aljaz/pubky-core
1
0
Fork 0
mirror of https://github.com/aljazceru/pubky-core.git synced 2026-01-22 07:24:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(homeserver): replace session_id with the first 8 bytes of a key

Browse Source
This commit is contained in:
nazeh
2024-12-19 16:10:31 +03:00
parent 0c1326c2c7
commit 3cfe6567f0
4 changed files with 34 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
pubky-homeserver/src/core/database/tables/sessions.rs
View File

@@ -29,10 +29,11 @@ impl DB {
pub fn get_session_bytes(
&mut self,
cookies: Cookies,
_public_key: &PublicKey,
public_key: &PublicKey,
) -> anyhow::Result<Option<Vec<u8>>> {
// TODO: support coookie for key in the path
if let Some(cookie) = cookies.get("session_id") {
if let Some(cookie) =
cookies.get(&public_key.to_string().chars().take(8).collect::<String>())
{
let rtxn = self.env.read_txn()?;
let session = self
@@ -52,10 +53,13 @@ impl DB {
pub fn delete_session(
&mut self,
cookies: Cookies,
_public_key: &PublicKey,
public_key: &PublicKey,
) -> anyhow::Result<bool> {
// TODO: support coookie for key in the path
if let Some(cookie) = cookies.get("session_id") {
// TODO: Set expired cookie to delete the cookie on client side.
if let Some(cookie) =
cookies.get(&public_key.to_string().chars().take(8).collect::<String>())
{
let mut wtxn = self.env.write_txn()?;
let deleted = self.tables.sessions.delete(&mut wtxn, cookie.value())?;

9
pubky-homeserver/src/core/mod.rs
View File

@@ -103,11 +103,10 @@ impl HomeserverCore {
wtxn.commit()?;
let mut cookie = if true {
Cookie::new("session_id", session_secret)
} else {
Cookie::new(public_key.to_string(), session_secret)
};
let mut cookie = Cookie::new(
public_key.to_string().chars().take(8).collect::<String>(),
session_secret,
);
cookie.set_path("/");

9
pubky-homeserver/src/core/routes/auth.rs
View File

@@ -96,11 +96,10 @@ pub async fn signin(
wtxn.commit()?;
let mut cookie = if true {
Cookie::new("session_id", session_secret)
} else {
Cookie::new(public_key.to_string(), session_secret)
};
let mut cookie = Cookie::new(
public_key.to_string().chars().take(8).collect::<String>(),
session_secret,
);
cookie.set_path("/");

24
pubky/src/native/cookies.rs
View File

@@ -12,11 +12,15 @@ pub struct CookieJar {
impl CookieJar {
pub(crate) fn store_session_after_signup(&self, response: &Response, pubky: &PublicKey) {
for (header_name, header_value) in response.headers() {
if header_name == "set-cookie" && header_value.as_ref().starts_with(b"session_id=") {
let cookie_name = &pubky.to_string().chars().take(8).collect::<String>();
if header_name == "set-cookie"
&& header_value.as_ref().starts_with(cookie_name.as_bytes())
{
if let Ok(Ok(cookie)) =
std::str::from_utf8(header_value.as_bytes()).map(cookie::Cookie::parse)
{
if cookie.name() == "session_id" {
if cookie.name() == cookie_name {
let domain = format!("_pubky.{pubky}");
tracing::debug!(?cookie, "Storing coookie after signup");
@@ -62,13 +66,17 @@ impl CookieStore for CookieJar {
.collect::<Vec<_>>()
.join("; ");
// TODO: should we return if empty or just push?
if s.is_empty() {
return self
.pubky_sessions
.read()
.unwrap()
.get(url.host_str().unwrap())
.map(|secret| HeaderValue::try_from(format!("session_id={secret}")).unwrap());
let host = url.host_str().unwrap_or("");
if let Ok(public_key) = PublicKey::try_from(host) {
let cookie_name = public_key.to_string().chars().take(8).collect::<String>();
return self.pubky_sessions.read().unwrap().get(host).map(|secret| {
HeaderValue::try_from(format!("{cookie_name}={secret}")).unwrap()
});
}
}
HeaderValue::from_maybe_shared(bytes::Bytes::from(s)).ok()