From 3586ee1c73b3accca51358104e49d6d4d4499386 Mon Sep 17 00:00:00 2001 From: Liang Ding Date: Wed, 26 Nov 2014 13:49:27 +0800 Subject: [PATCH] HTTP Session expire validate --- editor/editors.go | 21 +++++++++++++++++++++ editor/formatter.go | 5 +++++ file/files.go | 11 +++++++++++ main.go | 4 ---- output/outputs.go | 20 ++++++++++++++++++++ shell/shells.go | 6 +++++- 6 files changed, 62 insertions(+), 5 deletions(-) diff --git a/editor/editors.go b/editor/editors.go index 8f611ae..09eaac6 100644 --- a/editor/editors.go +++ b/editor/editors.go @@ -38,6 +38,12 @@ import ( // WSHandler handles request of creating editor channel. func WSHandler(w http.ResponseWriter, r *http.Request) { httpSession, _ := session.HTTPSession.Get(r, "wide-session") + if httpSession.IsNew { + http.Error(w, "Forbidden", http.StatusForbidden) + + return + } + sid := httpSession.Values["id"].(string) conn, _ := websocket.Upgrade(w, r, nil, 1024, 1024) @@ -102,6 +108,11 @@ func AutocompleteHandler(w http.ResponseWriter, r *http.Request) { } session, _ := session.HTTPSession.Get(r, "wide-session") + if session.IsNew { + http.Error(w, "Forbidden", http.StatusForbidden) + + return + } username := session.Values["username"].(string) path := args["path"].(string) @@ -244,6 +255,11 @@ func FindDeclarationHandler(w http.ResponseWriter, r *http.Request) { defer util.RetJSON(w, r, data) session, _ := session.HTTPSession.Get(r, "wide-session") + if session.IsNew { + http.Error(w, "Forbidden", http.StatusForbidden) + + return + } username := session.Values["username"].(string) var args map[string]interface{} @@ -323,6 +339,11 @@ func FindUsagesHandler(w http.ResponseWriter, r *http.Request) { defer util.RetJSON(w, r, data) session, _ := session.HTTPSession.Get(r, "wide-session") + if session.IsNew { + http.Error(w, "Forbidden", http.StatusForbidden) + + return + } username := session.Values["username"].(string) var args map[string]interface{} diff --git a/editor/formatter.go b/editor/formatter.go index a8031e0..945375b 100644 --- a/editor/formatter.go +++ b/editor/formatter.go @@ -36,6 +36,11 @@ func GoFmtHandler(w http.ResponseWriter, r *http.Request) { defer util.RetJSON(w, r, data) session, _ := session.HTTPSession.Get(r, "wide-session") + if session.IsNew { + http.Error(w, "Forbidden", http.StatusForbidden) + + return + } username := session.Values["username"].(string) var args map[string]interface{} diff --git a/file/files.go b/file/files.go index 7108632..163e644 100644 --- a/file/files.go +++ b/file/files.go @@ -72,8 +72,13 @@ func GetFiles(w http.ResponseWriter, r *http.Request) { defer util.RetJSON(w, r, data) session, _ := session.HTTPSession.Get(r, "wide-session") + if session.IsNew { + http.Error(w, "Forbidden", http.StatusForbidden) + return + } username := session.Values["username"].(string) + userWorkspace := conf.Wide.GetUserWorkspace(username) workspaces := filepath.SplitList(userWorkspace) @@ -341,7 +346,13 @@ func Find(w http.ResponseWriter, r *http.Request) { name := args["name"].(string) session, _ := session.HTTPSession.Get(r, "wide-session") + if session.IsNew { + http.Error(w, "Forbidden", http.StatusForbidden) + + return + } username := session.Values["username"].