From fe5ebfb75a012cc75a136323bd4fc355a417dfa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Michaud?= Date: Mon, 18 May 2020 04:45:47 +0200 Subject: [PATCH] [FEATURE] Bump to fasthttp/session/v2 to support redis unix socket. (#1001) * [FEATURE] Bump to fasthttp/session/v2 to support redis unix socket. * Fix lint issues. * Remove v1 import and fix double import. * [DOCS] Document use of redis unix socket. Co-authored-by: Amir Zarrinkafsh --- config.template.yml | 4 ++ docs/configuration/session.md | 3 ++ go.mod | 2 +- go.sum | 48 +---------------- internal/configuration/validator/session.go | 11 +++- .../configuration/validator/session_test.go | 47 +++++++++++++++- internal/session/encrypting_serializer.go | 2 +- .../session/encrypting_serializer_test.go | 3 +- internal/session/mocks/mock_storer.go | 4 +- internal/session/provider.go | 26 ++++++--- internal/session/provider_config.go | 52 +++++++++++------- internal/session/provider_config_test.go | 54 +++++++++++++------ internal/session/types.go | 10 ++-- 13 files changed, 166 insertions(+), 100 deletions(-) diff --git a/config.template.yml b/config.template.yml index 5c63e715..d209618f 100644 --- a/config.template.yml +++ b/config.template.yml @@ -309,6 +309,10 @@ session: redis: host: 127.0.0.1 port: 6379 + # # Use a unix socket instead + # host: /var/run/redis/redis.sock + + # Password can also be set using a secret: https://docs.authelia.com/configuration/secrets.html password: authelia # This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc). diff --git a/docs/configuration/session.md b/docs/configuration/session.md index d7e70886..7837a993 100644 --- a/docs/configuration/session.md +++ b/docs/configuration/session.md @@ -48,6 +48,9 @@ session: redis: host: 127.0.0.1 port: 6379 + # # Use a unix socket instead + # host: /var/run/redis/redis.sock + # Password can also be set using a secret: https://docs.authelia.com/configuration/secrets.html password: authelia ``` diff --git a/go.mod b/go.mod index 208ce37a..818c0f6c 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/duosecurity/duo_api_golang v0.0.0-20190308151101-6c680f768e74 github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 // indirect github.com/fasthttp/router v1.1.1 - github.com/fasthttp/session v1.1.8 + github.com/fasthttp/session/v2 v2.0.2 github.com/go-ldap/ldap/v3 v3.1.10 github.com/go-sql-driver/mysql v1.5.0 github.com/golang/mock v1.4.3 diff --git a/go.sum b/go.sum index 3682409d..d30a143a 100644 --- a/go.sum +++ b/go.sum @@ -69,20 +69,10 @@ github.com/duosecurity/duo_api_golang v0.0.0-20190308151101-6c680f768e74 h1:2MIh github.com/duosecurity/duo_api_golang v0.0.0-20190308151101-6c680f768e74/go.mod h1:UqXY1lYT/ERa4OEAywUqdok1T4RCRdArkhic1Opuavo= github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 h1:JWuenKqqX8nojtoVVWjGfOF9635RETekkoH6Cc9SX0A= github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg= -github.com/fasthttp/router v1.0.3 h1:8yip6cRyihI+K07eZ+HxtcfWpapgUGhXRi0o31hEVJk= -github.com/fasthttp/router v1.0.3/go.mod h1:ID3ss22SL9zubP2jjzl6WayHb9/CQq54pQY+uYVnKOw= -github.com/fasthttp/router v1.0.4 h1:boxeE3vbutHTNAqQsUTm3IdRTjaQ5uFoRrGC+2Y1iwY= -github.com/fasthttp/router v1.0.4/go.mod h1:3ZGZormG7E+VbnYeToF+zmcF4oBGcAKOD8a8XL+fOZo= -github.com/fasthttp/router v1.1.0 h1:n8ddTi63XdGz1WZ0sgwy/aycoZgax/4Rt4Rr2Wh6BNE= -github.com/fasthttp/router