mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
8aade7f40e
* added regulation validator * made regulations find_time and ban_time values duration notation strings * added DefaultRegulationConfiguration for the validator * made session expiration and inactivity values duration notation strings * TOTP period does not need to be converted because adjustment should be discouraged * moved TOTP defaults to DefaultTOTPConfiguration and removed the consts * arranged the root config validator in configuration file order * adjusted tests for the changes * moved duration notation docs to root of configuration * added references to duration notation where applicable * project wide gofmt and goimports: * run gofmt * run goimports -local github.com/authelia/authelia -w on all files * Make jwt_secret error uniform and add tests * now at 100% coverage for internal/configuration/validator/configuration.go
65 lines
1.5 KiB
Go
65 lines
1.5 KiB
Go
package session
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"fmt"
|
|
|
|
"github.com/fasthttp/session"
|
|
|
|
"github.com/authelia/authelia/internal/utils"
|
|
)
|
|
|
|
// EncryptingSerializer a serializer encrypting the data with AES-GCM with 256-bit keys.
|
|
type EncryptingSerializer struct {
|
|
key [32]byte
|
|
}
|
|
|
|
// NewEncryptingSerializer return new encrypt instance
|
|
func NewEncryptingSerializer(secret string) *EncryptingSerializer {
|
|
key := sha256.Sum256([]byte(secret))
|
|
return &EncryptingSerializer{key}
|
|
}
|
|
|
|
// Encode encode and encrypt session
|
|
func (e *EncryptingSerializer) Encode(src session.Dict) ([]byte, error) {
|
|
if len(src.D) == 0 {
|
|
return nil, nil
|
|
}
|
|
|
|
dst, err := src.MarshalMsg(nil)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Unable to marshal session: %v", err)
|
|
}
|
|
|
|
encryptedDst, err := utils.Encrypt(dst, &e.key)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Unable to encrypt session: %v", err)
|
|
}
|
|
|
|
return encryptedDst, nil
|
|
}
|
|
|
|
// Decode decrypt and decode session
|
|
func (e *EncryptingSerializer) Decode(dst *session.Dict, src []byte) error {
|
|
if len(src) == 0 {
|
|
return nil
|
|
}
|
|
|
|
dst.Reset()
|
|
decryptedSrc, err := utils.Decrypt(src, &e.key)
|
|
if err != nil {
|
|
// If an error is thrown while decrypting, it's probably an old unencrypted session
|
|
// so we just unmarshall it without decrypting. It's a way to avoid a breaking change
|
|
// requiring to flush redis.
|
|
// TODO(clems4ever): remove in few months
|
|
_, uerr := dst.UnmarshalMsg(src)
|
|
if uerr != nil {
|
|
return fmt.Errorf("Unable to decrypt session: %s", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
_, err = dst.UnmarshalMsg(decryptedSrc)
|
|
return err
|
|
}
|