Added non public session id to prepare for authorization.

11 years ago · dfba1f5640
7 changed files with 26 additions and 23 deletions
--- a/doc/CHANNELING-API.txt
+++ b/doc/CHANNELING-API.txt
@ -85,6 +85,7 @@ Special purpose documents for channling
				@@ -85,6 +85,7 @@ Special purpose documents for channling
    {
        "Type": "Self",
        "Id": "4",
+        "Sid": "5157",
        "Userid": "",
        "Token": "some-very-long-string",
        "Version": "server-version-number",
@ -108,7 +109,8 @@ Special purpose documents for channling
				@@ -108,7 +109,8 @@ Special purpose documents for channling
    Keys:

        Type   : Self (string)
-        Id     : Channel id for this connection (string).
+        Id     : Public Session id for this connection (string).
+        Sid    : Secure (non public) id for this session (string).
        Userid : User id if this session belongs to an authenticated user. Else empty.
        Token  : Security token (string), to restablish connection with the same
                 session. Pass the value as URL query parameter t, to the websocket URL.
--- a/src/app/spreed-speakfreely-server/channeling.go
+++ b/src/app/spreed-speakfreely-server/channeling.go
@ -48,6 +48,7 @@ type DataAnswer struct {
				@@ -48,6 +48,7 @@ type DataAnswer struct {
 type DataSelf struct {
 	Type    string
 	Id      string
+	Sid     string
 	Userid  string
 	Token   string
 	Version string
--- a/src/app/spreed-speakfreely-server/hub.go
+++ b/src/app/spreed-speakfreely-server/hub.go
@ -165,13 +165,15 @@ func (h *Hub) CreateSession(st *SessionToken) *Session {
				@@ -165,13 +165,15 @@ func (h *Hub) CreateSession(st *SessionToken) *Session {
 	// random data in itself should be sufficent if we do not validate
 	// session ids somewhere?

-	session := &Session{}
+	var session *Session

 	if st == nil {
-		session.Id, _ = h.tickets.Encode("id", fmt.Sprintf("%s", securecookie.GenerateRandomKey(32)))
-		log.Println("Created new session id", len(session.Id), session.Id)
+		sid := NewRandomString(32)
+		id, _ := h.tickets.Encode("id", sid)
+		session = NewSession(id, sid, "")
+		log.Println("Created new session id", len(id), id, sid)
 	} else {
-		session.Apply(st)
+		session = NewSession(st.Id, st.Sid, st.Userid)
 	}

 	return session
--- a/src/app/spreed-speakfreely-server/random.go
+++ b/src/app/spreed-speakfreely-server/random.go
@ -23,7 +23,6 @@ package main
				@@ -23,7 +23,6 @@ package main

 import (
 	"crypto/rand"
-	"encoding/base64"
 	pseudoRand "math/rand"
 	"time"
 )
@ -32,7 +31,7 @@ const (
				@@ -32,7 +31,7 @@ const (
 	dict = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW0123456789"
 )

-func RandomString(length int) string {
+func NewRandomString(length int) string {

 	buf := make([]byte, length)
 	_, err := rand.Read(buf)
@ -50,20 +49,6 @@ func RandomString(length int) string {
				@@ -50,20 +49,6 @@ func RandomString(length int) string {

 }

-func RandomUrlString(length int) string {
-
-	buf := make([]byte, length)
-	_, err := rand.Read(buf)
-	if err != nil {
-		// fallback to pseudo-random
-		for i := 0; i < length; i++ {
-			buf[i] = byte(pseudoRand.Intn(256))
-		}
-	}
-	return base64.URLEncoding.EncodeToString(buf)
-
-}
-
 func init() {
 	// Make sure to seed default random generator.
 	pseudoRand.Seed(time.Now().UTC().UnixNano())
--- a/src/app/spreed-speakfreely-server/rooms.go
+++ b/src/app/spreed-speakfreely-server/rooms.go
@ -37,7 +37,7 @@ type Rooms struct {
				@@ -37,7 +37,7 @@ type Rooms struct {

 func (rooms *Rooms) Post(values url.Values, headers http.Header) (int, interface{}, http.Header) {

-	name := RandomString(11)
+	name := NewRandomString(11)
 	return 200, &Room{name, fmt.Sprintf("/%s", name)}, http.Header{"Content-Type": {"application/json"}}

 }
--- a/src/app/spreed-speakfreely-server/server.go
+++ b/src/app/spreed-speakfreely-server/server.go
@ -43,6 +43,7 @@ func (s *Server) OnRegister(c *Connection) {
				@@ -43,6 +43,7 @@ func (s *Server) OnRegister(c *Connection) {
 		s.Unicast(c, c.Id, &DataSelf{
 			Type:    "Self",
 			Id:      c.Id,
+			Sid:     c.Session.Sid,
 			Userid:  c.Session.Userid,
 			Token:   token,
 			Version: c.h.version,
--- a/src/app/spreed-speakfreely-server/session.go
+++ b/src/app/spreed-speakfreely-server/session.go
@ -27,6 +27,7 @@ import (
				@@ -27,6 +27,7 @@ import (

 type Session struct {
 	Id        string
+	Sid       string
 	Userid    string
 	Roomid    string
 	Ua        string
@ -35,6 +36,16 @@ type Session struct {
				@@ -35,6 +36,16 @@ type Session struct {
 	mutex     sync.RWMutex
 }

+func NewSession(id, sid, userid string) *Session {
+
+	return &Session{
+		Id:     id,
+		Sid:    sid,
+		Userid: userid,
+	}
+
+}
+
 func (s *Session) Update(update *SessionUpdate) uint64 {

 	s.mutex.Lock()
@ -69,7 +80,7 @@ func (s *Session) Apply(st *SessionToken) {
				@@ -69,7 +80,7 @@ func (s *Session) Apply(st *SessionToken) {
 }

 func (s *Session) Token() *SessionToken {
-	return &SessionToken{Id: s.Id, Userid: s.Userid}
+	return &SessionToken{Id: s.Id, Sid: s.Sid, Userid: s.Userid}
 }

 func (s *Session) Data() *DataSession {
@ -97,5 +108,6 @@ type SessionUpdate struct {
				@@ -97,5 +108,6 @@ type SessionUpdate struct {

 type SessionToken struct {
 	Id     string
+	Sid    string
 	Userid string
 }