v1.1.0/go.mod h1:3ZGZormG7E+VbnYeToF+zmcF4oBGcAKOD8a8XL+fOZo= github.com/fasthttp/router v1.1.1 h1:V3IONYo/5S/QSGR0Wdc9fYTA2zrBFaUN9GbPIYIZJ+o= github.com/fasthttp/router v1.1.1/go.mod h1:3ZGZormG7E+VbnYeToF+zmcF4oBGcAKOD8a8XL+fOZo= -github.com/fasthttp/session v1.1.3 h1:2qjxNltI7iv0yh7frsIdhbsGmSoRnTajU8xtpC6Hd80= -github.com/fasthttp/session v1.1.3/go.mod h1:DRxVb1PWFtAUTE4U+GgggsVkUaQyacoL8TN+3o4/yLw= -github.com/fasthttp/session v1.1.7 h1:dTLeicJrpzb6pulR/c9X5RJWyYxI/WMwfJjcblt52Ic= -github.com/fasthttp/session v1.1.7/go.mod h1:rBmyCAu0bLIqKYUL2Wij7DZ4mmC6iL4RGRbmShWcIow= -github.com/fasthttp/session v1.1.8 h1:tl20A0AGgUrQUc/8A2zWR67WR8RzcgwQ65WDmyNhrAo= -github.com/fasthttp/session v1.1.8/go.mod h1:t3thYwSWN5VdyGjYoOqhu1fK3CZVvaQeatSyVd8Ss/U= +github.com/fasthttp/session/v2 v2.0.2 h1:hoCr7xM+wXjkp0uwFna9G0k9ZUZNDUM5/SzgAlXqjvw= +github.com/fasthttp/session/v2 v2.0.2/go.mod h1:u9Z1Tn1V9XLAZKHM6bjHFsinVC5/KEn2M1rllhcjFgc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -91,10 +81,6 @@ github.com/go-asn1-ber/asn1-ber v1.3.1 h1:gvPdv/Hr++TRFCl0UbPFHC54P9N9jgsRPnmnr4 github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-ldap/ldap/v3 v3.1.8 h1:5vU/2jOh9HqprwXp8aF915s9p6Z8wmbSEVF7/gdTFhM= -github.com/go-ldap/ldap/v3 v3.1.8/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q= -github.com/go-ldap/ldap/v3 v3.1.9 h1:i+JuAfLkSyBmZ24nNuYaGlbBW+92Julzu1qTxX5tmVo= -github.com/go-ldap/ldap/v3 v3.1.9/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q= github.com/go-ldap/ldap/v3 v3.1.10 h1:7WsKqasmPThNvdl0Q5GPpbTDD/ZD98CfuawrMIuh7qQ= github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= @@ -128,7 +114,6 @@ github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-github/v27 v27.0.4/go.mod h1:/0Gr8pJ55COkmv+S/yPKCczSkUPIM/LnFyubufRNIS0= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= @@ -172,23 +157,16 @@ github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NH github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.8.2 h1:Bx0qjetmNjdFXASH02NSAREKpiaDwkO1DRZ3dV2KCcs= -github.com/klauspost/compress v1.8.2/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.10.4 h1:jFzIFaf586tquEB5EhzQG0HwGNSlgAJpG53G6Ss11wc= github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/cpuid v1.2.1 h1:vJi+O/nMdFt0vqm8NZBI6wzALWdA2X+egi0ogNyrC/w= -github.com/klauspost/cpuid v1.2.1/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= -github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= @@ -198,14 +176,8 @@ github.com/kr/pty v1.1.1 h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/lib/pq v1.3.0 h1:/qkRGz8zljWiDcFvgpwUpwIAPu3r07TDvs3Rws+o/pU= -github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.4.0 h1:TmtCFbH+Aw0AixwyttznSMQDgbR5Yed/Gg6S8Funrhc= github.com/lib/pq v1.4.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.5.0 h1:Hq6pEflc2Q3hP5iEH3Q6XopXrJXxjhwbvMpj9eZnpp0= -github.com/lib/pq v1.5.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.5.1 h1:Jn6HYxiYrtQ92CopqJLvfPCJUrrruw1+1cn0jM9dKrI= -github.com/lib/pq v1.5.