diff --git a/apiV1login.go b/apiV1login.go index d78733f..a6d0e2c 100644 --- a/apiV1login.go +++ b/apiV1login.go @@ -30,7 +30,8 @@ func apiV1Login(w http.ResponseWriter, r *http.Request, ss *loan.Session) { return } - e = ss.Login(l.user, l.pass) + trial := loan.Session{} + u, e := trial.Login(l.user, l.pass) if e == sql.ErrNoRows { //not found log.Warnf("Failed login - user not found %+v, error=%s", l, e.Error()) res.add("login", false) @@ -45,10 +46,16 @@ func apiV1Login(w http.ResponseWriter, r *http.Request, ss *loan.Session) { return } //log in user - ss.InitForUser(ss.User, time.Now().Add(loan.DefaultSessionDuration)) + if u.Id == ss.User { + ss.RenewIfExpireSoon() + } else { + ss.InitForUser(ss.User, time.Now().Add(loan.DefaultSessionDuration)) + } + res.add("auth", ss.Token) res.add("session_id", ss.Id) - res.add("session_expire", ss.Expire.Format(time.RFC1123)) + res.add("session_expire", ss.ExpireStr()) + res.add("session_expire_human", ss.Expire.Format(time.RFC1123Z)) res.add("session_user", ss.User) res.add("buser", ss.User) res.add("bpass", ss.CheckSum()) diff --git a/apiv1.go b/apiv1.go index 4cbc0c2..b82c103 100644 --- a/apiv1.go +++ b/apiv1.go @@ -3,6 +3,7 @@ package main import ( "biukop/sfm/loan" "database/sql" + "encoding/json" "fmt" log "github.com/sirupsen/logrus" "net/http" @@ -33,12 +34,11 @@ func apiV1Main(w http.ResponseWriter, r *http.Request) { //try session login first, if not an empty session will be created session, e := apiV1InitSession(r) if e != nil { - log.Warn("Fail to InitSession %+v", session) - apiV1ServerError(w, r) + log.Warnf("Fail to InitSession %+v", session) + apiV1Client403Error(w, r) return } session.RenewIfExpireSoon() - session.SetRemote(r) //we have a session now, either guest or valid user //search through handler @@ -64,14 +64,16 @@ func apiV1InitSession(r *http.Request) (session loan.Session, e error) { if e == nil { //we got existing session e = session.ValidateRequest(r) if e != nil { // not successfully validated - log.Warn("failed session login %+v, %s", session, time.Now().Format("RFC1132")) + log.Warnf("failed session login %+v, %s", session, time.Now().Format(time.RFC1123)) + session.InitGuest(time.Now().Add(loan.DefaultSessionDuration)) + e = nil } //else, we have logged this user in } else if e == sql.ErrNoRows { log.Warn("DB has no corresponding session ", sid) session.InitGuest(time.Now().Add(loan.DefaultSessionDuration)) e = nil //we try to init an empty one } else { - log.Warn("Retrieve Session %s encountered error %s", sid, e.Error()) + log.Warnf("Retrieve Session %s encountered error %s", sid, e.Error()) } session.SetRemote(r) //make sure they are using latest remote return @@ -83,13 +85,29 @@ func apiV1ErrorCheck(e error) { } } -func apiV1ServerError(w http.ResponseWriter, r *http.Request) { +func apiV1Server500Error(w http.ResponseWriter, r *http.Request) { w.WriteHeader(500) - fmt.Fprintf(w, "Server Internal Error "+time.Now().Format("RFC1132")) + fmt.Fprintf(w, "Server Internal Error "+time.Now().Format(time.RFC1123)) //write log dump := logRequestDebug(httputil.DumpRequest(r, true)) dump = strings.TrimSpace(dump) - log.Warn("Unhandled Protocol = %s path= %s", r.Method, r.URL.Path) + log.Warnf("Unhandled Protocol = %s path= %s", r.Method, r.URL.Path) +} + +func apiV1Client403Error(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(403) + type struct403 struct { + Error int + ErrorMsg string + } + e403 := struct403{Error: 403, ErrorMsg: "Not Authorized " + time.Now().Format(time.RFC1123)} + msg403, _ := json.Marshal(e403) + fmt.Fprintln(w, string(msg403)) + + //write log + dump := logRequestDebug(httputil.DumpRequest(r, true)) + dump = strings.TrimSpace(dump) + log.Warnf("Not authorized http(%s) path= %s, %s", r.Method, r.URL.Path, dump) } diff --git a/go.sum b/go.sum index cba2ba3..5bd02a7 100644 --- a/go.sum +++ b/go.sum @@ -2,12 +2,15 @@ github.com/VividCortex/mysqlerr v0.0.0-20201215173831-4c396ae82aac h1:4w4jPA8uNK github.com/VividCortex/mysqlerr v0.0.0-20201215173831-4c396ae82aac/go.mod h1:f3HiCrHjHBdcm6E83vGaXh1KomZMA2P6aeo3hKx/wg0= github.com/brianvoe/gofakeit/v6 v6.0.1 h1:U8cuIYQQaIQBEloSbTk1hs5v5aDkoZHVq/pljqNA9qM= github.com/brianvoe/gofakeit/v6 v6.0.1/go.mod h1:palrJUk4Fyw38zIFB/uBZqsgzW5VsNllhHKKwAebzew= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=