You've already forked oauth2-proxy
mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-12-01 22:51:45 +02:00
Remove v5 JSON session support
This commit is contained in:
Nick Meves
@@ -2,7 +2,6 @@ package sessions
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
@@ -18,15 +17,17 @@ import (
|
||||
|
||||
// SessionState is used to store information about the currently authenticated user session
|
||||
type SessionState struct {
|
||||
AccessToken string `json:",omitempty" msgpack:"at,omitempty"`
|
||||
IDToken string `json:",omitempty" msgpack:"it,omitempty"`
|
||||
CreatedAt *time.Time `json:",omitempty" msgpack:"ca,omitempty"`
|
||||
ExpiresOn *time.Time `json:",omitempty" msgpack:"eo,omitempty"`
|
||||
RefreshToken string `json:",omitempty" msgpack:"rt,omitempty"`
|
||||
Email string `json:",omitempty" msgpack:"e,omitempty"`
|
||||
User string `json:",omitempty" msgpack:"u,omitempty"`
|
||||
Groups []string `json:",omitempty" msgpack:"g,omitempty"`
|
||||
PreferredUsername string `json:",omitempty" msgpack:"pu,omitempty"`
|
||||
CreatedAt *time.Time `msgpack:"ca,omitempty"`
|
||||
ExpiresOn *time.Time `msgpack:"eo,omitempty"`
|
||||
|
||||
AccessToken string `msgpack:"at,omitempty"`
|
||||
IDToken string `msgpack:"it,omitempty"`
|
||||
RefreshToken string `msgpack:"rt,omitempty"`
|
||||
|
||||
Email string `msgpack:"e,omitempty"`
|
||||
User string `msgpack:"u,omitempty"`
|
||||
Groups []string `msgpack:"g,omitempty"`
|
||||
PreferredUsername string `msgpack:"pu,omitempty"`
|
||||
}
|
||||
|
||||
// IsExpired checks whether the session has expired
|
||||
@@ -146,52 +147,6 @@ func DecodeSessionState(data []byte, c encryption.Cipher, compressed bool) (*Ses
|
||||
return &ss, nil
|
||||
}
|
||||
|
||||
// LegacyV5DecodeSessionState decodes a legacy JSON session cookie string into a SessionState
|
||||
func LegacyV5DecodeSessionState(v string, c encryption.Cipher) (*SessionState, error) {
|
||||
var ss SessionState
|
||||
err := json.Unmarshal([]byte(v), &ss)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error unmarshalling session: %w", err)
|
||||
}
|
||||
|
||||
for _, s := range []*string{
|
||||
&ss.User,
|
||||
&ss.Email,
|
||||
&ss.PreferredUsername,
|
||||
&ss.AccessToken,
|
||||
&ss.IDToken,
|
||||
&ss.RefreshToken,
|
||||
} {
|
||||
err := into(s, c.Decrypt)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
err = ss.validate()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &ss, nil
|
||||
}
|
||||
|
||||
// codecFunc is a function that takes a []byte and encodes/decodes it
|
||||
type codecFunc func([]byte) ([]byte, error)
|
||||
|
||||
func into(s *string, f codecFunc) error {
|
||||
// Do not encrypt/decrypt nil or empty strings
|
||||
if s == nil || *s == "" {
|
||||
return nil
|
||||
}
|
||||
|
||||
d, err := f([]byte(*s))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*s = string(d)
|
||||
return nil
|
||||
}
|
||||
|
||||
// lz4Compress compresses with LZ4
|
||||
//
|
||||
// The Compress:Decompress ratio is 1:Many. LZ4 gives fastest decompress speeds
|
||||
|
||||
Reference in New Issue
Block a user