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.5.2 h1:yTSXVswvWUOQ3k1sd7vJfDrbSl8lKuscqFJRqjC0ifw= github.com/lib/pq v1.5.2/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY= @@ -228,9 +200,7 @@ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0Qu github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= @@ -286,13 +256,9 @@ github.com/savsgio/gotils v0.0.0-20200413113635-8c468ce75cca h1:Qe7Mtuhjkk38HVpR github.com/savsgio/gotils v0.0.0-20200413113635-8c468ce75cca/go.mod h1:TWNAOTaVzGOXq8RbEvHnhzA/A2sLZzgn0m6URjnukY8= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/simia-tech/crypt v0.4.2 h1:ZQFyCxgImhXpyxWNXEtBfAmV6T8dT1w481fpm8blQww= -github.com/simia-tech/crypt v0.4.2/go.mod h1:DMwvjPTzsiHrjqHVW5HvIbF4vUUzMCYDKVLsPWmLdTo= github.com/simia-tech/crypt v0.4.3 h1:aljHxrQWZFUuTWGhLsCwr+0fwCBqDjEaRVyq69PfltY= github.com/simia-tech/crypt v0.4.3/go.mod h1:DMwvjPTzsiHrjqHVW5HvIbF4vUUzMCYDKVLsPWmLdTo= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.5.0 h1:1N5EYkVAPEywqZRJd7cwnRtCb6xJx7NH3T3WUTF980Q= -github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo= github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= @@ -312,8 +278,6 @@ github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb6 github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= -github.com/spf13/viper v1.6.3 h1:pDDu1OyEDTKzpJwdq4TiuLyMsUgRa/BT5cn5O62NoHs= -github.com/spf13/viper v1.6.3/go.mod h1:jUMtyi0/lB5yZH/FjyGAoH7IMNrIhlBf6pXZmbMDvzw= github.com/spf13/viper v1.7.0 h1:xVKxvI7ouOI5I+U9s2eeiUfMaWBVoXA3AWskkrqK0VM= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -336,10 +300,6 @@ github.com/tstranex/u2f v1.0.0/go.mod h1:eahSLaqAS0zsIEv80+vXT7WanXs7MQQDg3j3wGB github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= -github.com/valyala/fasthttp v1.9.0 h1:hNpmUdy/+ZXYpGy0OBfm7K0UQTzb73W0T0U4iJIVrMw= -github.com/valyala/fasthttp v1.9.0/go.mod h1:FstJa9V+Pj9vQ7OJie2qMHdwemEDaDiSdBnvPM1Su9w= -github.com/valyala/fasthttp v1.11.0 h1:CpWaRjWmZMkgcngl8P7ygGoHmfXSZDcKx3Vdv8Bdkuw= -github.com/valyala/fasthttp v1.11.0/go.mod h1:FstJa9V+Pj9vQ7OJie2qMHdwemEDaDiSdBnvPM1Su9w= github.com/valyala/fasthttp v1.12.0 h1:TsB9qkSeiMXB40ELWWSRMjlsE+8IkqXHcs01y2d9aw0= github.com/valyala/fasthttp v1.12.0/go.mod h1:229t1eWu9UXTPmoUkbpN/fctKPBY4IJoFXQnxHGXy6E= github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= @@ -394,8 +354,6 @@ golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 h1:k7pJ2yAPLPgbskkFdhRCsA77k2fySZ1zf2zCjvQCiIM= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= @@ -505,8 +463,6 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/internal/configuration/validator/session.go b/internal/configuration/validator/session.go index 072da55d..05542352 100644 --- a/internal/configuration/validator/session.go +++ b/internal/configuration/validator/session.go @@ -3,6 +3,7 @@ package validator import ( "errors" "fmt" + "strings" "github.com/authelia/authelia/internal/configuration/schema" "github.com/authelia/authelia/internal/utils" @@ -14,8 +15,14 @@ func ValidateSession(configuration *schema.SessionConfiguration, validator *sche configuration.Name = schema.DefaultSessionConfiguration.Name } - if configuration.Redis != nil && configuration.Secret == "" { - validator.Push(errors.New("Set secret of the session object")) + if configuration.Redis != nil { + if configuration.Secret == "" { + validator.Push(errors.New("Set secret of the session object")) + } + + if !strings.HasPrefix(configuration.Redis.Host, "/") && configuration.Redis.Port == 0 { + validator.Push(errors.New("A redis port different than 0 must be provided")) + } } if configuration.Expiration == "" { diff --git a/internal/configuration/validator/session_test.go