clawbot
afe88c601a
All checks were successful
check / check (push) Successful in 5s
Closes [issue #50](#50) ## Summary Refactors the Dockerfile to use a separate lint stage with a pinned golangci-lint Docker image, following the pattern used by [sneak/pixa](https://git.eeqj.de/sneak/pixa). This replaces the previous approach of installing golangci-lint via curl in the builder stage. ## Changes ### Dockerfile - **New `lint` stage** using `golangci/golangci-lint:v2.11.3` (Debian-based, pinned by sha256 digest) as a separate build stage - **Builder stage** depends on lint via `COPY --from=lint /src/go.sum /dev/null` — build won't proceed unless linting passes - **Go bumped** from 1.24 to 1.26.1 (`golang:1.26.1-bookworm`, pinned by sha256) - **golangci-lint bumped** from v1.64.8 to v2.11.3 - All three Docker images (golangci-lint, golang, alpine) pinned by sha256 digest - Debian-based golangci-lint image used (not Alpine) because mattn/go-sqlite3 CGO does not compile on musl (off64_t) ### Linter Config (.golangci.yml) - Migrated from v1 to v2 format (`version: "2"` added) - Removed linters no longer available in v2: `gofmt` (handled by `make fmt-check`), `gosimple` (merged into `staticcheck`), `typecheck` (always-on in v2) - Same set of linters enabled — no rules weakened ### Code Fixes (all lint issues from v2 upgrade) - Added package comments to all packages - Added doc comments to all exported types, functions, and methods - Fixed unchecked errors flagged by `errcheck` (sqlDB.Close, os.Setenv in tests, resp.Body.Close, fmt.Fprint) - Fixed unused parameters flagged by `revive` (renamed to `_`) - Fixed `gosec` G120 warnings: added `http.MaxBytesReader` before `r.ParseForm()` calls - Fixed `staticcheck` QF1012: replaced `WriteString(fmt.Sprintf(...))` with `fmt.Fprintf` - Fixed `staticcheck` QF1003: converted if/else chain to tagged switch - Renamed `DeliveryTask` → `Task` to avoid package stutter (`delivery.Task` instead of `delivery.DeliveryTask`) - Renamed shadowed builtin `max` parameter to `upperBound` in `cryptoRandInt` - Used `t.Setenv` instead of `os.Setenv` in tests (auto-restores) ### README.md - Updated version requirements: Go 1.26+, golangci-lint v2.11+ - Updated Dockerfile description in project structure ## Verification `docker build .` passes cleanly — formatting check, linting, all tests, and build all succeed. Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de> Reviewed-on: #55 Co-authored-by: clawbot <clawbot@noreply.example.org> Co-committed-by: clawbot <clawbot@noreply.example.org>
256 lines
6.1 KiB
Go
256 lines
6.1 KiB
Go
// Package session manages HTTP session storage and authentication
|
|
// state.
|
|
package session
|
|
|
|
import (
|
|
"context"
|
|
"encoding/base64"
|
|
"errors"
|
|
"fmt"
|
|
"log/slog"
|
|
"maps"
|
|
"net/http"
|
|
|
|
"github.com/gorilla/sessions"
|
|
"go.uber.org/fx"
|
|
"sneak.berlin/go/webhooker/internal/config"
|
|
"sneak.berlin/go/webhooker/internal/database"
|
|
"sneak.berlin/go/webhooker/internal/logger"
|
|
)
|
|
|
|
const (
|
|
// SessionName is the name of the session cookie.
|
|
SessionName = "webhooker_session"
|
|
|
|
// UserIDKey is the session key for user ID.
|
|
UserIDKey = "user_id"
|
|
|
|
// UsernameKey is the session key for username.
|
|
UsernameKey = "username"
|
|
|
|
// AuthenticatedKey is the session key for authentication
|
|
// status.
|
|
AuthenticatedKey = "authenticated"
|
|
|
|
// sessionKeyLength is the required length in bytes for the
|
|
// session authentication key.
