oauth2-proxy/pkg/sessions/persistence/manager.go

package persistence

import (
	"context"
	"fmt"
	"net/http"
	"time"

	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
)

// Manager wraps a Store and handles the implementation details of the
// sessions.SessionStore with its use of session tickets
type Manager struct {
	Store   Store
	Options *options.Cookie
}

// NewManager creates a Manager that can wrap a Store and manage the
// sessions.SessionStore implementation details
func NewManager(store Store, cookieOpts *options.Cookie) *Manager {
	return &Manager{
		Store:   store,
		Options: cookieOpts,
	}
}

// Save saves a session in a persistent Store. Save will generate (or reuse an
// existing) ticket which manages unique per session encryption & retrieval
// from the persistent data store.
func (m *Manager) Save(rw http.ResponseWriter, req *http.Request, s *sessions.SessionState) error {
	if s.CreatedAt == nil || s.CreatedAt.IsZero() {
		s.CreatedAtNow()
	}

	tckt, err := decodeTicketFromRequest(req, m.Options)
	if err != nil {
		tckt, err = newTicket(m.Options)
		if err != nil {
			return fmt.Errorf("error creating a session ticket: %v", err)
		}
	}

	err = tckt.saveSession(s, func(key string, val []byte, exp time.Duration) error {
		return m.Store.Save(req.Context(), key, val, exp)
	})
	if err != nil {
		return err
	}

	return tckt.setCookie(rw, req, s)
}

// Load reads sessions.SessionState information from a session store. It will
// use the session ticket from the http.Request's cookie.
func (m *Manager) Load(req *http.Request) (*sessions.SessionState, error) {
	tckt, err := decodeTicketFromRequest(req, m.Options)
	if err != nil {
		return nil, err
	}

	return tckt.loadSession(
		func(key string) ([]byte, error) {
			return m.Store.Load(req.Context(), key)
		},
		m.Store.Lock,
	)
}

// Clear clears any saved session information for a given ticket cookie.
// Then it clears all session data for that ticket in the Store.
func (m *Manager) Clear(rw http.ResponseWriter, req *http.Request) error {
	tckt, err := decodeTicketFromRequest(req, m.Options)
	if err != nil {
		// Always clear the cookie, even when we can't load a cookie from
		// the request
		tckt = &ticket{
			options: m.Options,
		}
		tckt.clearCookie(rw, req)
		// Don't raise an error if we didn't have a Cookie
		if err == http.ErrNoCookie {
			return nil
		}
		return fmt.Errorf("error decoding ticket to clear session: %v", err)
	}

	tckt.clearCookie(rw, req)
	return tckt.clearSession(func(key string) error {
		return m.Store.Clear(req.Context(), key)
	})
}

// VerifyConnection validates the underlying store is ready and connected
func (m *Manager) VerifyConnection(ctx context.Context) error {
	return m.Store.VerifyConnection(ctx)
}
Centralize Ticket management of persistent stores (#682) * Centralize Ticket management of persistent stores persistence package with Manager & Ticket will handle all the details about keys, secrets, ticket into cookies, etc. Persistent stores just need to pass Save, Load & Clear function handles to the persistent manager now. * Shift to persistence.Manager wrapping a persistence.Store * Break up the Redis client builder logic * Move error messages to Store from Manager * Convert ticket to private for Manager use only * Add persistence Manager & ticket tests * Make a custom MockStore that handles time FastForwards 2020-07-19 13:25:13 -07:00			`package persistence`

			`import (`
feat: readiness check (#1839) * feat: readiness check * fix: no need for query param * docs: add a note * chore: move the readyness check to its own endpoint * docs(cr): add godoc Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2022-12-23 11:08:12 +02:00			`"context"`
Centralize Ticket management of persistent stores (#682) * Centralize Ticket management of persistent stores persistence package with Manager & Ticket will handle all the details about keys, secrets, ticket into cookies, etc. Persistent stores just need to pass Save, Load & Clear function handles to the persistent manager now. * Shift to persistence.Manager wrapping a persistence.Store * Break up the Redis client builder logic * Move error messages to Store from Manager * Convert ticket to private for Manager use only * Add persistence Manager & ticket tests * Make a custom MockStore that handles time FastForwards 2020-07-19 13:25:13 -07:00			`"fmt"`
			`"net/http"`
			`"time"`

