package koushin import ( "crypto/rand" "encoding/base64" "errors" "fmt" "sync" "time" imapclient "github.com/emersion/go-imap/client" ) // TODO: make this configurable const sessionDuration = 30 * time.Minute func generateToken() (string, error) { b := make([]byte, 32) _, err := rand.Read(b) if err != nil { return "", err } return base64.URLEncoding.EncodeToString(b), nil } var errSessionExpired = errors.New("session expired") // AuthError wraps an authentication error. type AuthError struct { cause error } func (err AuthError) Error() string { return fmt.Sprintf("authentication failed: %v", err.cause) } // Session is an active user session. It may also hold an IMAP connection. type Session struct { manager *SessionManager username, password string token string closed chan struct{} pings chan struct{} timer *time.Timer locker sync.Mutex imapConn *imapclient.Client // protected by locker, can be nil } func (s *Session) ping() { s.pings <- struct{}{} } // Do executes an IMAP operation on this session. The IMAP client can only be // used from inside f. func (s *Session) Do(f func(*imapclient.Client) error) error { s.locker.Lock() defer s.locker.Unlock() if s.imapConn == nil { var err error s.imapConn, err = s.manager.connect(s.username, s.password) if err != nil { s.Close() return fmt.Errorf("failed to re-connect to IMAP server: %v", err) } } return f(s.imapConn) } // Close destroys the session. This can be used to log the user out. func (s *Session) Close() { select { case <-s.closed: // This space is intentionally left blank default: close(s.closed) } } // SessionManager keeps track of active sessions. It connects and re-connects // to the upstream IMAP server as necessary. It prunes expired sessions. type SessionManager struct { newIMAPClient func() (*imapclient.Client, error) locker sync.Mutex sessions map[string]*Session // protected by locker } func newSessionManager(newIMAPClient func() (*imapclient.Client, error)) *SessionManager { return &SessionManager{ sessions: make(map[string]*Session), newIMAPClient: newIMAPClient, } } func (sm *SessionManager) connect(username, password string) (*imapclient.Client, error) { c, err := sm.newIMAPClient() if err != nil { return nil, err } if err := c.Login(username, password); err != nil { c.Logout() return nil, AuthError{err} } return c, nil } func (sm *SessionManager) get(token string) (*Session, error) { sm.locker.Lock() defer sm.locker.Unlock() session, ok := sm.sessions[token] if !ok { return nil, errSessionExpired } return session, nil } // Put connects to the IMAP server and creates a new session. If authentication // fails, the error will be of type AuthError. func (sm *SessionManager) Put(username, password string) (*Session, error) { c, err := sm.connect(username, password) if err != nil { return nil, err } sm.locker.Lock() defer sm.locker.Unlock() var token string for { var err error token, err = generateToken() if err != nil { c.Logout() return nil, err } if _, ok := sm.sessions[token]; !ok { break } } s := &Session{ manager: sm, closed: make(chan struct{}), pings: make(chan struct{}, 5), imapConn: c, username: username, password: password, token: token, } sm.sessions[token] = s go func() { timer := time.NewTimer(sessionDuration) alive := true for alive { var loggedOut <-chan struct{} s.locker.Lock() if s.imapConn != nil { loggedOut = s.imapConn.LoggedOut() } s.locker.Unlock() select { case <-loggedOut: s.locker.Lock() s.imapConn = nil s.locker.Unlock() case <-s.pings: if !timer.Stop() { <-timer.C } timer.Reset(sessionDuration) case <-timer.C: alive = false case <-s.closed: alive = false } } if !timer.Stop() { <-timer.C } s.locker.Lock() if s.imapConn != nil { s.imapConn.Logout() } s.locker.Unlock() sm.locker.Lock() delete(sm.sessions, token) sm.locker.Unlock() }() return s, nil }