|
|
sessionKeyLength = 32
|
|
|
|
// sessionMaxAgeDays is the session cookie lifetime in days.
|
|
sessionMaxAgeDays = 7
|
|
|
|
// secondsPerDay is the number of seconds in a day.
|
|
secondsPerDay = 86400
|
|
)
|
|
|
|
// ErrSessionKeyLength is returned when the decoded session key
|
|
// does not have the expected length.
|
|
var ErrSessionKeyLength = errors.New("session key length mismatch")
|
|
|
|
// Params holds dependencies injected by fx.
|
|
type Params struct {
|
|
fx.In
|
|
|
|
Config *config.Config
|
|
Database *database.Database
|
|
Logger *logger.Logger
|
|
}
|
|
|
|
// Session manages encrypted session storage.
|
|
type Session struct {
|
|
store *sessions.CookieStore
|
|
key []byte // raw 32-byte auth key, also used for CSRF cookie signing
|
|
log *slog.Logger
|
|
config *config.Config
|
|
}
|
|
|
|
// New creates a new session manager. The cookie store is
|
|
// initialized during the fx OnStart phase after the database is
|
|
// connected, using a session key that is auto-generated and stored
|
|
// in the database.
|
|
func New(
|
|
lc fx.Lifecycle,
|
|
params Params,
|
|
) (*Session, error) {
|
|
s := &Session{
|
|
log: params.Logger.Get(),
|
|
config: params.Config,
|
|
}
|
|
|
|
lc.Append(fx.Hook{
|
|
OnStart: func(_ context.Context) error {
|
|
sessionKey, err := params.Database.GetOrCreateSessionKey()
|
|
if err != nil {
|
|
return fmt.Errorf(
|
|
"failed to get session key: %w", err,
|
|
)
|
|
}
|
|
|
|
keyBytes, err := base64.StdEncoding.DecodeString(
|
|
sessionKey,
|
|
)
|
|
if err != nil {
|
|
return fmt.Errorf(
|
|
"invalid session key format: %w", err,
|
|
)
|
|
}
|
|
|
|
if len(keyBytes) != sessionKeyLength {
|
|
return fmt.Errorf(
|
|
"%w: want %d, got %d",
|
|
ErrSessionKeyLength,
|
|
sessionKeyLength,
|
|
len(keyBytes),
|
|
)
|
|
}
|
|
|
|
store := sessions.NewCookieStore(keyBytes)
|
|
|
|
// Configure cookie options for security
|
|
store.Options = &sessions.Options{
|
|
Path: "/",
|
|
MaxAge: secondsPerDay * sessionMaxAgeDays,
|
|
HttpOnly: true,
|
|
Secure: !params.Config.IsDev(),
|
|
SameSite: http.SameSiteLaxMode,
|
|
}
|
|
|
|
s.key = keyBytes
|
|
s.store = store
|
|
s.log.Info("session manager initialized")
|
|
|
|
return nil
|
|
},
|
|
})
|
|
|
|
return s, nil
|
|
}
|
|
|
|
// Get retrieves a session for the request.
|
|
func (s *Session) Get(
|
|
r *http.Request,
|
|
) (*sessions.Session, error) {
|
|
return s.store.Get(r, SessionName)
|
|
}
|
|
|
|
// GetKey returns the raw 32-byte authentication key used for
|
|
// session encryption. This key is also suitable for CSRF cookie
|
|
// signing.
|
|
func (s *Session) GetKey() []byte {
|
|
return s.key
|
|
}
|
|
|
|
// Save saves the session.
|
|
func (s *Session) Save(
|
|
r *http.Request,
|
|
w http.ResponseWriter,
|
|
sess *sessions.Session,
|
|
) error {
|
|
return sess.Save(r, w)
|
|
}
|
|
|
|
// SetUser sets the user information in the session.
