cookie ready
This commit is contained in:
@@ -32,7 +32,7 @@ func TestApplyRequestMarketUsesSelectedCountryCurrency(t *testing.T) {
|
||||
t.Fatalf("iso_code_country = %q, want %q", got, "PL")
|
||||
}
|
||||
if _, ok := session.Values["id_country"]; ok {
|
||||
t.Fatalf("id_country should not be persisted in anonymous market cookie")
|
||||
t.Fatalf("id_country should not be added by Go market rewrite")
|
||||
}
|
||||
if got := session.Values["id_currency"]; got != "6" {
|
||||
t.Fatalf("id_currency = %q, want %q", got, "6")
|
||||
@@ -40,13 +40,13 @@ func TestApplyRequestMarketUsesSelectedCountryCurrency(t *testing.T) {
|
||||
if session.CurrencyID == nil || *session.CurrencyID != 6 {
|
||||
t.Fatalf("CurrencyID = %v, want 6", session.CurrencyID)
|
||||
}
|
||||
if _, ok := session.Values["id_shop"]; ok {
|
||||
t.Fatalf("id_shop should not be persisted in anonymous market cookie")
|
||||
if got := session.Values["id_shop"]; got != "1" {
|
||||
t.Fatalf("id_shop = %q, want %q", got, "1")
|
||||
}
|
||||
if _, ok := session.Values["id_cart"]; ok {
|
||||
t.Fatalf("id_cart should not be persisted in anonymous market cookie")
|
||||
if got := session.Values["id_cart"]; got != "55" {
|
||||
t.Fatalf("id_cart = %q, want %q", got, "55")
|
||||
}
|
||||
wantOrder := []string{"date_add", "id_lang", "id_language", "iso_code_country", "id_currency", "id_guest", "id_connections", "checksum"}
|
||||
wantOrder := []string{"date_add", "id_lang", "id_language", "id_currency", "id_guest", "id_connections", "id_shop", "id_cart", "iso_code_country", "checksum"}
|
||||
for i, key := range wantOrder {
|
||||
if i >= len(session.OrderedKeys) || session.OrderedKeys[i] != key {
|
||||
t.Fatalf("OrderedKeys[%d] = %q, want %q; full=%v", i, session.OrderedKeys[i], key, session.OrderedKeys)
|
||||
|
||||
@@ -3,7 +3,6 @@ package middleware
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"hash/crc32"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"strings"
|
||||
@@ -26,6 +25,10 @@ type SessionCookieNameResolver interface {
|
||||
ResolveCookieName(ctx context.Context, req *http.Request) (string, error)
|
||||
}
|
||||
|
||||
type SessionCookiePathResolver interface {
|
||||
ResolveCookiePath(ctx context.Context, req *http.Request) (string, error)
|
||||
}
|
||||
|
||||
type LanguageResolver interface {
|
||||
ResolveLanguageID(ctx context.Context, req *http.Request, fallback int64) int64
|
||||
}
|
||||
@@ -38,6 +41,7 @@ func Session(cfg psconfig.Config, codec pscookie.Codec, initializer AnonymousSes
|
||||
ownership := cfg.ParseRouteOwnership()
|
||||
expiryRefresher, _ := initializer.(SessionExpiryRefresher)
|
||||
cookieNameResolver, _ := initializer.(SessionCookieNameResolver)
|
||||
cookiePathResolver, _ := initializer.(SessionCookiePathResolver)
|
||||
|
||||
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
||||
return func(c echo.Context) error {
|
||||
@@ -82,6 +86,16 @@ func Session(cfg psconfig.Config, codec pscookie.Codec, initializer AnonymousSes
|
||||
applyRequestMarket(session, requestMarketSelection(c.Request()))
|
||||
}
|
||||
if ownedRoute && shouldSetSessionCookie(rawCookie, session) {
|
||||
cookiePath := "/"
|
||||
