Refactored attestation server side and implemented automatic expiry and refresh.

11 years ago · 24ad6ffe49
2 changed files with 80 additions and 26 deletions
--- a/src/app/spreed-webrtc-server/hub.go
+++ b/src/app/spreed-webrtc-server/hub.go
@ -219,7 +219,7 @@ func (h *Hub) CreateSession(request *http.Request, st *SessionToken) *Session {
				@@ -219,7 +219,7 @@ func (h *Hub) CreateSession(request *http.Request, st *SessionToken) *Session {
 	if st == nil {
 		sid := NewRandomString(32)
 		id, _ := h.tickets.Encode("id", sid)
-		session = NewSession(id, sid)
+		session = NewSession(h, id, sid)
 		log.Println("Created new session id", len(id), id, sid)
 	} else {
 		if userid == "" {
@ -228,11 +228,9 @@ func (h *Hub) CreateSession(request *http.Request, st *SessionToken) *Session {
				@@ -228,11 +228,9 @@ func (h *Hub) CreateSession(request *http.Request, st *SessionToken) *Session {
 		if !usersEnabled {
 			userid = ""
 		}
-		session = NewSession(st.Id, st.Sid)
+		session = NewSession(h, st.Id, st.Sid)
 	}

-	h.EncodeAttestation(session)
-
 	if userid != "" {
 		h.authenticateHandler(session, st, userid)
 	}
@ -257,6 +255,7 @@ func (h *Hub) ValidateSession(id, sid string) bool {
				@@ -257,6 +255,7 @@ func (h *Hub) ValidateSession(id, sid string) bool {

 }

+/*
 func (h *Hub) EncodeAttestation(session *Session) (string, error) {

 	attestation, err := h.attestations.Encode("attestation", session.Id)
@ -273,7 +272,7 @@ func (h *Hub) DecodeAttestation(token string) (string, error) {
				@@ -273,7 +272,7 @@ func (h *Hub) DecodeAttestation(token string) (string, error) {
 	err := h.attestations.Decode("attestation", token, &id)
 	return id, err

-}
+}*/

 func (h *Hub) EncodeSessionToken(st *SessionToken) (string, error) {

@ -481,7 +480,7 @@ func (h *Hub) sessionsHandler(c *Connection, srq *DataSessionsRequest, iid strin
				@@ -481,7 +480,7 @@ func (h *Hub) sessionsHandler(c *Connection, srq *DataSessionsRequest, iid strin
 		// Add sessions for forein user.
 		users = user.SessionsData()
 	case "session":
-		id, err := h.DecodeAttestation(srq.Token)
+		id, err := c.Session.attestation.Decode(srq.Token)
 		if err != nil {
 			log.Println("Failed to decode incoming attestation", err, srq.Token)
 			return
--- a/src/app/spreed-webrtc-server/session.go
+++ b/src/app/spreed-webrtc-server/session.go
@ -42,17 +42,21 @@ type Session struct {
				@@ -42,17 +42,21 @@ type Session struct {
 	mutex       sync.RWMutex
 	userid      string
 	stamp       int64
-	attestation string
+	attestation *SessionAttestation
+	h           *Hub
 }

-func NewSession(id, sid string) *Session {
+func NewSession(h *Hub, id, sid string) *Session {

-	return &Session{
+	session := &Session{
 		Id:    id,
 		Sid:   sid,
 		Prio:  100,
 		stamp: time.Now().Unix(),
+		h:     h,
 	}
+	session.NewAttestation()
+	return session

 }

@ -163,23 +167,6 @@ func (s *Session) Userid() (userid string) {
				@@ -163,23 +167,6 @@ func (s *Session) Userid() (userid string) {

 }

-func (s *Session) Attestation() (attestation string) {
-
-	s.mutex.RLock()
-	attestation = s.attestation
-	s.mutex.RUnlock()
-	return
-
-}
-
-func (s *Session) UpdateAttestation(attestation string) {
-
-	s.mutex.Lock()
-	s.attestation = attestation
-	s.mutex.Unlock()
-
-}
-
 func (s *Session) DataSessionLeft(state string) *DataSession {

 	s.mutex.RLock()
@ -224,6 +211,32 @@ func (s *Session) DataSessionStatus() *DataSession {
				@@ -224,6 +211,32 @@ func (s *Session) DataSessionStatus() *DataSession {

 }

+func (s *Session) NewAttestation() {
+
+	s.attestation = &SessionAttestation{
+		s: s,
+	}
+	s.attestation.Update()
+
+}
+
+func (s *Session) Attestation() (attestation string) {
+
+	s.mutex.RLock()
+	attestation = s.attestation.Token()
+	s.mutex.RUnlock()
+	return
+
+}
+
+func (s *Session) UpdateAttestation() {
+
+	s.mutex.Lock()
+	s.attestation.Update()
+	s.mutex.Unlock()
+
+}
+
 type SessionUpdate struct {
 	Id     string
 	Types  []string
@ -240,6 +253,48 @@ type SessionToken struct {
				@@ -240,6 +253,48 @@ type SessionToken struct {
 	Nonce  string `json:"Nonce,omitempty"` // User autentication nonce.
 }

+type SessionAttestation struct {
+	refresh int64
+	token   string
+	s       *Session
+}
+
+func (sa *SessionAttestation) Update() (string, error) {
+
+	token, err := sa.Encode()
+	if err == nil {
+		sa.token = token
+		sa.refresh = time.Now().Unix() + 180 // expires after 3 minutes
+	}
+	return token, err
+
+}
+
+func (sa *SessionAttestation) Token() (token string) {
+
+	if sa.refresh < time.Now().Unix() {
+		token, _ = sa.Update()
+	} else {
+		token = sa.token
+	}
+	return
+
+}
+
+func (sa *SessionAttestation) Encode() (string, error) {
+
+	return sa.s.h.attestations.Encode("attestation", sa.s.Id)
+
+}
+
+func (sa *SessionAttestation) Decode(token string) (string, error) {
+
+	var id string
+	err := sa.s.h.attestations.Decode("attestation", token, &id)
+	return id, err
+
+}
+
 func init() {
 	// Create nonce generator.
 	sessionNonces = securecookie.New(securecookie.GenerateRandomKey(64), nil)