Fix import path for v7 (#800) * fix import path for v7 find ./ -name ".go" \| xargs sed -i -e 's\|"github.com/oauth2-proxy/oauth2-proxy\|"github.com/oauth2-proxy/oauth2-proxy/v7\|' fix module path * go mod tidy * fix installation docs * update CHANGELOG * Update CHANGELOG.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2020-09-30 01:44:42 +09:00			`"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"`
			`"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"`
Centralize Ticket management of persistent stores (#682) * Centralize Ticket management of persistent stores persistence package with Manager & Ticket will handle all the details about keys, secrets, ticket into cookies, etc. Persistent stores just need to pass Save, Load & Clear function handles to the persistent manager now. * Shift to persistence.Manager wrapping a persistence.Store * Break up the Redis client builder logic * Move error messages to Store from Manager * Convert ticket to private for Manager use only * Add persistence Manager & ticket tests * Make a custom MockStore that handles time FastForwards 2020-07-19 13:25:13 -07:00			`)`

			`// Manager wraps a Store and handles the implementation details of the`
			`// sessions.SessionStore with its use of session tickets`
			`type Manager struct {`
			`Store Store`
			`Options *options.Cookie`
			`}`

			`// NewManager creates a Manager that can wrap a Store and manage the`
			`// sessions.SessionStore implementation details`
			`func NewManager(store Store, cookieOpts options.Cookie) Manager {`
			`return &Manager{`
			`Store: store,`
			`Options: cookieOpts,`
			`}`
			`}`

			`// Save saves a session in a persistent Store. Save will generate (or reuse an`
			`// existing) ticket which manages unique per session encryption & retrieval`
			`// from the persistent data store.`
			`func (m Manager) Save(rw http.ResponseWriter, req http.Request, s *sessions.SessionState) error {`
			`if s.CreatedAt == nil \|\| s.CreatedAt.IsZero() {`
Manage session time fields centrally 2021-03-06 15:33:40 -08:00			`s.CreatedAtNow()`
Centralize Ticket management of persistent stores (#682) * Centralize Ticket management of persistent stores persistence package with Manager & Ticket will handle all the details about keys, secrets, ticket into cookies, etc. Persistent stores just need to pass Save, Load & Clear function handles to the persistent manager now. * Shift to persistence.Manager wrapping a persistence.Store * Break up the Redis client builder logic * Move error messages to Store from Manager * Convert ticket to private for Manager use only * Add persistence Manager & ticket tests * Make a custom MockStore that handles time FastForwards 2020-07-19 13:25:13 -07:00			`}`

			`tckt, err := decodeTicketFromRequest(req, m.Options)`
			`if err != nil {`
			`tckt, err = newTicket(m.Options)`
			`if err != nil {`
			`return fmt.Errorf("error creating a session ticket: %v", err)`
			`}`
			`}`

			`err = tckt.saveSession(s, func(key string, val []byte, exp time.Duration) error {`
			`return m.Store.Save(req.Context(), key, val, exp)`
			`})`
			`if err != nil {`
			`return err`
			`}`
Handle cookie signing errors 2020-07-20 18:18:17 -07:00
Attempt to log still on template errors 2020-07-20 19:29:31 -07:00			`return tckt.setCookie(rw, req, s)`
Centralize Ticket management of persistent stores (#682) * Centralize Ticket management of persistent stores persistence package with Manager & Ticket will handle all the details about keys, secrets, ticket into cookies, etc. Persistent stores just need to pass Save, Load & Clear function handles to the persistent manager now. * Shift to persistence.Manager wrapping a persistence.Store * Break up the Redis client builder logic * Move error messages to Store from Manager * Convert ticket to private for Manager use only * Add persistence Manager & ticket tests * Make a custom MockStore that handles time FastForwards 2020-07-19 13:25:13 -07:00			`}`

			`// Load reads sessions.SessionState information from a session store. It will`
			`// use the session ticket from the http.Request's cookie.`
			`func (m Manager) Load(req http.Request) (*sessions.SessionState, error) {`
			`tckt, err := decodeTicketFromRequest(req, m.Options)`
			`if err != nil {`
			`return nil, err`
			`}`