if cookiePathResolver != nil {
|
||||
resolvedCookiePath, err := cookiePathResolver.ResolveCookiePath(c.Request().Context(), c.Request())
|
||||
if err != nil {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("prestashop cookie path resolution failed: %v", err))
|
||||
}
|
||||
if strings.TrimSpace(resolvedCookiePath) != "" {
|
||||
cookiePath = resolvedCookiePath
|
||||
}
|
||||
}
|
||||
if expiryRefresher != nil {
|
||||
if err := expiryRefresher.RefreshExpiry(c.Request().Context(), session); err != nil {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("prestashop session expiry refresh failed: %v", err))
|
||||
@@ -92,7 +106,7 @@ func Session(cfg psconfig.Config, codec pscookie.Codec, initializer AnonymousSes
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, "prestashop cookie encode failed")
|
||||
}
|
||||
session.RawCookie = encoded
|
||||
setPrestaShopCookie(c.Request(), c.Response(), session, cookieName, encoded)
|
||||
setPrestaShopCookie(c.Request(), c.Response(), session, cookieName, encoded, cookiePath)
|
||||
if redirectURL, ok := clearMarketSelectionURL(c.Request()); ok {
|
||||
return c.Redirect(http.StatusSeeOther, redirectURL)
|
||||
}
|
||||
@@ -153,20 +167,7 @@ func cookiePrefix(configuredName string) string {
|
||||
}
|
||||
|
||||
func shouldBootstrapAnonymousSession(rawCookie string, session *pscookie.SessionContext) bool {
|
||||
if session == nil {
|
||||
return true
|
||||
}
|
||||
if rawCookie == "" {
|
||||
return true
|
||||
}
|
||||
if session.IsLoggedIn {
|
||||
return false
|
||||
}
|
||||
return session.GuestID == nil ||
|
||||
session.CurrencyID == nil ||
|
||||
session.LanguageID == nil ||
|
||||
session.Values["id_connections"] == "" ||
|
||||
session.Values["iso_code_country"] == ""
|
||||
return session == nil || rawCookie == ""
|
||||
}
|
||||
|
||||
func shouldSetSessionCookie(rawCookie string, session *pscookie.SessionContext) bool {
|
||||
@@ -195,15 +196,9 @@ func applyRequestLanguage(session *pscookie.SessionContext, languageID int64) {
|
||||
session.LanguageID = int64Ptr(languageID)
|
||||
session.Values["id_lang"] = value
|
||||
session.Values["id_language"] = value
|
||||
session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "id_lang", 1)
|
||||
session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "id_language", 3)
|
||||
|
||||
if !session.IsLoggedIn {
|
||||
if checksum := anonymousSessionChecksum(session, languageID); checksum != "" {
|
||||
session.Values["checksum"] = checksum
|
||||
session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "checksum", len(session.OrderedKeys))
|
||||
}
|
||||
}
|
||||
session.OrderedKeys = appendOrderedKeyIfMissing(session.OrderedKeys, "id_lang")
|
||||
session.OrderedKeys = appendOrderedKeyIfMissing(session.OrderedKeys, "id_language")
|
||||
session.OrderedKeys = moveOrderedKeyToEnd(session.OrderedKeys, "checksum")
|
||||
|
||||
session.Plaintext = ""
|
||||
session.RawCookie = ""
|
||||
@@ -235,18 +230,9 @@ func applyRequestMarket(session *pscookie.SessionContext, selection marketSelect
|
||||
session.CurrencyID = int64Ptr(selection.CurrencyID)
|
||||
session.Values["iso_code_country"] = selection.CountryISO
|
||||