b/internal/configuration/validator/session_test.go index 2478edf3..0e535514 100644 --- a/internal/configuration/validator/session_test.go +++ b/internal/configuration/validator/session_test.go @@ -46,6 +46,27 @@ func TestShouldSetDefaultSessionExpiration(t *testing.T) { assert.Equal(t, schema.DefaultSessionConfiguration.Expiration, config.Expiration) } +func TestShouldHandleRedisConfigSuccessfully(t *testing.T) { + validator := schema.NewStructValidator() + config := newDefaultSessionConfig() + + ValidateSession(&config, validator) + + assert.Len(t, validator.Errors(), 0) + validator.Clear() + + // Set redis config because password must be set only when redis is used. + config.Redis = &schema.RedisSessionConfiguration{ + Host: "redis.localhost", + Port: 6379, + Password: "password", + } + + ValidateSession(&config, validator) + + assert.Len(t, validator.Errors(), 0) +} + func TestShouldRaiseErrorWhenRedisIsUsedAndPasswordNotSet(t *testing.T) { validator := schema.NewStructValidator() config := newDefaultSessionConfig() @@ -57,7 +78,10 @@ func TestShouldRaiseErrorWhenRedisIsUsedAndPasswordNotSet(t *testing.T) { validator.Clear() // Set redis config because password must be set only when redis is used. - config.Redis = &schema.RedisSessionConfiguration{} + config.Redis = &schema.RedisSessionConfiguration{ + Host: "redis.localhost", + Port: 6379, + } ValidateSession(&config, validator) @@ -65,6 +89,27 @@ func TestShouldRaiseErrorWhenRedisIsUsedAndPasswordNotSet(t *testing.T) { assert.EqualError(t, validator.Errors()[0], "Set secret of the session object") } +func TestShouldRaiseErrorWhenRedisHasHostnameButNoPort(t *testing.T) { + validator := schema.NewStructValidator() + config := newDefaultSessionConfig() + + ValidateSession(&config, validator) + + assert.Len(t, validator.Errors(), 0) + validator.Clear() + + // Set redis config because password must be set only when redis is used. + config.Redis = &schema.RedisSessionConfiguration{ + Host: "redis.localhost", + Port: 0, + } + + ValidateSession(&config, validator) + + assert.Len(t, validator.Errors(), 1) + assert.EqualError(t, validator.Errors()[0], "A redis port different than 0 must be provided") +} + func TestShouldRaiseErrorWhenDomainNotSet(t *testing.T) { validator := schema.NewStructValidator() config := newDefaultSessionConfig() diff --git a/internal/session/encrypting_serializer.go b/internal/session/encrypting_serializer.go index 1232ddca..a6a9d0d3 100644 --- a/internal/session/encrypting_serializer.go +++ b/internal/session/encrypting_serializer.go @@ -4,7 +4,7 @@ import ( "crypto/sha256" "fmt" - "github.com/fasthttp/session" + "github.com/fasthttp/session/v2" "github.com/authelia/authelia/internal/utils" ) diff --git a/internal/session/encrypting_serializer_test.go b/internal/session/encrypting_serializer_test.go index 682bb359..589033ec 100644 --- a/internal/session/encrypting_serializer_test.go +++ b/internal/session/encrypting_serializer_test.go @@ -3,7 +3,8 @@ package session import ( "testing" - "github.com/fasthttp/session" + "github.com/fasthttp/session/v2" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/internal/session/mocks/mock_storer.go b/internal/session/mocks/mock_storer.go index 3bed9148..86304a22 100644 --- a/internal/session/mocks/mock_storer.go +++ b/internal/session/mocks/mock_storer.go @@ -1,5 +1,5 @@ // Code generated by MockGen. DO NOT EDIT. -// Source: github.com/fasthttp/session (interfaces: Storer) +// Source: github.com/fasthttp/session/v2 (interfaces: Storer) // Package mock_session is a generated GoMock package. package mock_session @@ -8,7 +8,7 @@ import ( reflect "reflect" time "time" - session "github.com/fasthttp/session" + session "github.com/fasthttp/session/v2" gomock "github.com/golang/mock/gomock" ) diff --git a/internal/session/provider.go b/internal/session/provider.go index 21295210..02083413 100644 --- a/internal/session/provider.go +++ b/internal/session/provider.go @@ -4,7 +4,9 @@ import ( "encoding/json" "time" - fasthttpsession "github.com/fasthttp/session" + fasthttpsession "github.com/fasthttp/session/v2" + "github.com/fasthttp/session/v2/providers/memory" + "github.com/fasthttp/session/v2/providers/redis" "github.com/valyala/fasthttp" "github.com/authelia/authelia/internal/configuration/schema" @@ -39,7 +41,20 @@ func NewProvider(configuration schema.SessionConfiguration) *Provider { provider.Inactivity = duration - err = provider.sessionHolder.SetProvider(providerConfig.providerName, providerConfig.providerConfig) + var providerImpl fasthttpsession.Provider + if providerConfig.redisConfig != nil { + providerImpl, err = redis.New(*providerConfig.redisConfig) + if err != nil { + panic(err) + } + } else { + providerImpl, err = memory.New(memory.Config{}) + if err != nil { + panic(err) + } + } + + err = provider.sessionHolder.SetProvider(providerImpl) if err != nil { panic(err) } @@ -91,6 +106,7 @@ func (p *Provider) SaveSession(ctx *fasthttp.RequestCtx, userSession UserSession } store.Set(userSessionStorerKey, userSessionJSON) + p.sessionHolder.Save(ctx, store) return nil @@ -98,7 +114,7 @@ func (p *Provider) SaveSession(ctx *fasthttp.RequestCtx, userSession UserSession // RegenerateSession regenerate a session ID. func (p *Provider) RegenerateSession(ctx *fasthttp.RequestCtx) error { - _, err := p.sessionHolder.Regenerate(ctx) + err := p.sessionHolder.Regenerate(ctx) return err } @@ -121,9 +137,7 @@ func (p *Provider) UpdateExpiration(ctx *fasthttp.RequestCtx, expiration time.Du return err } - p.sessionHolder.Save(ctx, store) - - return nil + return p.sessionHolder.Save(ctx, store) } // GetExpiration get the expiration of the current session. diff --git a/internal/session/provider_config.go b/internal/session/provider_config.go index 9ebfa1c6..a0ffa2d7 100644 --- a/internal/session/provider_config.go +++ b/internal/session/provider_config.go @@ -1,9 +1,11 @@ package session import ( - "github.com/fasthttp/session" - "github.com/fasthttp/session/memory" - "github.com/fasthttp/session/redis" + "fmt" + + "github.com/fasthttp/session/v2" + "github.com/fasthttp/session/v2/providers/redis" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/internal/configuration/schema" @@ -24,14 +26,14 @@ func NewProviderConfig(configuration schema.SessionConfiguration) ProviderConfig config.Secure = true // Ignore the error as it will be handled by validator. - config.Expires, _ = utils.ParseDurationString(configuration.Expiration) + config.Expiration, _ = utils.ParseDurationString(configuration.Expiration) // TODO(c.michaud): Make this configurable by giving the list of IPs that are trustable. config.IsSecureFunc = func(*fasthttp.RequestCtx) bool { return true } - var