Add redis lock feature (#1063) * Add sensible logging flag to default setup for logger * Add Redis lock * Fix default value flag for sensitive logging * Split RefreshSessionIfNeeded in two methods and use Redis lock * Small adjustments to doc and code * Remove sensible logging * Fix method names in ticket.go * Revert "Fix method names in ticket.go" This reverts commit 408ba1a1a5c55a3cad507a0be8634af1977769cb. * Fix methods name in ticket.go * Remove block in Redis client get * Increase lock time to 1 second * Perform retries, if session store is locked * Reverse if condition, because it should return if session does not have to be refreshed * Update go.sum * Update MockStore * Return error if loading session fails * Fix and update tests * Change validSession to session in docs and strings * Change validSession to session in docs and strings * Fix docs * Fix wrong field name * Fix linting * Fix imports for linting * Revert changes except from locking functionality * Add lock feature on session state * Update from master * Remove errors package, because it is not used * Only pass context instead of request to lock * Use lock key * By default use NoOpLock * Remove debug output * Update ticket_test.go * Map internal error to sessions error * Add ErrLockNotObtained * Enable lock peek for all redis clients * Use lock key prefix consistent * Fix imports * Use exists method for peek lock * Fix imports * Fix imports * Fix imports * Remove own Dockerfile * Fix imports * Fix tests for ticket and session store * Fix session store test * Update pkg/apis/sessions/interfaces.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Do not wrap lock method Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Use errors package for lock constants * Use better naming for initLock function * Add comments * Add session store lock test * Fix tests * Fix tests * Fix tests * Fix tests * Add cookies after saving session * Add mock lock * Fix imports for mock_lock.go * Store mock lock for key * Apply elapsed time on mock lock * Check if lock is initially applied * Reuse existing lock * Test all lock methods * Update CHANGELOG.md * Use redis client methods in redis.lock for release an refresh * Use lock key suffix instead of prefix for lock key * Add comments for Lock interface * Update comment for Lock interface * Update CHANGELOG.md * Change LockSuffix to const * Check lock on already loaded session * Use global var for loadedSession in lock tests * Use lock instance for refreshing and releasing of lock * Update possible error type for Refresh Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2021-06-02 20:08:19 +02:00			`return tckt.loadSession(`
			`func(key string) ([]byte, error) {`
			`return m.Store.Load(req.Context(), key)`
			`},`
			`m.Store.Lock,`
			`)`
Centralize Ticket management of persistent stores (#682) * Centralize Ticket management of persistent stores persistence package with Manager & Ticket will handle all the details about keys, secrets, ticket into cookies, etc. Persistent stores just need to pass Save, Load & Clear function handles to the persistent manager now. * Shift to persistence.Manager wrapping a persistence.Store * Break up the Redis client builder logic * Move error messages to Store from Manager * Convert ticket to private for Manager use only * Add persistence Manager & ticket tests * Make a custom MockStore that handles time FastForwards 2020-07-19 13:25:13 -07:00			`}`

			`// Clear clears any saved session information for a given ticket cookie.`
			`// Then it clears all session data for that ticket in the Store.`
			`func (m Manager) Clear(rw http.ResponseWriter, req http.Request) error {`
			`tckt, err := decodeTicketFromRequest(req, m.Options)`
			`if err != nil {`
			`// Always clear the cookie, even when we can't load a cookie from`
			`// the request`
			`tckt = &ticket{`
			`options: m.Options,`
			`}`
			`tckt.clearCookie(rw, req)`
			`// Don't raise an error if we didn't have a Cookie`
			`if err == http.ErrNoCookie {`
			`return nil`
			`}`
			`return fmt.Errorf("error decoding ticket to clear session: %v", err)`
			`}`

			`tckt.clearCookie(rw, req)`
			`return tckt.clearSession(func(key string) error {`
			`return m.Store.Clear(req.Context(), key)`
			`})`
			`}`
feat: readiness check (#1839) * feat: readiness check * fix: no need for query param * docs: add a note * chore: move the readyness check to its own endpoint * docs(cr): add godoc Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2022-12-23 11:08:12 +02:00
			`// VerifyConnection validates the underlying store is ready and connected`
			`func (m *Manager) VerifyConnection(ctx context.Context) error {`
			`return m.Store.VerifyConnection(ctx)`
			`}`