Главная Обзор Помощь
Вход
LBP
/
miniflux_v2
зеркало из https://github.com/miniflux/v2.git
4
0
Ответвить 0
Файлы Задачи 0 Вики
Дерево: 54259c6176
Ветки Метки
miniflux_v2
/
internal
/
ui
/
web_session_middleware.go

web_session_middleware.go 2.2 KB
История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. // SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
    2. 

  2. // SPDX-License-Identifier: Apache-2.0
    3. 

  3. 

  4. package ui // import "miniflux.app/v2/internal/ui"
    5. 

  5. 

  6. import (
    7. 

  7. 	"context"
    8. 

  8. 	"log/slog"
    9. 

  9. 	"net/http"
    10. 

  10. 	"strings"
    11. 

  11. 

  12. 	"miniflux.app/v2/internal/http/request"
    13. 

  13. 	"miniflux.app/v2/internal/http/response"
    14. 

  14. 	"miniflux.app/v2/internal/model"
    15. 

  15. 	"miniflux.app/v2/internal/storage"
    16. 

  16. )
    17. 

  17. 

  18. type webSessionMiddleware struct {
    19. 

  19. 	basePath string
    20. 

  20. 	store    *storage.Storage
    21. 

  21. }
    22. 

  22. 

  23. func newWebSessionMiddleware(basePath string, store *storage.Storage) *webSessionMiddleware {
    24. 

  24. 	return &webSessionMiddleware{basePath: basePath, store: store}
    25. 

  25. }
    26. 

  26. 

  27. func (m *webSessionMiddleware) handle(next http.Handler) http.Handler {
    28. 

  28. 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    29. 

  29. 		if isStaticAssetRoute(r) {
    30. 

  30. 			next.ServeHTTP(w, r)
    31. 

  31. 			return
    32. 

  32. 		}
    33. 

  33. 

  34. 		session, err := m.loadWebSessionFromCookie(r)
    35. 

  35. 		if err != nil {
    36. 

  36. 			response.HTMLServerError(w, r, err)
    37. 

  37. 			return
    38. 

  38. 		}
    39. 

  39. 		if session == nil {
    40. 

  40. 			var secret string
    41. 

  41. 			session, secret = model.NewWebSession(r.UserAgent(), request.ClientIP(r))
    42. 

  42. 			if err := m.store.CreateWebSession(session); err != nil {
    43. 

  43. 				response.HTMLServerError(w, r, err)
    44. 

  44. 				return
    45. 

  45. 			}
    46. 

  46. 			setSessionCookie(w, session, secret)
    47. 

  47. 		}
    48. 

  48. 

  49. 		ctx := context.WithValue(r.Context(), request.WebSessionContextKey, session)
    50. 

  50. 		r = r.WithContext(ctx)
    51. 

  51. 

  52. 		if !request.IsAuthenticated(r) && !isPublicRoute(r) {
    53. 

  53. 			response.HTMLRedirect(w, r, loginRedirectURL(m.basePath, r.RequestURI))
    54. 

  54. 			return
    55. 

  55. 		}
    56. 

  56. 

  57. 		next.ServeHTTP(w, r)
    58. 

  58. 

  59. 		if session.IsDirty() {
    60. 

  60. 			if err := m.store.UpdateWebSession(session); err != nil {
    61. 

  61. 				slog.Error("Unable to persist web session changes",
    62. 

  62. 					slog.String("session_id", session.ID),
    63. 

  63. 					slog.Any("error", err),
    64. 

  64. 				)
    65. 

  65. 			}
    66. 

  66. 		}
    67. 

  67. 	})
    68. 

  68. }
    69. 

  69. 

  70. func (m *webSessionMiddleware) loadWebSessionFromCookie(r *http.Request) (*model.WebSession, error) {
    71. 

  71. 	cookieValue := request.CookieValue(r, sessionCookieName)
    72. 

  72. 	if cookieValue == "" {
    73. 

  73. 		return nil, nil
    74. 

  74. 	}
    75. 

  75. 

  76. 	sessionID, secret, ok := strings.Cut(cookieValue, ".")
    77. 

  77. 	if !ok || sessionID == "" || secret == "" {
    78. 

  78. 		return nil, nil
    79. 

  79. 	}
    80. 

  80. 

  81. 	session, err := m.store.WebSessionByID(sessionID)
    82. 

  82. 	if err != nil {
    83. 

  83. 		return nil, err
    84. 

  84. 	}
    85. 

  85. 

  86. 	if session == nil || !session.VerifySecret(secret) {
    87. 

  87. 		return nil, nil
    88. 

  88. 	}
    89. 

  89. 

  90. 	return session, nil
    91. 

  91. }
    92.