.go @@ -42,17 +42,21 @@ type Session struct { mutex sync.RWMutex userid string stamp int64 - attestation string + attestation *SessionAttestation + h *Hub } -func NewSession(id, sid string) *Session { +func NewSession(h *Hub, id, sid string) *Session { - return &Session{ + session := &Session{ Id: id, Sid: sid, Prio: 100, stamp: time.Now().Unix(), + h: h, } + session.NewAttestation() + return session } @@ -163,23 +167,6 @@ func (s *Session) Userid() (userid string) { } -func (s *Session) Attestation() (attestation string) { - - s.mutex.RLock() - attestation = s.attestation - s.mutex.RUnlock() - return - -} - -func (s *Session) UpdateAttestation(attestation string) { - - s.mutex.Lock() - s.attestation = attestation - s.mutex.Unlock() - -} - func (s *Session) DataSessionLeft(state string) *DataSession { s.mutex.RLock() @@ -224,6 +211,32 @@ func (s *Session) DataSessionStatus() *DataSession { } +func (s *Session) NewAttestation() { + + s.attestation = &SessionAttestation{ + s: s, + } + s.attestation.Update() + +} + +func (s *Session) Attestation() (attestation string) { + + s.mutex.RLock() + attestation = s.attestation.Token() + s.mutex.RUnlock() + return + +} + +func (s *Session) UpdateAttestation() { + + s.mutex.Lock() + s.attestation.Update() + s.mutex.Unlock() + +} + type SessionUpdate struct { Id string Types []string @@ -240,6 +253,48 @@ type SessionToken struct { Nonce string `json:"Nonce,omitempty"` // User autentication nonce. } +type SessionAttestation struct { + refresh int64 + token string + s *Session +} + +func (sa *SessionAttestation) Update() (string, error) { + + token, err := sa.Encode() + if err == nil { + sa.token = token + sa.refresh = time.Now().Unix() + 180 // expires after 3 minutes + } + return token, err + +} + +func (sa *SessionAttestation) Token() (token string) { + + if sa.refresh < time.Now().Unix() { + token, _ = sa.Update() + } else { + token = sa.token + } + return + +} + +func (sa *SessionAttestation) Encode() (string, error) { + + return sa.s.h.attestations.Encode("attestation", sa.s.Id) + +} + +func (sa *SessionAttestation) Decode(token string) (string, error) { + + var id string + err := sa.s.h.attestations.Decode("attestation", token, &id) + return id, err + +} + func init() { // Create nonce generator. sessionNonces = securecookie.New(securecookie.GenerateRandomKey(64), nil)