auth: allow static sessions that don't expire

98c10af4 · Christian Pointner · cc5263ff · 98c10af4 · 98c10af4 · 98c10af4
Commit 98c10af4 authored 5 years ago by Christian Pointner
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -171,6 +171,10 @@ func deleteSession(c *gin.Context) {
 		sendHTTPInvalidSessionResponse(c)
 		return
 	}
+	if s.isStatic {
+	 	c.JSON(http.StatusUnauthorized, HTTPErrorResponse{"static sessions cannot be logged-out."})
+	 	return
+	}
 	s.setState(SessionStateLoggedOut)
 	c.JSON(http.StatusOK, "you are now logged out")
 }

--- a/auth/config.go
+++ b/auth/config.go
@@ -29,8 +29,17 @@ import (
 	"time"
 )

+type StaticSessionConfig struct {
+	Secret string `json:"secret" yaml:"secret" toml:"secret"`
+	// TODO: move this to sperate struct and embed this here ... (why does this not work with json.Decode?)
+	ReadOnly bool     `json:"readonly" yaml:"readonly" toml:"readonly"`
+	AllShows bool     `json:"all-shows" yaml:"all-shows" toml:"all-shows"`
+	Shows    []string `json:"shows" yaml:"shows" toml:"shows"`
+}
+
 type SessionsConfig struct {
-	MaxAge time.Duration `json:"max-age" yaml:"max-age" toml:"max-age"`
+	MaxAge time.Duration                   `json:"max-age" yaml:"max-age" toml:"max-age"`
+	Static map[string]*StaticSessionConfig `json:"static" yaml:"static" toml:"static"`
 }

 type OIDCConfig struct {
@@ -42,7 +51,8 @@ type OIDCConfig struct {
 }

 type PasswdUserConfig struct {
-	Password string   `json:"password" yaml:"password" toml:"password"`
+	Password string `json:"password" yaml:"password" toml:"password"`
+	// TODO: move this to sperate struct and embed this here ... (why does this not work with json.Decode?)
 	ReadOnly bool     `json:"readonly" yaml:"readonly" toml:"readonly"`
 	AllShows bool     `json:"all-shows" yaml:"all-shows" toml:"all-shows"`
 	Shows    []string `json:"shows" yaml:"shows" toml:"shows"`
@@ -55,6 +65,11 @@ type Config struct {
 }

 func (c *Config) ExpandEnv() {
+	if c.Sessions.Static != nil {
+		for name := range c.Sessions.Static {
+			c.Sessions.Static[name].Secret = os.ExpandEnv(c.Sessions.Static[name].Secret)
+		}
+	}
 	if c.OIDC != nil {
 		c.OIDC.IssuerURL = os.ExpandEnv(c.OIDC.IssuerURL)
 		c.OIDC.ClientID = os.ExpandEnv(c.OIDC.ClientID)

--- a/auth/sessions.go
+++ b/auth/sessions.go
@@ -84,11 +84,12 @@ func (s SessionState) MarshalText() (data []byte, err error) {
 }

 type Session struct {
-	id     string
-	secret string
-	state  SessionState
-	ctx    context.Context
-	cancel context.CancelFunc
+	isStatic bool
+	id       string
+	secret   string
+	state    SessionState
+	ctx      context.Context
+	cancel   context.CancelFunc

 	oidc *OIDCSession

@@ -268,6 +269,19 @@ func NewSessionManager(c SessionsConfig) (sm *SessionManager, err error) {
 		sm.maxAge = c.MaxAge
 	}
 	sm.sessions = make(map[string]*Session)
+	if c.Static != nil {
+		for name, value := range c.Static {
+			s := &Session{id: name, secret: value.Secret, state: SessionStateLoggedIn}
+			s.isStatic = true
+			s.ctx = context.Background()
+			s.Username = name
+			s.ReadOnly = value.ReadOnly
+			s.AllShows = value.AllShows
+			s.Shows = value.Shows
+			sm.sessions[s.id] = s
+		}
+	}
+
 	go sm.runMaintenance()
 	return
 }

--- a/contrib/sample-cfg.yaml
+++ b/contrib/sample-cfg.yaml
@@ -33,6 +33,11 @@ importer:
 #   sessions:
 #     ## defaults to 24h
 #     max-age: 12h
+#     static:
+#       engine:
+#         secret: ${AURA_ENGINE_SECRET}
+#         readonly: true
+#         all-shows: true
 #   oidc:
 #     issuer-url: http://localhost:8000/openid
 #     client-id: ${OIDC_CLIENT_ID}
@@ -43,10 +48,6 @@ importer:
 #     admin:
 #       password: ${ADMIN_PASSWORD}
 #       all-shows: true
-#     engine:
-#       password: rather-secret
-#       readonly: true
-#       all-shows: true
 #     hugo:
 #       password: changeme
 #       readonly: true