mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-25 20:49:30 +02:00
badd8d69af
These chagnes standardize how session loading is done for session cookie, auth bearer token, and query params. - Bearer token previously combined with session cookie. - rearranged cookie-store to put exported methods above unexported - added header store that implements session loader interface - added query param store that implements session loader interface Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
44 lines
1.2 KiB
Go
44 lines
1.2 KiB
Go
package sessions // import "github.com/pomerium/pomerium/internal/sessions"
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/pomerium/pomerium/internal/cryptutil"
|
|
)
|
|
|
|
const (
|
|
defaultQueryParamKey = "pomerium_session"
|
|
)
|
|
|
|
// QueryParamStore implements the load session store interface using http
|
|
// query strings / query parameters.
|
|
type QueryParamStore struct {
|
|
queryParamKey string
|
|
encoder cryptutil.SecureEncoder
|
|
}
|
|
|
|
// NewQueryParamStore returns a new query param store for loading sessions from
|
|
// query strings / query parameters.
|
|
func NewQueryParamStore(enc cryptutil.SecureEncoder) *QueryParamStore {
|
|
return &QueryParamStore{
|
|
queryParamKey: defaultQueryParamKey,
|
|
encoder: enc,
|
|
}
|
|
}
|
|
|
|
// LoadSession tries to retrieve the token string from URL query parameters.
|
|
//
|
|
// NOTA BENE: By default, most servers _DO_ log query params, the leaking or
|
|
// accidental logging of which should be considered a security issue.
|
|
func (qp *QueryParamStore) LoadSession(r *http.Request) (*State, error) {
|
|
cipherText := r.URL.Query().Get(qp.queryParamKey)
|
|
if cipherText == "" {
|
|
return nil, ErrNoSessionFound
|
|
}
|
|
session, err := UnmarshalSession(cipherText, qp.encoder)
|
|
if err != nil {
|
|
return nil, ErrMalformed
|
|
}
|
|
return session, nil
|
|
|
|
}
|