Export Context.SetSession, unexport Session.Token
I'm uneasy exposing the token to plugins, I prefer to hide it if possible to prevent mis-use. This change allows plugins to logout users.
This commit is contained in:
Simon Ser
parent
d8f411176f
commit
86359156ee
|
|
@ -89,7 +89,7 @@ func handleLogin(ectx echo.Context) error {
|
|||
}
|
||||
return fmt.Errorf("failed to put connection in pool: %v", err)
|
||||
}
|
||||
ctx.setToken(s.Token)
|
||||
ctx.SetSession(s)
|
||||
|
||||
return ctx.Redirect(http.StatusFound, "/mailbox/INBOX")
|
||||
}
|
||||
|
|
@ -101,7 +101,7 @@ func handleLogout(ectx echo.Context) error {
|
|||
ctx := ectx.(*Context)
|
||||
|
||||
ctx.Session.Close()
|
||||
ctx.setToken("")
|
||||
ctx.SetSession(nil)
|
||||
return ctx.Redirect(http.StatusFound, "/login")
|
||||
}
|
||||
|
||||
|
|
|
|||
11
server.go
11
server.go
|
|
@ -104,17 +104,18 @@ type Context struct {
|
|||
|
||||
var aLongTimeAgo = time.Unix(233431200, 0)
|
||||
|
||||
func (c *Context) setToken(token string) {
|
||||
func (ctx *Context) SetSession(s *Session) {
|
||||
cookie := http.Cookie{
|
||||
Name: cookieName,
|
||||
Value: token,
|
||||
HttpOnly: true,
|
||||
// TODO: domain, secure
|
||||
}
|
||||
if token == "" {
|
||||
if s != nil {
|
||||
cookie.Value = s.token
|
||||
} else {
|
||||
cookie.Expires = aLongTimeAgo // unset the cookie
|
||||
}
|
||||
c.SetCookie(&cookie)
|
||||
ctx.SetCookie(&cookie)
|
||||
}
|
||||
|
||||
func isPublic(path string) bool {
|
||||
|
|
@ -173,7 +174,7 @@ func New(e *echo.Echo, options *Options) error {
|
|||
|
||||
ctx.Session, err = ctx.Server.sessions.Get(cookie.Value)
|
||||
if err == ErrSessionExpired {
|
||||
ctx.setToken("")
|
||||
ctx.SetSession(nil)
|
||||
return ctx.Redirect(http.StatusFound, "/login")
|
||||
} else if err != nil {
|
||||
return err
|
||||
|
|
|
|||
|
|
@ -34,10 +34,9 @@ func (err AuthError) Error() string {
|
|||
}
|
||||
|
||||
type Session struct {
|
||||
Token string
|
||||
|
||||
manager *SessionManager
|
||||
username, password string
|
||||
token string
|
||||
closed chan struct{}
|
||||
pings chan struct{}
|
||||
timer *time.Timer
|
||||
|
|
@ -138,13 +137,13 @@ func (sm *SessionManager) Put(username, password string) (*Session, error) {
|
|||
}
|
||||
|
||||
s := &Session{
|
||||
Token: token,
|
||||
manager: sm,
|
||||
closed: make(chan struct{}),
|
||||
pings: make(chan struct{}, 5),
|
||||
imapConn: c,
|
||||
username: username,
|
||||
password: password,
|
||||
token: token,
|
||||
}
|
||||
sm.sessions[token] = s
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue