Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
txlyre
/
3x-ui
-ын хуулбар https://github.com/MHSanaei/3x-ui
1
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Мод: 50603fd430
Салаанууд Тагууд
3x-ui
/
web
/
session
/
session.go

session.go 2.1 KB
Түүх Анхны өгөгдөл

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. // Package session provides session management utilities for the 3x-ui web panel.
    2. 

  2. // It handles user authentication state, login sessions, and session storage using Gin sessions.
    3. 

  3. package session
    4. 

  4. 

  5. import (
    6. 

  6. 	"encoding/gob"
    7. 

  7. 	"net/http"
    8. 

  8. 

  9. 	"github.com/mhsanaei/3x-ui/v2/database/model"
    10. 

  10. 	"github.com/mhsanaei/3x-ui/v2/logger"
    11. 

  11. 

  12. 	"github.com/gin-contrib/sessions"
    13. 

  13. 	"github.com/gin-gonic/gin"
    14. 

  14. )
    15. 

  15. 

  16. const (
    17. 

  17. 	loginUserKey = "LOGIN_USER"
    18. 

  18. )
    19. 

  19. 

  20. func init() {
    21. 

  21. 	gob.Register(model.User{})
    22. 

  22. }
    23. 

  23. 

  24. // SetLoginUser stores the authenticated user in the session and persists it.
    25. 

  25. // gin-contrib/sessions does not auto-save; callers that forget Save() leave
    26. 

  26. // the cookie out of sync with server state — this helper avoids that pitfall.
    27. 

  27. func SetLoginUser(c *gin.Context, user *model.User) error {
    28. 

  28. 	if user == nil {
    29. 

  29. 		return nil
    30. 

  30. 	}
    31. 

  31. 	s := sessions.Default(c)
    32. 

  32. 	s.Set(loginUserKey, *user)
    33. 

  33. 	return s.Save()
    34. 

  34. }
    35. 

  35. 

  36. // GetLoginUser retrieves the authenticated user from the session.
    37. 

  37. // Returns nil if no user is logged in or if the session data is invalid.
    38. 

  38. func GetLoginUser(c *gin.Context) *model.User {
    39. 

  39. 	s := sessions.Default(c)
    40. 

  40. 	obj := s.Get(loginUserKey)
    41. 

  41. 	if obj == nil {
    42. 

  42. 		return nil
    43. 

  43. 	}
    44. 

  44. 	user, ok := obj.(model.User)
    45. 

  45. 	if !ok {
    46. 

  46. 		// Stale or incompatible session payload — wipe and persist immediately
    47. 

  47. 		// so subsequent requests don't keep hitting the same broken cookie.
    48. 

  48. 		s.Delete(loginUserKey)
    49. 

  49. 		if err := s.Save(); err != nil {
    50. 

  50. 			logger.Warning("session: failed to drop stale user payload:", err)
    51. 

  51. 		}
    52. 

  52. 		return nil
    53. 

  53. 	}
    54. 

  54. 	return &user
    55. 

  55. }
    56. 

  56. 

  57. // IsLogin checks if a user is currently authenticated in the session.
    58. 

  58. func IsLogin(c *gin.Context) bool {
    59. 

  59. 	return GetLoginUser(c) != nil
    60. 

  60. }
    61. 

  61. 

  62. // ClearSession invalidates the session and tells the browser to drop the cookie.
    63. 

  63. // The cookie attributes (Path/HttpOnly/SameSite) must mirror those used when
    64. 

  64. // the cookie was created or browsers will keep it.
    65. 

  65. func ClearSession(c *gin.Context) error {
    66. 

  66. 	s := sessions.Default(c)
    67. 

  67. 	s.Clear()
    68. 

  68. 	cookiePath := c.GetString("base_path")
    69. 

  69. 	if cookiePath == "" {
    70. 

  70. 		cookiePath = "/"
    71. 

  71. 	}
    72. 

  72. 	s.Options(sessions.Options{
    73. 

  73. 		Path:     cookiePath,
    74. 

  74. 		MaxAge:   -1,
    75. 

  75. 		HttpOnly: true,
    76. 

  76. 		SameSite: http.SameSiteLaxMode,
    77. 

  77. 	})
    78. 

  78. 	return s.Save()
    79. 

  79. }
    80.