-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathseshcookie.go
322 lines (272 loc) · 8.33 KB
/
seshcookie.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
// Copyright 2017 Bobby Powers. All rights reserved.
// Use of this source code is governed by the MIT
// license that can be found in the LICENSE file.
package seshcookie
import (
"bufio"
"bytes"
"context"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"crypto/sha256"
"encoding/base64"
"encoding/gob"
"fmt"
"io"
"log"
"net"
"net/http"
"sync/atomic"
"time"
)
type contextKey int
const (
sessionKey contextKey = 0
gobHashKey contextKey = 1
// we want 16 byte blocks, for AES-128
blockSize = 16
gcmNonceSize = 12
)
const defaultCookieName = "session"
var (
// DefaultConfig is used as the configuration if a nil config
// is passed to NewHandler
DefaultConfig = &Config{
CookieName: defaultCookieName, // "session"
CookiePath: "/",
HTTPOnly: true,
Secure: true,
}
)
// Session is simply a map of keys to arbitrary values, with the
// restriction that the value must be GOB-encodable.
type Session map[string]interface{}
type responseWriter struct {
http.ResponseWriter
h *Handler
req *http.Request
// int32 so we can use the sync/atomic functions on it
wroteHeader int32
}
// Config provides directives to a seshcookie instance on cookie
// attributes, like if they are accessible from JavaScript and/or only
// set on HTTPS connections.
type Config struct {
CookieName string // name of the cookie to store our session in
CookiePath string // resource path the cookie is valid for
HTTPOnly bool // don't allow JavaScript to access cookie
Secure bool // only send session over HTTPS
}
// Handler is the seshcookie HTTP handler that provides a Session
// object to child handlers.
type Handler struct {
http.Handler
Config Config
encKey []byte
}
// GetSession is a wrapper to grab the seshcookie Session out of a Context.
//
// By only providing a 'Get' API, we ensure that clients can't
// mistakenly set something unexpected on the given context in place
// of the session.
func GetSession(ctx context.Context) Session {
return ctx.Value(sessionKey).(Session)
}
func encodeGob(obj interface{}) ([]byte, error) {
buf := bytes.NewBuffer(nil)
enc := gob.NewEncoder(buf)
err := enc.Encode(obj)
if err != nil {
return nil, err
}
return buf.Bytes(), nil
}
func decodeGob(encoded []byte) (Session, error) {
buf := bytes.NewBuffer(encoded)
dec := gob.NewDecoder(buf)
var out Session
err := dec.Decode(&out)
if err != nil {
return nil, err
}
return out, nil
}
// encodeCookie encodes a gob-encodable piece of content into a base64
// encoded string, using AES-GCM mode for authenticated encryption.
//
// Go documentation suggests to never encode more than 2^32 cookies,
// due to the risk of nonce-collision.
func encodeCookie(content interface{}, encKey []byte) (string, []byte, error) {
plaintext, err := encodeGob(content)
if err != nil {
return "", nil, err
}
// we want to record a hash of the serialized session to know
// if the contents of the cookie changed. As we use a unique
// nonce per encryption, we need to hash the plaintext as it
// is before being passed through AES-GCM
gobHash := sha256.New()
gobHash.Write(plaintext)
block, err := aes.NewCipher(encKey)
if err != nil {
return "", nil, fmt.Errorf("aes.NewCipher: %s", err)
}
if block.BlockSize() != blockSize {
return "", nil, fmt.Errorf("block size assumption mismatch")
}
nonce := make([]byte, gcmNonceSize)
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
return "", nil, fmt.Errorf("io.ReadFull(rand.Reader): %s", err)
}
aeadCipher, err := cipher.NewGCM(block)
if err != nil {
return "", nil, fmt.Errorf("cipher.NewGCM: %s", err)
}
ciphertext := aeadCipher.Seal(nonce, nonce, plaintext, nil)
return base64.StdEncoding.EncodeToString(ciphertext), gobHash.Sum(nil), nil
}
// decodeCookie decrypts a base64-encoded cookie using AES-GCM for
// authenticated decryption.
