diff options
| author |  Frédéric Guillot <fred@miniflux.net> | 2017-12-16 18:07:53 -0800 |
|---|---|---|
| committer | Frédéric Guillot <fred@miniflux.net> | 2017-12-16 18:07:53 -0800 |
| commit | 00257988ef1707a028cd7dd0b1f8f68e6e8fac53 (patch) | |
| tree | f54ccd93abb5054336baea1f0a4a99f8700fc81a /storage/session.go | |
| parent | 58acd1d5e3a997d27f60549b51bdf41df900c6c6 (diff) | |
Session management refactoring
Diffstat (limited to 'storage/session.go')
| -rw-r--r-- | storage/session.go | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/storage/session.go b/storage/session.go new file mode 100644 index 0000000..17a63e2 --- /dev/null +++ b/storage/session.go @@ -0,0 +1,77 @@ +// Copyright 2017 Frédéric Guillot. All rights reserved. +// Use of this source code is governed by the Apache 2.0 +// license that can be found in the LICENSE file. + +package storage + +import ( + "database/sql" + "fmt" + + "github.com/miniflux/miniflux/helper" + "github.com/miniflux/miniflux/model" +) + +// CreateSession creates a new session. +func (s *Storage) CreateSession() (*model.Session, error) { + session := model.Session{ + ID: helper.GenerateRandomString(32), + Data: &model.SessionData{CSRF: helper.GenerateRandomString(64)}, + } + + query := "INSERT INTO sessions (id, data) VALUES ($1, $2)" + _, err := s.db.Exec(query, session.ID, session.Data) + if err != nil { + return nil, fmt.Errorf("unable to create session: %v", err) + } + + return &session, nil +} + +// UpdateSessionField updates only one session field. +func (s *Storage) UpdateSessionField(sessionID, field string, value interface{}) error { + query := `UPDATE sessions + SET data = jsonb_set(data, '{%s}', to_jsonb($1::text), true) + WHERE id=$2` + + _, err := s.db.Exec(fmt.Sprintf(query, field), value, sessionID) + if err != nil { + return fmt.Errorf("unable to update session field: %v", err) + } + + return nil +} + +// Session returns the given session. +func (s *Storage) Session(id string) (*model.Session, error) { + var session model.Session + + query := "SELECT id, data FROM sessions WHERE id=$1" + err := s.db.QueryRow(query, id).Scan( + &session.ID, + &session.Data, + ) + + if err == sql.ErrNoRows { + return nil, fmt.Errorf("session not found: %s", id) + } else if err != nil { + return nil, fmt.Errorf("unable to fetch session: %v", err) + } + + return &session, nil +} + +// FlushAllSessions removes all sessions from the database. +func (s *Storage) FlushAllSessions() (err error) { + _, err = s.db.Exec(`DELETE FROM user_sessions`) + if err != nil { + return err + } + + _, err = s.db.Exec(`DELETE FROM sessions`) + if err != nil { + return err + } + + return nil +} |