From f16c70d2de785c28b934ee2fcf665763d8228f71 Mon Sep 17 00:00:00 2001 From: sp Date: Mon, 1 Mar 2021 02:10:59 +1100 Subject: [PATCH] bigfix tracking cookie , only sent right before we try to handle each request. --- apiV1login.go | 14 +++++++++++--- apiv1.go | 16 +++++++++++++--- main.go | 1 + 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/apiV1login.go b/apiV1login.go index 4487c05..33319c5 100644 --- a/apiV1login.go +++ b/apiV1login.go @@ -47,12 +47,19 @@ func apiV1Login(w http.ResponseWriter, r *http.Request, ss *loan.Session) { } //log in user if u.Id == ss.User { - *ss = trial //we are the same + e = ss.LogInUser(u.Id) + if e != nil { + log.Error("Cannot Load authenticated user:", u.Id) + apiV1Server500Error(w, r) + return + } } else if !ss.IsEmpty() { - ss.ReuseAsUser(u.Id, ss.Expire) + ss.InitForUser(u.Id, time.Now().Add(loan.DefaultSessionDuration)) } else { - ss.InitForUser(ss.User, time.Now().Add(loan.DefaultSessionDuration)) + ss.InitForUser(u.Id, time.Now().Add(loan.DefaultSessionDuration)) } + //enforce machine id + ss.Add("mid", apiV1GetMachineId(r)) res.add("auth", ss.Token) res.add("session_id", ss.Id) @@ -61,6 +68,7 @@ func apiV1Login(w http.ResponseWriter, r *http.Request, ss *loan.Session) { res.add("session_user", ss.User) res.add("buser", ss.User) res.add("bpass", ss.CheckSum()) + res.add("mid", ss.Get("mid")) //send out res.sendJson(w) } diff --git a/apiv1.go b/apiv1.go index 2d8ed08..f4528a5 100644 --- a/apiv1.go +++ b/apiv1.go @@ -45,7 +45,9 @@ func apiV1Main(w http.ResponseWriter, r *http.Request) { return } session.RenewIfExpireSoon() - session.SetRemote(r) //make sure they are using latest remote + session.SetRemote(r) //make sure they are using latest remote + session.Add("mid", apiV1GetMachineId(r)) //set machine id + apiV1AddTrackingCookie(w, r, &session) // add tracking cookie to client //we have a session now, either guest or valid user //search through handler @@ -66,7 +68,7 @@ func apiV1Main(w http.ResponseWriter, r *http.Request) { apiV1DumpRequest(w, r, &session) } -func apiV1InitSessionByBrowserId(w http.ResponseWriter, r *http.Request, session *loan.Session) { +func apiV1GetMachineId(r *http.Request) string { var mid string inCookie, e := r.Cookie("mid") if e == nil { @@ -74,9 +76,14 @@ func apiV1InitSessionByBrowserId(w http.ResponseWriter, r *http.Request, session } else { mid = strconv.Itoa(int(time.Now().Unix())) + "-" + gofakeit.UUID() } + return mid +} + +func apiV1InitSessionByBrowserId(w http.ResponseWriter, r *http.Request, session *loan.Session) { + mid := apiV1GetMachineId(r) var sid string - inCookie, e = r.Cookie("session") + inCookie, e := r.Cookie("session") if e == nil { sid = inCookie.Value if sid != "" { @@ -91,12 +98,15 @@ func apiV1InitSessionByBrowserId(w http.ResponseWriter, r *http.Request, session session.Add("mid", mid) } } +} +func apiV1AddTrackingCookie(w http.ResponseWriter, r *http.Request, session *loan.Session) { //add tracking cookie expiration := time.Now().Add(365 * 24 * time.Hour) cookie := http.Cookie{Name: "session", Value: session.Id, Expires: expiration} http.SetCookie(w, &cookie) + mid := apiV1GetMachineId(r) cookie = http.Cookie{Name: "mid", Value: mid, Expires: expiration} http.SetCookie(w, &cookie) diff --git a/main.go b/main.go index 7fa5320..e173dfc 100644 --- a/main.go +++ b/main.go @@ -79,6 +79,7 @@ func apiV1DumpRequest(w http.ResponseWriter, r *http.Request, ss *loan.Session) ar.Env.Session.Bin = []byte("masked data") //clear ar.Env.Session.Secret = "***********" ar.add("Body", dumpLines) + ar.add("mid", ss.Get("mid")) b, _ := ar.toJson() fmt.Fprintf(w, "%s\n", b) }