Don't regen valid tokens for users
This commit is contained in:
nak
parent
68f1db5427
commit
78a790400d
1 changed files with 20 additions and 8 deletions
16
main.go
16
main.go
|
|
@ -189,14 +189,26 @@ const sessionTTL = 6 * time.Minute // token valid for 6 min; client refreshes ev
|
||||||
|
|
||||||
// issueToken creates a new signed token, stores it in Redis, and returns it.
|
// issueToken creates a new signed token, stores it in Redis, and returns it.
|
||||||
func issueToken(username string) (string, error) {
|
func issueToken(username string) (string, error) {
|
||||||
|
// Check if a valid session already exists
|
||||||
|
stored, err := rdb.Get(ctx, sessionKey(username)).Result()
|
||||||
|
if err == nil {
|
||||||
|
// Parse out the existing token and return it
|
||||||
|
parts := strings.SplitN(stored, ":", 2)
|
||||||
|
if len(parts) == 2 {
|
||||||
|
// Refresh TTL and return the existing token
|
||||||
|
rdb.Expire(ctx, sessionKey(username), sessionTTL)
|
||||||
|
return username + ":" + parts[0], nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// No valid session — issue a new one
|
||||||
ts := time.Now().Unix()
|
ts := time.Now().Unix()
|
||||||
token := makeToken(username, ts)
|
token := makeToken(username, ts)
|
||||||
// Store as "token:timestamp" so we can re-verify the HMAC on use
|
|
||||||
val := token + ":" + itoa(ts)
|
val := token + ":" + itoa(ts)
|
||||||
if err := rdb.Set(ctx, sessionKey(username), val, sessionTTL).Err(); err != nil {
|
if err := rdb.Set(ctx, sessionKey(username), val, sessionTTL).Err(); err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
return token, nil
|
return username + ":" + token, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// validateToken checks the Authorization header against the stored token.
|
// validateToken checks the Authorization header against the stored token.
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue