From c5bd56c718cbc276d90def2f508cc9f8e28110db Mon Sep 17 00:00:00 2001
From: Simon Eisenmann <simon@longsleep.org>
Date: Mon, 21 Apr 2014 16:54:22 +0200
Subject: [PATCH] Cleaned up token and session id generation in preperation for
 userids.

---
 server.conf.in                                |  2 +-
 .../spreed-speakfreely-server/connection.go   | 11 ++--
 src/app/spreed-speakfreely-server/hub.go      | 51 +++++++++++--------
 src/app/spreed-speakfreely-server/server.go   |  4 +-
 src/app/spreed-speakfreely-server/session.go  | 16 ++++++
 5 files changed, 55 insertions(+), 29 deletions(-)

diff --git a/server.conf.in b/server.conf.in
index 8c8388f9..0f529dc1 100644
--- a/server.conf.in
+++ b/server.conf.in
@@ -24,7 +24,7 @@ listen = 127.0.0.1:8080
 #stunURIs = stun.l.google.com:19302
 #turnURIs = turn:turnserver:port?transport=udp turn:anotherturnserver:port?transport=tcp turns:turnserver:443?transport=tcp
 #turnSecret = the-default-turn-shared-secret-do-not-keep
-sessionSecret = the-default-secret-do-not-keep
+sessionSecret = the-default-secret-do-not-keep-me # Use 32 or 64 bytes random data
 #tokenFile = tokens.txt # If set, everyone needs to give one of the tokens to launch the web client. One token per line in the file.
 #globalRoom = global # Enables a global room. Users in that room are in all rooms.
 #defaultRoomEnabled = true # Set to false to disable default room.
diff --git a/src/app/spreed-speakfreely-server/connection.go b/src/app/spreed-speakfreely-server/connection.go
index 2d58ac76..db7a0550 100644
--- a/src/app/spreed-speakfreely-server/connection.go
+++ b/src/app/spreed-speakfreely-server/connection.go
@@ -112,24 +112,25 @@ func (c *Connection) close() {
 
 func (c *Connection) register() error {
 
-	id, err := c.h.EncodeTicket("id", "")
+	id, err := c.h.CreateSessionid()
 	if err != nil {
 		log.Println("Failed to create new Id while register", err)
 		return err
 	}
 	c.Id = id
-	//log.Println("Created new id", id)
+	log.Println("Created new id", len(id), id)
 	c.h.registerHandler(c)
 	return nil
 }
 
 func (c *Connection) reregister(token string) error {
 
-	if id, err := c.h.DecodeTicket("token", token); err == nil {
-		c.Id = id
+	if st, err := c.h.DecodeSessionToken(token); err == nil {
+		c.Id = st.Id
 		c.h.registerHandler(c)
+		c.Session.Apply(st)
 	} else {
-		log.Println("Error while decoding token", err)
+		log.Println("Error while decoding session token", err)
 		c.register()
 	}
 	return nil
diff --git a/src/app/spreed-speakfreely-server/hub.go b/src/app/spreed-speakfreely-server/hub.go
index dd4eb7dd..9497b60a 100644
--- a/src/app/spreed-speakfreely-server/hub.go
+++ b/src/app/spreed-speakfreely-server/hub.go
@@ -92,6 +92,10 @@ func NewHub(version string, config *Config, sessionSecret, turnSecret string) *H
 		turnSecret:      []byte(turnSecret),
 	}
 
+	if len(h.sessionSecret) < 32 {
+		log.Printf("Weak sessionSecret (only %d bytes). It is recommended to use a key with 32 or 64 bytes.\n", len(h.sessionSecret))
+	}
+
 	h.tickets = securecookie.New(h.sessionSecret, nil)
 	h.buffers = NewBufferCache(1024, bytes.MinRead)
 	h.buddyImages = NewImageCache()
@@ -155,21 +159,27 @@ func (h *Hub) CreateTurnData(id string) *DataTurn {
 
 }
 
-func (h *Hub) EncodeTicket(key, value string) (string, error) {
+func (h *Hub) CreateSessionid() (string, error) {
 
-	if value == "" {
-		// Create new id.
-		value = fmt.Sprintf("%s", securecookie.GenerateRandomKey(16))
-	}
-	return h.tickets.Encode(key, value)
+	// NOTE(longsleep): Is it required to make this a secure cookie,
+	// random data in itself should be sufficent if we do not validate
+	// session ids somewhere?
+	value := fmt.Sprintf("%s", securecookie.GenerateRandomKey(32))
+	return h.tickets.Encode("id", value)
+
+}
+
+func (h *Hub) EncodeSessionToken(st *SessionToken) (string, error) {
+
+	return h.tickets.Encode("token", st)
 
