login reuse session tested.

apiV1login.go

@@ -30,7 +30,8 @@ func apiV1Login(w http.ResponseWriter, r *http.Request, ss *loan.Session) {
 		return
 	}
 
-	e = ss.Login(l.user, l.pass)
+	trial := loan.Session{}
+	u, e := trial.Login(l.user, l.pass)
 	if e == sql.ErrNoRows { //not found
 		log.Warnf("Failed login - user not found %+v, error=%s", l, e.Error())
 		res.add("login", false)
@@ -45,10 +46,16 @@ func apiV1Login(w http.ResponseWriter, r *http.Request, ss *loan.Session) {
 		return
 	}
 	//log in user
-	ss.InitForUser(ss.User, time.Now().Add(loan.DefaultSessionDuration))
+	if u.Id == ss.User {
+		ss.RenewIfExpireSoon()
+	} else {
+		ss.InitForUser(ss.User, time.Now().Add(loan.DefaultSessionDuration))
+	}
+
 	res.add("auth", ss.Token)
 	res.add("session_id", ss.Id)
-	res.add("session_expire", ss.Expire.Format(time.RFC1123))
+	res.add("session_expire", ss.ExpireStr())
+	res.add("session_expire_human", ss.Expire.Format(time.RFC1123Z))
 	res.add("session_user", ss.User)
 	res.add("buser", ss.User)
 	res.add("bpass", ss.CheckSum())

apiv1.go

@@ -3,6 +3,7 @@ package main
 import (
 	"biukop/sfm/loan"
 	"database/sql"
+	"encoding/json"
 	"fmt"
 	log "github.com/sirupsen/logrus"
 	"net/http"
@@ -33,12 +34,11 @@ func apiV1Main(w http.ResponseWriter, r *http.Request) {
 	//try session login first, if not an empty session will be created
 	session, e := apiV1InitSession(r)
 	if e != nil {
-		log.Warn("Fail to InitSession %+v", session)
-		apiV1ServerError(w, r)
+		log.Warnf("Fail to InitSession %+v", session)
+		apiV1Client403Error(w, r)
 		return
 	}
 	session.RenewIfExpireSoon()
-	session.SetRemote(r)
 
 	//we have a session now, either guest or valid user
 	//search through handler
@@ -64,14 +64,16 @@ func apiV1InitSession(r *http.Request) (session loan.Session, e error) {
 	if e == nil { //we got existing session
 		e = session.ValidateRequest(r)
 		if e != nil { // not successfully validated
-			log.Warn("failed session login %+v, %s", session, time.Now().Format("RFC1132"))
+			log.Warnf("failed session login %+v, %s", session, time.Now().Format(time.RFC1123))
+			session.InitGuest(time.Now().Add(loan.DefaultSessionDuration))
+			e = nil
 		} //else, we have logged this user in
 	} else if e == sql.ErrNoRows {
 		log.Warn("DB has no corresponding session ", sid)
 		session.InitGuest(time.Now().Add(loan.DefaultSessionDuration))
 		e = nil //we try to init an empty one
 	} else {
-		log.Warn("Retrieve Session %s encountered error %s", sid, e.Error())
+		log.Warnf("Retrieve Session %s encountered error %s", sid, e.Error())
 	}
 	session.SetRemote(r) //make sure they are using latest remote
 	return
@@ -83,13 +85,29 @@ func apiV1ErrorCheck(e error) {
 	}
 }
 
-func apiV1ServerError(w http.ResponseWriter, r *http.Request) {
+func apiV1Server500Error(w http.ResponseWriter, r *http.Request) {
 
 	w.WriteHeader(500)
-	fmt.Fprintf(w, "Server Internal Error  "+time.Now().Format("RFC1132"))
+	fmt.Fprintf(w, "Server Internal Error  "+time.Now().Format(time.RFC1123))
 
 	//write log
 	dump := logRequestDebug(httputil.DumpRequest(r, true))
 	dump = strings.TrimSpace(dump)
-	log.Warn("Unhandled Protocol = %s path= %s", r.Method, r.URL.Path)
+	log.Warnf("Unhandled Protocol = %s path= %s", r.Method, r.URL.Path)
+}
+
+func apiV1Client403Error(w http.ResponseWriter, r *http.Request) {
+	w.WriteHeader(403)
+	type struct403 struct {
+		Error    int
+		ErrorMsg string
+	}
+	e403 := struct403{Error: 403, ErrorMsg: "Not Authorized " + time.Now().Format(time.RFC1123)}
+	msg403, _ := json.Marshal(e403)
+	fmt.Fprintln(w, string(msg403))
+
+	//write log
+	dump := logRequestDebug(httputil.DumpRequest(r, true))
+	dump = strings.TrimSpace(dump)
+	log.Warnf("Not authorized   http(%s) path= %s, %s", r.Method, r.URL.Path, dump)
 }

go.sum

@@ -2,12 +2,15 @@ github.com/VividCortex/mysqlerr v0.0.0-20201215173831-4c396ae82aac h1:4w4jPA8uNK
 github.com/VividCortex/mysqlerr v0.0.0-20201215173831-4c396ae82aac/go.mod h1:f3HiCrHjHBdcm6E83vGaXh1KomZMA2P6aeo3hKx/wg0=
 github.com/brianvoe/gofakeit/v6 v6.0.1 h1:U8cuIYQQaIQBEloSbTk1hs5v5aDkoZHVq/pljqNA9qM=
 github.com/brianvoe/gofakeit/v6 v6.0.1/go.mod h1:palrJUk4Fyw38zIFB/uBZqsgzW5VsNllhHKKwAebzew=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=