session.Values["id_currency"] = strconv.FormatInt(selection.CurrencyID, 10)
|
||||
delete(session.Values, "id_country")
|
||||
session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "iso_code_country", 4)
|
||||
session.OrderedKeys = removeOrderedKey(session.OrderedKeys, "id_country")
|
||||
session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "id_currency", 5)
|
||||
|
||||
if !session.IsLoggedIn {
|
||||
trimAnonymousCookieValues(session)
|
||||
session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "id_guest", 6)
|
||||
session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "id_connections", 7)
|
||||
session.OrderedKeys = removeOrderedKey(session.OrderedKeys, "checksum")
|
||||
session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "checksum", len(session.OrderedKeys))
|
||||
}
|
||||
session.OrderedKeys = appendOrderedKeyIfMissing(session.OrderedKeys, "iso_code_country")
|
||||
session.OrderedKeys = appendOrderedKeyIfMissing(session.OrderedKeys, "id_currency")
|
||||
session.OrderedKeys = moveOrderedKeyToEnd(session.OrderedKeys, "checksum")
|
||||
|
||||
session.Plaintext = ""
|
||||
session.RawCookie = ""
|
||||
@@ -259,91 +245,28 @@ func sessionLanguageID(session *pscookie.SessionContext) int64 {
|
||||
return *session.LanguageID
|
||||
}
|
||||
|
||||
func anonymousSessionChecksum(session *pscookie.SessionContext, languageID int64) string {
|
||||
if session == nil || session.Values == nil {
|
||||
return ""
|
||||
}
|
||||
guestID, _ := strconv.ParseInt(session.Values["id_guest"], 10, 64)
|
||||
connectionID, _ := strconv.ParseInt(session.Values["id_connections"], 10, 64)
|
||||
currencyID, _ := strconv.ParseInt(session.Values["id_currency"], 10, 64)
|
||||
shopID, _ := strconv.ParseInt(session.Values["id_shop"], 10, 64)
|
||||
if guestID == 0 || connectionID == 0 || currencyID == 0 {
|
||||
return ""
|
||||
}
|
||||
|
||||
buf := make([]byte, 0, 32)
|
||||
for _, value := range []int64{guestID, connectionID, languageID, currencyID, shopID} {
|
||||
buf = strconv.AppendInt(buf, value, 10)
|
||||
buf = append(buf, '|')
|
||||
}
|
||||
return strconv.FormatUint(uint64(crc32.ChecksumIEEE(buf)), 10)
|
||||
}
|
||||
|
||||
func ensureOrderedKey(keys []string, key string, index int) []string {
|
||||
func appendOrderedKeyIfMissing(keys []string, key string) []string {
|
||||
for i, existing := range keys {
|
||||
if existing != key {
|
||||
continue
|
||||
}
|
||||
if i == index || index >= len(keys) {
|
||||
if i >= 0 {
|
||||
return keys
|
||||
}
|
||||
keys = append(keys[:i], keys[i+1:]...)
|
||||
break
|
||||
}
|
||||
|
||||
if index < 0 {
|
||||
index = 0
|
||||
}
|
||||
if index >= len(keys) {
|
||||
return append(keys, key)
|
||||
}
|
||||
|
||||
keys = append(keys, "")
|
||||
copy(keys[index+1:], keys[index:])
|
||||
keys[index] = key
|
||||
return keys
|
||||
return append(keys, key)
|
||||
}
|
||||
|
||||
func removeOrderedKey(keys []string, key string) []string {
|
||||
func moveOrderedKeyToEnd(keys []string, key string) []string {
|
||||
for i, existing := range keys {
|
||||
if existing == key {
|
||||
return append(keys[:i], keys[i+1:]...)
|
||||
keys = append(keys[:i], keys[i+1:]...)
|
||||
return append(keys, key)
|
||||
}
|
||||
}
|
||||
return keys
|
||||
}
|
||||
|
||||
func trimAnonymousCookieValues(session *pscookie.SessionContext) {
|
||||
if session == nil || session.Values == nil {
|
||||
return
|
||||
}
|
||||
|
||||
allowed := map[string]struct{}{
|
||||
"date_add": {},
|
||||
"id_lang": {},
|
||||
"id_language": {},
|
||||
"iso_code_country": {},
|
||||
"id_currency": {},
|
||||
"id_guest": {},
|
||||
"id_connections": {},
|
||||
"checksum": {},
|
||||
}
|
||||
|
||||
for key := range session.Values {
|
||||
if _, ok := allowed[key]; !ok {
|
||||
delete(session.Values, key)
|
||||
}
|
||||
}
|
||||
|
||||
filtered := make([]string, 0, len(session.OrderedKeys))
|
||||
for _, key := range session.OrderedKeys {
|
||||
if _, ok := allowed[key]; ok {
|
||||
filtered = append(filtered, key)
|
||||
}
|
||||
}
|
||||
session.OrderedKeys = filtered
|
||||
}
|
||||
|
||||
func int64Ptr(value int64) *int64 {
|
||||
if value == 0 {
|
||||
return nil
|
||||
@@ -413,13 +336,16 @@ func clearMarketSelectionURL(req *http.Request) (string, bool) {
|
||||
return cleanPath, true
|
||||
}
|
||||
|
||||
func setPrestaShopCookie(req *http.Request, res *echo.Response, session *pscookie.SessionContext, name, value string) {
|
||||
func setPrestaShopCookie(req *http.Request, res *echo.Response, session *pscookie.SessionContext, name, value, path string) {
|
||||
maxAge := 1
|
||||
if session != nil && session.ExpiresAt != nil {
|
||||
maxAge = int(session.ExpiresAt.UTC().Unix())
|
||||
}
|
||||
if strings.TrimSpace(path) == "" {
|
||||
path = "/"
|
||||
}
|
||||
|
||||
header := fmt.Sprintf("%s=%s; path=/; max-age=%d; HttpOnly; SameSite=Lax", name, value, maxAge)
|
||||
header := fmt.Sprintf("%s=%s; path=%s; max-age=%d; HttpOnly; SameSite=Lax", name, value, path, maxAge)
|
||||
if requestCookieSecure(req) {
|
||||
header += "; Secure"
|
||||
}
|
||||
|
||||
@@ -12,6 +12,54 @@ import (
|
||||
pscookie "git.ma-al.com/goc_marek/ps_shop/internal/prestashop/cookie"
|
||||
)
|
||||
|
||||
func TestShouldBootstrapAnonymousSession(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
rawCookie string
|
||||
session *pscookie.SessionContext
|
||||
want bool
|
||||
}{
|
||||
{
|
||||
name: "missing cookie bootstraps",
|
||||
rawCookie: "",
|
||||
session: &pscookie.SessionContext{},
|
||||
want: true,
|
||||
},
|
||||
{
|
||||
name: "nil session bootstraps",
|
||||
rawCookie: "cookie",
|
||||
session: nil,
|
||||
want: true,
|
||||
},
|
||||
{
|
||||
name: "incomplete anonymous cookie does not bootstrap",
|
||||
rawCookie: "cookie",
|
||||
session: &pscookie.SessionContext{
|
||||
Values: map[string]string{
|
||||
"id_lang": "5",
|
||||
},
|
||||
},
|
||||
want: false,
|
||||
},
|
||||
{
|
||||
name: "logged in cookie does not bootstrap",
|
||||
rawCookie: "cookie",
|
||||
session: &pscookie.SessionContext{
|
||||
IsLoggedIn: true,
|
||||
},
|
||||
want: false,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range tests {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
if got := shouldBootstrapAnonymousSession(tc.rawCookie, tc.session); got != tc.want {
|
||||
t.Fatalf("shouldBootstrapAnonymousSession() = %v, want %v", got, tc.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestSetPrestaShopCookiePersistsExpiry(t *testing.T) {
|
||||
e := echo.New()
|
||||
req := httptest.NewRequest(http.MethodGet, "https://shop.example.com/product/test", nil)
|
||||
@@ -21,7 +69,7 @@ func TestSetPrestaShopCookiePersistsExpiry(t *testing.T) {
|
||||
|
||||
setPrestaShopCookie(req, res, &pscookie.SessionContext{
|
||||
ExpiresAt: &expiresAt,
|
||||
}, "PrestaShop-test", "value")
|
||||
}, "PrestaShop-test", "value", "/")
|
||||
|
||||
setCookie := rec.Header().Get("Set-Cookie")
|
||||
if !strings.Contains(setCookie, "max-age=") {
|
||||
|
||||
Reference in New Issue
Block a user