Added non public session id to prepare for authorization.

doc/CHANNELING-API.txt

@@ -85,6 +85,7 @@ Special purpose documents for channling
     {
         "Type": "Self",
         "Id": "4",
+        "Sid": "5157",
         "Userid": "",
         "Token": "some-very-long-string",
         "Version": "server-version-number",
@@ -108,7 +109,8 @@ Special purpose documents for channling
     Keys:
 
         Type   : Self (string)
-        Id     : Channel id for this connection (string).
+        Id     : Public Session id for this connection (string).
+        Sid    : Secure (non public) id for this session (string).
         Userid : User id if this session belongs to an authenticated user. Else empty.
         Token  : Security token (string), to restablish connection with the same
                  session. Pass the value as URL query parameter t, to the websocket URL.

src/app/spreed-speakfreely-server/channeling.go

@@ -48,6 +48,7 @@ type DataAnswer struct {
 type DataSelf struct {
 	Type    string
 	Id      string
+	Sid     string
 	Userid  string
 	Token   string
 	Version string

src/app/spreed-speakfreely-server/hub.go

@@ -165,13 +165,15 @@ func (h *Hub) CreateSession(st *SessionToken) *Session {
 	// random data in itself should be sufficent if we do not validate
 	// session ids somewhere?
 
-	session := &Session{}
+	var session *Session
 
 	if st == nil {
-		session.Id, _ = h.tickets.Encode("id", fmt.Sprintf("%s", securecookie.GenerateRandomKey(32)))
+		sid := NewRandomString(32)
-		log.Println("Created new session id", len(session.Id), session.Id)
+		id, _ := h.tickets.Encode("id", sid)
+		session = NewSession(id, sid, "")
+		log.Println("Created new session id", len(id), id, sid)
 	} else {
-		session.Apply(st)
+		session = NewSession(st.Id, st.Sid, st.Userid)
 	}
 
 	return session

src/app/spreed-speakfreely-server/random.go

@@ -23,7 +23,6 @@ package main
 
 import (
 	"crypto/rand"
-	"encoding/base64"
 	pseudoRand "math/rand"
 	"time"
 )
@@ -32,7 +31,7 @@ const (
 	dict = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW0123456789"
 )
 
-func RandomString(length int) string {
+func NewRandomString(length int) string {
 
 	buf := make([]byte, length)
 	_, err := rand.Read(buf)
@@ -50,20 +49,6 @@ func RandomString(length int) string {
 
 }
 
-func RandomUrlString(length int) string {
-
-	buf := make([]byte, length)
-	_, err := rand.Read(buf)
-	if err != nil {
-		// fallback to pseudo-random
-		for i := 0; i < length; i++ {
-			buf[i] = byte(pseudoRand.Intn(256))
-		}
-	}
-	return base64.URLEncoding.EncodeToString(buf)
-
-}
-
 func init() {
 	// Make sure to seed default random generator.
 	pseudoRand.Seed(time.Now().UTC().UnixNano())

src/app/spreed-speakfreely-server/rooms.go

@@ -37,7 +37,7 @@ type Rooms struct {
 
 func (rooms *Rooms) Post(values url.Values, headers http.Header) (int, interface{}, http.Header) {
 
-	name := RandomString(11)
+	name := NewRandomString(11)
 	return 200, &Room{name, fmt.Sprintf("/%s", name)}, http.Header{"Content-Type": {"application/json"}}
 
 }

src/app/spreed-speakfreely-server/server.go

@@ -43,6 +43,7 @@ func (s *Server) OnRegister(c *Connection) {
 		s.Unicast(c, c.Id, &DataSelf{
 			Type:    "Self",
 			Id:      c.Id,
+			Sid:     c.Session.Sid,
 			Userid:  c.Session.Userid,
 			Token:   token,
 			Version: c.h.version,

src/app/spreed-speakfreely-server/session.go

@@ -27,6 +27,7 @@ import (
 
 type Session struct {
 	Id        string
+	Sid       string
 	Userid    string
 	Roomid    string
 	Ua        string
@@ -35,6 +36,16 @@ type Session struct {
 	mutex     sync.RWMutex
 }
 
+func NewSession(id, sid, userid string) *Session {
+
+	return &Session{
+		Id:     id,
+		Sid:    sid,
+		Userid: userid,
+	}
+
+}
+
 func (s *Session) Update(update *SessionUpdate) uint64 {
 
 	s.mutex.Lock()
@@ -69,7 +80,7 @@ func (s *Session) Apply(st *SessionToken) {
 }
 
 func (s *Session) Token() *SessionToken {
-	return &SessionToken{Id: s.Id, Userid: s.Userid}
+	return &SessionToken{Id: s.Id, Sid: s.Sid, Userid: s.Userid}
 }
 
 func (s *Session) Data() *DataSession {
@@ -97,5 +108,6 @@ type SessionUpdate struct {
 
 type SessionToken struct {
 	Id     string
+	Sid    string
 	Userid string
 }