func decodeCookie(encoded string, encKey []byte) (Session, []byte, error) {
cookie, err := base64.StdEncoding.DecodeString(encoded)
if err != nil {
return nil, nil, err
}
block, err := aes.NewCipher(encKey)
if err != nil {
return nil, nil, fmt.Errorf("aes.NewCipher: %s", err)
}
if len(cookie) < block.BlockSize() {
return nil, nil, fmt.Errorf("expected ciphertext(%d) to be bigger than blockSize", len(cookie))
}
// split the cookie data
nonce, ciphertext := cookie[:gcmNonceSize], cookie[gcmNonceSize:]
aeadCipher, err := cipher.NewGCM(block)
if err != nil {
return nil, nil, fmt.Errorf("cipher.NewGCM: %s", err)
}
plaintext, err := aeadCipher.Open(nil, nonce, ciphertext, nil)
if err != nil {
return nil, nil, fmt.Errorf("aeadCipher.Open: %s", err)
}
gobHash := sha256.New()
gobHash.Write(plaintext)
session, err := decodeGob(plaintext)
if err != nil {
return nil, nil, fmt.Errorf("decodeGob: %s", err)
}
return session, gobHash.Sum(nil), nil
}
func (s *responseWriter) Write(data []byte) (int, error) {
if atomic.LoadInt32(&s.wroteHeader) == 0 {
s.WriteHeader(http.StatusOK)
}
return s.ResponseWriter.Write(data)
}
func (s *responseWriter) writeCookie() {
origCookieVal := ""
if origCookie, err := s.req.Cookie(s.h.Config.CookieName); err == nil {
origCookieVal = origCookie.Value
}
session := s.req.Context().Value(sessionKey).(Session)
if len(session) == 0 {
// if we have an empty session, but the user's cookie
// was non-empty, we need to clear out the users
// cookie.
if origCookieVal != "" {
//log.Println("clearing cookie")
var cookie http.Cookie
cookie.Name = s.h.Config.CookieName
cookie.Value = ""
cookie.Path = "/"
// a cookie is expired by setting it
// with an expiration time in the past
cookie.Expires = time.Unix(0, 0).UTC()
http.SetCookie(s, &cookie)
}
return
}
encoded, gobHash, err := encodeCookie(session, s.h.encKey)
if err != nil {
log.Printf("encodeCookie: %s\n", err)
return
}
if bytes.Equal(gobHash, s.req.Context().Value(gobHashKey).([]byte)) {
// log.Println("not re-setting identical cookie")
return
}
var cookie http.Cookie
cookie.Name = s.h.Config.CookieName
cookie.Value = encoded
cookie.Path = s.h.Config.CookiePath
cookie.HttpOnly = s.h.Config.HTTPOnly
cookie.Secure = s.h.Config.Secure
http.SetCookie(s, &cookie)
}
func (s *responseWriter) WriteHeader(code int) {
// TODO: this is racey if WriteHeader is called from 2
// different goroutines. I think so is the underlying
// ResponseWriter from net.http, but it is worth checking.
if atomic.AddInt32(&s.wroteHeader, 1) == 1 {
s.writeCookie()
}
s.ResponseWriter.WriteHeader(code)
}
func (s *responseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
// TODO: support hijacking with atomic flags
return nil, nil, fmt.Errorf("seshcookie doesn't support hijacking")
}
func (h *Handler) getCookieSession(req *http.Request) (Session, []byte) {
cookie, err := req.Cookie(h.Config.CookieName)
if err != nil {
//log.Printf("getCookieSesh: '%#v' not found\n",
// h.Config.CookieName)
return Session{}, nil
}
session, gobHash, err := decodeCookie(cookie.Value, h.encKey)
if err != nil {
// this almost always just means that the user doesn't
// have a valid login.
//log.Printf("decodeCookie: %s\n", err)
return Session{}, nil
}
return session, gobHash
}
func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
// get our session a little early, so that we can add our
// authentication information to it if we get some
session, gobHash := h.getCookieSession(req)
// store both the session and gobHash on this request's context
ctx := req.Context()
ctx = context.WithValue(ctx, sessionKey, session)
ctx = context.WithValue(ctx, gobHashKey, gobHash)
req = req.WithContext(ctx)
sessionWriter := &responseWriter{rw, h, req, 0}
h.Handler.ServeHTTP(sessionWriter, req)
}
// NewHandler creates a new seshcookie Handler with a given encryption
// key and configuration.
func NewHandler(handler http.Handler, key string, config *Config) *Handler {
if key == "" {
panic("don't use an empty key")
}
// sha256 sums are 32 bytes long. we use the first 16 bytes as
// the aes key.
encHash := sha256.New()
encHash.Write([]byte(key))
encHash.Write([]byte("-seshcookie-encryption"))
// if the user hasn't specified a config, use the package's
// default one
if config == nil {
config = DefaultConfig
}
if config.CookieName == "" {
config.CookieName = defaultCookieName
}
return &Handler{
Handler: handler,
Config: *config,
encKey: encHash.Sum(nil)[:blockSize],
}
}