|
|
func (s *Session) SetUser(
|
|
sess *sessions.Session,
|
|
userID, username string,
|
|
) {
|
|
sess.Values[UserIDKey] = userID
|
|
sess.Values[UsernameKey] = username
|
|
sess.Values[AuthenticatedKey] = true
|
|
}
|
|
|
|
// ClearUser removes user information from the session.
|
|
func (s *Session) ClearUser(sess *sessions.Session) {
|
|
delete(sess.Values, UserIDKey)
|
|
delete(sess.Values, UsernameKey)
|
|
delete(sess.Values, AuthenticatedKey)
|
|
}
|
|
|
|
// IsAuthenticated checks if the session has an authenticated
|
|
// user.
|
|
func (s *Session) IsAuthenticated(sess *sessions.Session) bool {
|
|
auth, ok := sess.Values[AuthenticatedKey].(bool)
|
|
|
|
return ok && auth
|
|
}
|
|
|
|
// GetUserID retrieves the user ID from the session.
|
|
func (s *Session) GetUserID(
|
|
sess *sessions.Session,
|
|
) (string, bool) {
|
|
userID, ok := sess.Values[UserIDKey].(string)
|
|
|
|
return userID, ok
|
|
}
|
|
|
|
// GetUsername retrieves the username from the session.
|
|
func (s *Session) GetUsername(
|
|
sess *sessions.Session,
|
|
) (string, bool) {
|
|
username, ok := sess.Values[UsernameKey].(string)
|
|
|
|
return username, ok
|
|
}
|
|
|
|
// Destroy invalidates the session.
|
|
func (s *Session) Destroy(sess *sessions.Session) {
|
|
sess.Options.MaxAge = -1
|
|
s.ClearUser(sess)
|
|
}
|
|
|
|
// Regenerate creates a new session with the same values but a
|
|
// fresh ID. The old session is destroyed (MaxAge = -1) and saved,
|
|
// then a new session is created. This prevents session fixation
|
|
// attacks by ensuring the session ID changes after privilege
|
|
// escalation (e.g. login).
|
|
func (s *Session) Regenerate(
|
|
r *http.Request,
|
|
w http.ResponseWriter,
|
|
oldSess *sessions.Session,
|
|
) (*sessions.Session, error) {
|
|
// Copy the values from the old session
|
|
oldValues := make(map[any]any)
|
|
maps.Copy(oldValues, oldSess.Values)
|
|
|
|
// Destroy the old session
|
|
oldSess.Options.MaxAge = -1
|
|
s.ClearUser(oldSess)
|
|
|
|
err := oldSess.Save(r, w)
|
|
if err != nil {
|
|
return nil, fmt.Errorf(
|
|
"failed to destroy old session: %w", err,
|
|
)
|
|
}
|
|
|
|
// Create a new session (gorilla/sessions generates a new ID)
|
|
newSess, err := s.store.New(r, SessionName)
|
|
if err != nil {
|
|
// store.New may return an error alongside a new empty
|
|
// session if the old cookie is now invalid. That is
|
|
// expected after we destroyed it above. Only fail on a
|
|
// nil session.
|
|
if newSess == nil {
|
|
return nil, fmt.Errorf(
|
|
"failed to create new session: %w", err,
|
|
)
|
|
}
|
|
}
|
|
|
|
// Restore the copied values into the new session
|
|
maps.Copy(newSess.Values, oldValues)
|
|
|
|
// Apply the standard session options (the destroyed old
|
|
// session had MaxAge = -1, which store.New might inherit
|
|
// from the cookie).
|
|
newSess.Options = &sessions.Options{
|
|
Path: "/",
|
|
MaxAge: secondsPerDay * sessionMaxAgeDays,
|
|
HttpOnly: true,
|
|
Secure: !s.config.IsDev(),
|
|
SameSite: http.SameSiteLaxMode,
|
|
}
|
|
|
|
return newSess, nil
|
|
}
|