providerConfig session.ProviderConfig + var redisConfig *redis.Config var providerName string @@ -39,26 +41,36 @@ func NewProviderConfig(configuration schema.SessionConfiguration) ProviderConfig if configuration.Redis != nil { providerName = "redis" serializer := NewEncryptingSerializer(configuration.Secret) - providerConfig = &redis.Config{ - Host: configuration.Redis.Host, - Port: configuration.Redis.Port, - Password: configuration.Redis.Password, - // DbNumber is the fasthttp/session property for the Redis DB Index. - DbNumber: configuration.Redis.DatabaseIndex, - PoolSize: 8, - IdleTimeout: 300, - KeyPrefix: "authelia-session", - SerializeFunc: serializer.Encode, - UnSerializeFunc: serializer.Decode, + network := "tcp" + + var addr string + + if configuration.Redis.Port == 0 { + network = "unix" + addr = configuration.Redis.Host + } else { + addr = fmt.Sprintf("%s:%d", configuration.Redis.Host, configuration.Redis.Port) } + + redisConfig = &redis.Config{ + Network: network, + Addr: addr, + Password: configuration.Redis.Password, + // DB is the fasthttp/session property for the Redis DB Index. + DB: configuration.Redis.DatabaseIndex, + PoolSize: 8, + IdleTimeout: 300, + KeyPrefix: "authelia-session", + } + config.EncodeFunc = serializer.Encode + config.DecodeFunc = serializer.Decode } else { // if no option is provided, use the memory provider. providerName = "memory" - providerConfig = &memory.Config{} } return ProviderConfig{ - config: config, - providerName: providerName, - providerConfig: providerConfig, + config: config, + redisConfig: redisConfig, + providerName: providerName, } } diff --git a/internal/session/provider_config_test.go b/internal/session/provider_config_test.go index 95f22e2c..4c062ea1 100644 --- a/internal/session/provider_config_test.go +++ b/internal/session/provider_config_test.go @@ -5,9 +5,8 @@ import ( "testing" "time" - "github.com/fasthttp/session" - "github.com/fasthttp/session/memory" - "github.com/fasthttp/session/redis" + "github.com/fasthttp/session/v2" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -26,11 +25,10 @@ func TestShouldCreateInMemorySessionProvider(t *testing.T) { assert.Equal(t, "my_session", providerConfig.config.CookieName) assert.Equal(t, testDomain, providerConfig.config.Domain) assert.Equal(t, true, providerConfig.config.Secure) - assert.Equal(t, time.Duration(40)*time.Second, providerConfig.config.Expires) + assert.Equal(t, time.Duration(40)*time.Second, providerConfig.config.Expiration) assert.True(t, providerConfig.config.IsSecureFunc(nil)) assert.Equal(t, "memory", providerConfig.providerName) - assert.IsType(t, &memory.Config{}, providerConfig.providerConfig) } func TestShouldCreateRedisSessionProvider(t *testing.T) { @@ -49,18 +47,44 @@ func TestShouldCreateRedisSessionProvider(t *testing.T) { assert.Equal(t, "my_session", providerConfig.config.CookieName) assert.Equal(t, testDomain, providerConfig.config.Domain) assert.Equal(t, true, providerConfig.config.Secure) - assert.Equal(t, time.Duration(40)*time.Second, providerConfig.config.Expires) + assert.Equal(t, time.Duration(40)*time.Second, providerConfig.config.Expiration) assert.True(t, providerConfig.config.IsSecureFunc(nil)) assert.Equal(t, "redis", providerConfig.providerName) - assert.IsType(t, &redis.Config{}, providerConfig.providerConfig) - pConfig := providerConfig.providerConfig.