 }
 
-func (h *Hub) DecodeTicket(key, value string) (string, error) {
+func (h *Hub) DecodeSessionToken(token string) (*SessionToken, error) {
 
-	result := ""
-	err := h.tickets.Decode(key, value, &result)
-	return result, err
+	st := &SessionToken{}
+	err := h.tickets.Decode("token", token, st)
+	return st, err
 
 }
 
@@ -180,8 +190,8 @@ func (h *Hub) GetRoom(id string) *RoomWorker {
 	if !ok {
 		h.mutex.RUnlock()
 		h.mutex.Lock()
-		// need to re-check, another thread might have created the room
-		// while we waited for the lock
+		// Need to re-check, another thread might have created the room
+		// while we waited for the lock.
 		room, ok = h.roomTable[id]
 		if !ok {
 			room = NewRoomWorker(h, id)
@@ -252,26 +262,23 @@ func (h *Hub) registerHandler(c *Connection) {
 	h.count++
 	c.Idx = h.count
 	s := &Session{Id: c.Id}
-	h.sessionTable[c.Id] = s
 	c.Session = s
 	c.IsRegistered = true
 
 	// Register connection or replace existing one.
 	if ec, ok := h.connectionTable[c.Id]; ok {
-		delete(h.connectionTable, ec.Id)
 		ec.IsRegistered = false
 		ec.close()
-		h.connectionTable[c.Id] = c
-		h.mutex.Unlock()
 		//log.Printf("Register (%d) from %s: %s (existing)\n", c.Idx, c.RemoteAddr, c.Id)
-	} else {
-		h.connectionTable[c.Id] = c
-		//fmt.Println("registered", c.Id)
-		h.mutex.Unlock()
-		//log.Printf("Register (%d) from %s: %s\n", c.Idx, c.RemoteAddr, c.Id)
-		h.server.OnRegister(c)
 	}
 
+	h.connectionTable[c.Id] = c
+	h.sessionTable[c.Id] = s
+	//fmt.Println("registered", c.Id)
+	h.mutex.Unlock()
+	//log.Printf("Register (%d) from %s: %s\n", c.Idx, c.RemoteAddr, c.Id)
+	h.server.OnRegister(c)
+
 }
 
 func (h *Hub) unregisterHandler(c *Connection) {
diff --git a/src/app/spreed-speakfreely-server/server.go b/src/app/spreed-speakfreely-server/server.go
index c739fb62..fb660a1e 100644
--- a/src/app/spreed-speakfreely-server/server.go
+++ b/src/app/spreed-speakfreely-server/server.go
@@ -37,7 +37,9 @@ type Server struct {
 
 func (s *Server) OnRegister(c *Connection) {
 	//log.Println("OnRegister", c.id)
-	if token, err := c.h.EncodeTicket("token", c.Id); err == nil {
+	st := &SessionToken{Id: c.Id}
+	if token, err := c.h.EncodeSessionToken(st); err == nil {
+		log.Println("Created new session token", len(token), token)
 		// Send stuff back.
 		s.Unicast(c, c.Id, &DataSelf{Type: "Self", Id: c.Id, Token: token, Version: c.h.version, Turn: c.h.CreateTurnData(c.Id), Stun: c.h.config.StunURIs})
 	} else {
diff --git a/src/app/spreed-speakfreely-server/session.go b/src/app/spreed-speakfreely-server/session.go
index d19f994c..2e702acb 100644
--- a/src/app/spreed-speakfreely-server/session.go
+++ b/src/app/spreed-speakfreely-server/session.go
@@ -27,6 +27,7 @@ import (
 
 type Session struct {
 	Id        string
+	Userid    string
 	Roomid    string
 	Ua        string
 	UpdateRev uint64
@@ -58,6 +59,15 @@ func (s *Session) Update(update *SessionUpdate) uint64 {
 
 }
 
+func (s *Session) Apply(st *SessionToken) {
+
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	s.Id = st.Id
+	s.Userid = st.Userid
+
+}
+
 func (s *Session) Data() *DataSession {
 
 	s.mutex.RLock()
@@ -65,6 +75,7 @@ func (s *Session) Data() *DataSession {
 
 	return &DataSession{
 		Id:     s.Id,
+		Userid: s.Userid,
 		Ua:     s.Ua,
 		Status: s.Status,
 		Rev:    s.UpdateRev,
@@ -79,3 +90,8 @@ type SessionUpdate struct {
 	Ua     string
 	Status interface{}
 }
+
+type SessionToken struct {
+	Id     string
+	Userid string
+}