(string) + userWorkspace := conf.Wide.GetUserWorkspace(username) workspaces := filepath.SplitList(userWorkspace) diff --git a/main.go b/main.go index 74fc57e..75f3ab4 100644 --- a/main.go +++ b/main.go @@ -81,7 +81,6 @@ func init() { // indexHandler handles request of Wide index. func indexHandler(w http.ResponseWriter, r *http.Request) { httpSession, _ := session.HTTPSession.Get(r, "wide-session") - if httpSession.IsNew { http.Redirect(w, r, "/login", http.StatusFound) @@ -138,7 +137,6 @@ func serveSingle(pattern string, filename string) { // startHandler handles request of start page. func startHandler(w http.ResponseWriter, r *http.Request) { httpSession, _ := session.HTTPSession.Get(r, "wide-session") - if httpSession.IsNew { http.Redirect(w, r, "/login", http.StatusFound) @@ -176,7 +174,6 @@ func startHandler(w http.ResponseWriter, r *http.Request) { // keyboardShortcutsHandler handles request of keyboard shortcuts page. func keyboardShortcutsHandler(w http.ResponseWriter, r *http.Request) { httpSession, _ := session.HTTPSession.Get(r, "wide-session") - if httpSession.IsNew { http.Redirect(w, r, "/login", http.StatusFound) @@ -206,7 +203,6 @@ func keyboardShortcutsHandler(w http.ResponseWriter, r *http.Request) { // aboutHandle handles request of about page. func aboutHandler(w http.ResponseWriter, r *http.Request) { httpSession, _ := session.HTTPSession.Get(r, "wide-session") - if httpSession.IsNew { http.Redirect(w, r, "/login", http.StatusFound) diff --git a/output/outputs.go b/output/outputs.go index 576259c..66e4f10 100644 --- a/output/outputs.go +++ b/output/outputs.go @@ -254,6 +254,11 @@ func BuildHandler(w http.ResponseWriter, r *http.Request) { defer util.RetJSON(w, r, data) httpSession, _ := session.HTTPSession.Get(r, "wide-session") + if httpSession.IsNew { + http.Error(w, "Forbidden", http.StatusForbidden) + + return + } username := httpSession.Values["username"].(string) locale := conf.Wide.GetUser(username).Locale @@ -456,6 +461,11 @@ func GoTestHandler(w http.ResponseWriter, r *http.Request) { defer util.RetJSON(w, r, data) httpSession, _ := session.HTTPSession.Get(r, "wide-session") + if httpSession.IsNew { + http.Error(w, "Forbidden", http.StatusForbidden) + + return + } username := httpSession.Values["username"].(string) locale := conf.Wide.GetUser(username).Locale @@ -569,6 +579,11 @@ func GoInstallHandler(w http.ResponseWriter, r *http.Request) { defer util.RetJSON(w, r, data) httpSession, _ := session.HTTPSession.Get(r, "wide-session") + if httpSession.IsNew { + http.Error(w, "Forbidden", http.StatusForbidden) + + return + } username := httpSession.Values["username"].(string) locale := conf.Wide.GetUser(username).Locale @@ -729,6 +744,11 @@ func GoGetHandler(w http.ResponseWriter, r *http.Request) { defer util.RetJSON(w, r, data) httpSession, _ := session.HTTPSession.Get(r, "wide-session") + if httpSession.IsNew { + http.Error(w, "Forbidden", http.StatusForbidden) + + return + } username := httpSession.Values["username"].(string) locale := conf.Wide.GetUser(username).Locale diff --git a/shell/shells.go b/shell/shells.go index 1d0870c..83d773d 100644 --- a/shell/shells.go +++ b/shell/shells.go @@ -42,7 +42,6 @@ var ShellWS = map[string]*util.WSChannel{} // IndexHandler handles request of Shell index. func IndexHandler(w http.ResponseWriter, r *http.Request) { httpSession, _ := session.HTTPSession.Get(r, "wide-session") - if httpSession.IsNew { http.Redirect(w, r, "/login", http.StatusFound) @@ -82,6 +81,11 @@ func IndexHandler(w http.ResponseWriter, r *http.Request) { // WSHandler handles request of creating Shell channel. func WSHandler(w http.ResponseWriter, r *http.Request) { httpSession, _ := session.HTTPSession.Get(r, "wide-session") + if httpSession.IsNew { + http.Error(w, "Forbidden", http.StatusForbidden) + + return + } username := httpSession.Values["username"].(string) sid := r.URL.Query()["sid"][0]