(*redis.Config) - assert.Equal(t, "redis.example.com", pConfig.Host) - assert.Equal(t, int64(6379), pConfig.Port) + pConfig := providerConfig.redisConfig + assert.Equal(t, "redis.example.com:6379", pConfig.Addr) assert.Equal(t, "pass", pConfig.Password) // DbNumber is the fasthttp/session property for the Redis DB Index - assert.Equal(t, 0, pConfig.DbNumber) + assert.Equal(t, 0, pConfig.DB) +} + +func TestShouldCreateRedisSessionProviderWithUnixSocket(t *testing.T) { + // The redis configuration is not provided so we create a in-memory provider. + configuration := schema.SessionConfiguration{} + configuration.Domain = testDomain + configuration.Name = testName + configuration.Expiration = testExpiration + configuration.Redis = &schema.RedisSessionConfiguration{ + Host: "/var/run/redis/redis.sock", + Port: 0, + Password: "pass", + } + providerConfig := NewProviderConfig(configuration) + + assert.Equal(t, "my_session", providerConfig.config.CookieName) + assert.Equal(t, testDomain, providerConfig.config.Domain) + assert.Equal(t, true, providerConfig.config.Secure) + assert.Equal(t, time.Duration(40)*time.Second, providerConfig.config.Expiration) + assert.True(t, providerConfig.config.IsSecureFunc(nil)) + + assert.Equal(t, "redis", providerConfig.providerName) + + pConfig := providerConfig.redisConfig + assert.Equal(t, "/var/run/redis/redis.sock", pConfig.Addr) + assert.Equal(t, "pass", pConfig.Password) + // DbNumber is the fasthttp/session property for the Redis DB Index + assert.Equal(t, 0, pConfig.DB) } func TestShouldSetDbNumber(t *testing.T) { @@ -76,10 +100,9 @@ func TestShouldSetDbNumber(t *testing.T) { } providerConfig := NewProviderConfig(configuration) assert.Equal(t, "redis", providerConfig.providerName) - assert.IsType(t, &redis.Config{}, providerConfig.providerConfig) - pConfig := providerConfig.providerConfig.(*redis.Config) + pConfig := providerConfig.redisConfig // DbNumber is the fasthttp/session property for the Redis DB Index - assert.Equal(t, 5, pConfig.DbNumber) + assert.Equal(t, 5, pConfig.DB) } func TestShouldUseEncryptingSerializerWithRedis(t *testing.T) { @@ -92,12 +115,11 @@ func TestShouldUseEncryptingSerializerWithRedis(t *testing.T) { DatabaseIndex: 5, } providerConfig := NewProviderConfig(configuration) - pConfig := providerConfig.providerConfig.(*redis.Config) payload := session.Dict{} payload.Set("key", "value") - encoded, err := pConfig.SerializeFunc(payload) + encoded, err := providerConfig.config.EncodeFunc(payload) require.NoError(t, err) // Now we try to decrypt what has been serialized diff --git a/internal/session/types.go b/internal/session/types.go index 05a6bc90..45a4cdf2 100644 --- a/internal/session/types.go +++ b/internal/session/types.go @@ -3,7 +3,9 @@ package session import ( "time" - "github.com/fasthttp/session" + "github.com/fasthttp/session/v2" + "github.com/fasthttp/session/v2/providers/redis" + "github.com/tstranex/u2f" "github.com/authelia/authelia/internal/authentication" @@ -11,9 +13,9 @@ import ( // ProviderConfig is the configuration used to create the session provider. type ProviderConfig struct { - config *session.Config - providerName string - providerConfig session.ProviderConfig + config session.Config + redisConfig *redis.Config + providerName string } // U2FRegistration is a serializable version of a U2F registration.