Skip to content
Snippets Groups Projects
Commit 98c10af4 authored by Christian Pointner's avatar Christian Pointner
Browse files

auth: allow static sessions that don't expire

parent cc5263ff
No related branches found
No related tags found
No related merge requests found
......@@ -171,6 +171,10 @@ func deleteSession(c *gin.Context) {
sendHTTPInvalidSessionResponse(c)
return
}
if s.isStatic {
c.JSON(http.StatusUnauthorized, HTTPErrorResponse{"static sessions cannot be logged-out."})
return
}
s.setState(SessionStateLoggedOut)
c.JSON(http.StatusOK, "you are now logged out")
}
......
......@@ -29,8 +29,17 @@ import (
"time"
)
type StaticSessionConfig struct {
Secret string `json:"secret" yaml:"secret" toml:"secret"`
// TODO: move this to sperate struct and embed this here ... (why does this not work with json.Decode?)
ReadOnly bool `json:"readonly" yaml:"readonly" toml:"readonly"`
AllShows bool `json:"all-shows" yaml:"all-shows" toml:"all-shows"`
Shows []string `json:"shows" yaml:"shows" toml:"shows"`
}
type SessionsConfig struct {
MaxAge time.Duration `json:"max-age" yaml:"max-age" toml:"max-age"`
MaxAge time.Duration `json:"max-age" yaml:"max-age" toml:"max-age"`
Static map[string]*StaticSessionConfig `json:"static" yaml:"static" toml:"static"`
}
type OIDCConfig struct {
......@@ -42,7 +51,8 @@ type OIDCConfig struct {
}
type PasswdUserConfig struct {
Password string `json:"password" yaml:"password" toml:"password"`
Password string `json:"password" yaml:"password" toml:"password"`
// TODO: move this to sperate struct and embed this here ... (why does this not work with json.Decode?)
ReadOnly bool `json:"readonly" yaml:"readonly" toml:"readonly"`
AllShows bool `json:"all-shows" yaml:"all-shows" toml:"all-shows"`
Shows []string `json:"shows" yaml:"shows" toml:"shows"`
......@@ -55,6 +65,11 @@ type Config struct {
}
func (c *Config) ExpandEnv() {
if c.Sessions.Static != nil {
for name := range c.Sessions.Static {
c.Sessions.Static[name].Secret = os.ExpandEnv(c.Sessions.Static[name].Secret)
}
}
if c.OIDC != nil {
c.OIDC.IssuerURL = os.ExpandEnv(c.OIDC.IssuerURL)
c.OIDC.ClientID = os.ExpandEnv(c.OIDC.ClientID)
......
......@@ -84,11 +84,12 @@ func (s SessionState) MarshalText() (data []byte, err error) {
}
type Session struct {
id string
secret string
state SessionState
ctx context.Context
cancel context.CancelFunc
isStatic bool
id string
secret string
state SessionState
ctx context.Context
cancel context.CancelFunc
oidc *OIDCSession
......@@ -268,6 +269,19 @@ func NewSessionManager(c SessionsConfig) (sm *SessionManager, err error) {
sm.maxAge = c.MaxAge
}
sm.sessions = make(map[string]*Session)
if c.Static != nil {
for name, value := range c.Static {
s := &Session{id: name, secret: value.Secret, state: SessionStateLoggedIn}
s.isStatic = true
s.ctx = context.Background()
s.Username = name
s.ReadOnly = value.ReadOnly
s.AllShows = value.AllShows
s.Shows = value.Shows
sm.sessions[s.id] = s
}
}
go sm.runMaintenance()
return
}
......
......@@ -33,6 +33,11 @@ importer:
# sessions:
# ## defaults to 24h
# max-age: 12h
# static:
# engine:
# secret: ${AURA_ENGINE_SECRET}
# readonly: true
# all-shows: true
# oidc:
# issuer-url: http://localhost:8000/openid
# client-id: ${OIDC_CLIENT_ID}
......@@ -43,10 +48,6 @@ importer:
# admin:
# password: ${ADMIN_PASSWORD}
# all-shows: true
# engine:
# password: rather-secret
# readonly: true
# all-shows: true
# hugo:
# password: changeme
# readonly: true
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment