diff options
-rw-r--r-- | libs/web/luasrc/sauth.lua | 95 | ||||
-rw-r--r-- | modules/rpc/luasrc/controller/rpc.lua | 4 |
2 files changed, 57 insertions, 42 deletions
diff --git a/libs/web/luasrc/sauth.lua b/libs/web/luasrc/sauth.lua index 41681ab16a..ef9fa1e328 100644 --- a/libs/web/luasrc/sauth.lua +++ b/libs/web/luasrc/sauth.lua @@ -26,36 +26,62 @@ luci.config.sauth = luci.config.sauth or {} sessionpath = luci.config.sauth.sessionpath sessiontime = tonumber(luci.config.sauth.sessiontime) or 15 * 60 ---- Manually clean up expired sessions. -function clean() - local now = os.time() - local files = fs.dir(sessionpath) - - if not files then - return nil - end - - for file in files do - local fname = sessionpath .. "/" .. file - local stat = fs.stat(fname) - if stat and stat.type == "reg" and stat.mtime + sessiontime < now then - fs.unlink(fname) - end - end -end - --- Prepare session storage by creating the session directory. function prepare() fs.mkdir(sessionpath, 700) - if not sane() then error("Security Exception: Session path is not sane!") end end +function encode(t) + return luci.util.get_bytecode({ + user=t.user, + token=t.token, + secret=t.secret, + atime=luci.sys.uptime() + }) +end + +function decode(blob) + local t = loadstring(blob)() + return { + user = t.user, + token = t.token, + secret = t.secret, + atime = t.atime + } +end + --- Read a session and return its content. -- @param id Session identifier -- @return Session data +local function _read(id) + local blob = fs.readfile(sessionpath .. "/" .. id) + return blob +end + +--- Write session data to a session file. +-- @param id Session identifier +-- @param data Session data +local function _write(id, data) + local f = nixio.open(sessionpath .. "/" .. id, "w", 600) + f:writeall(data) + f:close() +end + +function write(id, data) + if not sane() then + prepare() + end + + if not id or #id == 0 or not id:match("^%w+$") then + error("Session ID is not sane!") + end + + _write(id, data) +end + function read(id) if not id or #id == 0 then return @@ -63,12 +89,19 @@ function read(id) if not id:match("^%w+$") then error("Session ID is not sane!") end - clean() if not sane(sessionpath .. "/" .. id) then return end - fs.utimes(sessionpath .. "/" .. id) - return fs.readfile(sessionpath .. "/" .. id) + + local blob = _read(id) + if decode(blob).atime + sessiontime < luci.sys.uptime()then + fs.unlink(sessionpath .. "/" .. id) + return + end + -- refresh atime in session + refreshed = encode(decode(blob)) + write(id, refreshed) + return blob end @@ -81,24 +114,6 @@ function sane(file) == (file and "rw-------" or "rwx------") end - ---- Write session data to a session file. --- @param id Session identifier --- @param data Session data -function write(id, data) - if not sane() then - prepare() - end - if not id:match("^%w+$") then - error("Session ID is not sane!") - end - - local f = nixio.open(sessionpath .. "/" .. id, "w", 600) - f:writeall(data) - f:close() -end - - --- Kills a session -- @param id Session identifier function kill(id) diff --git a/modules/rpc/luasrc/controller/rpc.lua b/modules/rpc/luasrc/controller/rpc.lua index 6b091163f1..b989b59a31 100644 --- a/modules/rpc/luasrc/controller/rpc.lua +++ b/modules/rpc/luasrc/controller/rpc.lua @@ -27,7 +27,7 @@ function index() if auth then -- if authentication token was given local sdat = luci.sauth.read(auth) if sdat then -- if given token is valid - user = loadstring(sdat)().user + user = luci.sauth.decode(sdat).user if user and luci.util.contains(accs, user) then return user, auth end @@ -68,7 +68,7 @@ function rpc_auth() secret = sys.uniqueid(16) http.header("Set-Cookie", "sysauth=" .. sid.."; path=/") - sauth.write(sid, util.get_bytecode({ + sauth.write(sid, sauth.encode({ user=user, token=token, secret=secret |