116 lines
2.7 KiB
Go
116 lines
2.7 KiB
Go
package bootstrap
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/rand"
|
|
"encoding/base64"
|
|
"encoding/gob"
|
|
"fmt"
|
|
"net/http"
|
|
"os"
|
|
"time"
|
|
|
|
sessionHandlers "synlotto-website/internal/handlers/session"
|
|
sessionHelpers "synlotto-website/internal/helpers/session"
|
|
|
|
"synlotto-website/internal/logging"
|
|
"synlotto-website/internal/models"
|
|
|
|
"github.com/gorilla/sessions"
|
|
)
|
|
|
|
var (
|
|
sessionStore *sessions.CookieStore
|
|
Name string
|
|
authKey []byte
|
|
encryptKey []byte
|
|
)
|
|
|
|
func InitSession(cfg *models.Config) error {
|
|
gob.Register(time.Time{})
|
|
authPath := cfg.Session.AuthKeyPath
|
|
encPath := cfg.Session.EncryptionKeyPath
|
|
|
|
if _, err := os.Stat(authPath); os.IsNotExist(err) {
|
|
logging.Info("⚠️ Auth key not found, creating: %s", authPath)
|
|
key, err := generateRandomBytes(32)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
encoded := sessionHelpers.EncodeKey(key)
|
|
err = os.WriteFile(authPath, []byte(encoded), 0600)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
if _, err := os.Stat(encPath); os.IsNotExist(err) {
|
|
logging.Info("⚠️ Encryption key not found, creating: %s", encPath)
|
|
key, err := generateRandomBytes(32)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
encoded := sessionHelpers.EncodeKey(key)
|
|
err = os.WriteFile(encPath, []byte(encoded), 0600)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return loadSessionKeys(
|
|
authPath,
|
|
encPath,
|
|
cfg.Session.Name,
|
|
cfg.HttpServer.ProductionMode,
|
|
)
|
|
}
|
|
|
|
func generateRandomBytes(length int) ([]byte, error) {
|
|
b := make([]byte, length)
|
|
_, err := rand.Read(b)
|
|
if err != nil {
|
|
logging.Error("failed to generate random bytes: %w", err)
|
|
|
|
return nil, err
|
|
}
|
|
return b, nil
|
|
}
|
|
|
|
func loadSessionKeys(authPath, encryptionPath, name string, isProduction bool) error {
|
|
var err error
|
|
|
|
rawAuth, err := os.ReadFile(authPath)
|
|
if err != nil {
|
|
return fmt.Errorf("error reading auth key: %w", err)
|
|
}
|
|
authKey, err = base64.StdEncoding.DecodeString(string(bytes.TrimSpace(rawAuth)))
|
|
if err != nil {
|
|
return fmt.Errorf("error decoding auth key: %w", err)
|
|
}
|
|
|
|
rawEnc, err := os.ReadFile(encryptionPath)
|
|
if err != nil {
|
|
return fmt.Errorf("error reading encryption key: %w", err)
|
|
}
|
|
encryptKey, err = base64.StdEncoding.DecodeString(string(bytes.TrimSpace(rawEnc)))
|
|
if err != nil {
|
|
return fmt.Errorf("error decoding encryption key: %w", err)
|
|
}
|
|
|
|
if len(authKey) != 32 || len(encryptKey) != 32 {
|
|
return fmt.Errorf("auth and encryption keys must be 32 bytes each (got auth=%d, enc=%d)", len(authKey), len(encryptKey))
|
|
}
|
|
|
|
sessionHandlers.SessionStore = sessions.NewCookieStore(authKey, encryptKey)
|
|
sessionHandlers.SessionStore.Options = &sessions.Options{
|
|
Path: "/",
|
|
MaxAge: 86400,
|
|
HttpOnly: true,
|
|
Secure: isProduction,
|
|
SameSite: http.SameSiteLaxMode,
|
|
}
|
|
|
|
sessionHandlers.Name = name
|
|
return nil
|
|
}
|