Go 1.7ã®request.Context()
ã¯ïŒéèŠãªïŒïŒç Žå£çãªAPIã®å€æŽãå¿
èŠãšããŠããã®ã§ããã®ããã±ãŒãžã®ãv2ããã©ã®ããã«ãªãããè°è«ããè¯ãæ©äŒã«ãªããšæããŸããã ããã«ã golang / depã
éèŠãªå€æŽãšããŠç§ãèŠãŠãããã®ïŒ
(r, w)
ã§ã¯ãªãSave(w, r)
ã®é åºãä¿®æ£Save
ååŸã®ãŠãŒã¶ãŒãšã¯ã¹ããªãšã³ã¹ãåäžãããŸãïŒãµãã¯ãä¿åããã®ãå¿ããŠãååã«äžè¬çã§ãïŒïŒããã«ã€ããŠã¯ãŸã ã¹ã±ãžã¥ãŒã«ããããŸããã ãã£ãŒãããã¯ãåãä»ããŠããŸãã
ç§ã¯ãããã®ã»ãšãã©ãã¹ãŠã«åæããŸãã
ãããã ãŸããããã®äžéšãšããŠgorilla / securecookieãåçŽåããå¯èœæ§ããããŸããå éšã¯æéã®çµéãšãšãã«æé·ããçŸåšã®AES-CTR + MACã¢ãããŒãããHMAC-SHA-512 / 256ãŸãã¯ChaCha20 + Poly1305ïŒhttpsïŒ// godoc.org/golang.org/x/crypto/chacha20poly1305ïŒããããã£ãŠæå·ãç°¡çŽ åããŸãã
ãã以å€ã®å Žåãsecurecookieã¯å°ããªlibã§ãã ç§ãã¡ã®ããã«ãšã©ãŒã€ã³ã¿ãŒãã§ã€ã¹ãæ¡åŒµããã®ã¯ééãã ã£ããšæããŸãããæ®å¿µãªããã
ãããã®ã»ãšãã©ãã¹ãŠã«å¯ŸããŠ+1ã
ãããããã§ã«ãããæ€èšããŠãããšæããŸããã SCSã®æ§ç¯ããåŠãã ããšã®1ã€ã¯ãããã©ã«ãã®ãšã³ã³ãŒãã£ã³ã°ã«JSONã䜿çšããããšã¯ããã©ãŒãã³ã¹ã®èŠ³ç¹ããã¯è³¢æã§ããããŠãŒã¶ãŒã«ãšã£ãŠã¯ããè€éã«ãªãå¯èœæ§ããããšããããšã§ãïŒ map[interface{}]interface{}
æ³å®ïŒ
ããšãã°ã以åã«ä¿åãããtime.Time
ãªããžã§ã¯ããååŸããŸãã gobãšã³ã³ãŒãã£ã³ã°ã䜿çšãããšããŠãŒã¶ãŒã¯interface{}
å€ãååŸããŠããããtime.Time
ã¢ãµãŒãã§ããŸãã ããã¯ããªãåçŽã§ç°¡åã§ãã åºç€ãšãªãJSONãšã³ã³ãŒãã£ã³ã°ã§ã¯ããŠãŒã¶ãŒã¯interface{}
å€ãæååã«æã¡èŸŒãããšãç¥ã£ãŠããã time.Parse(time.RFC3339, ...)
ãåŒã³åºããŠtime.Time
ãªããžã§ã¯ãã«æ»ãå¿
èŠããããŸãã
åæ§ã«ãæŽæ°ãšæµ®åå°æ°ç¹æ°ãšjson.Number
ãæ±ãã®ã¯å°ãé¢åã§ãã
ãã«ããŒãå®è£ ããããšãã§ããŸãïŒSCSã§è¡ã£ãããã«ïŒããŸãã¯ãã«ã¹ã¿ã JSONã¢ã³ããŒã·ã£ã©ãŒã§å®è¡ã§ããè³¢ãæ¹æ³ããããããããŸããã ãããã«ãããgobãšã³ã³ãŒãã£ã³ã°ã®å Žåãšåãããã«äœ¿çšãé£ããããªãæ¹ãããã§ãããã
ããã«ããã€ãã®ææ¡ã
絶察ã¿ã€ã ã¢ãŠããšã¢ã€ãã«ã¿ã€ã ã¢ãŠãã®äž¡æ¹ããµããŒãã§ããã°äŸ¿å©ã§ãïŒ OWASPã®æšå¥šäºé ã«æ²¿ã£ãŠïŒã
Cookie以å€ã®ã¹ãã¢ã®å Žåãã»ãã·ã§ã³åºå®æ»æãé²ãããã«ããã°ã€ã³/ãã°ã¢ãŠããªã©ã®åŸã«ã»ãã·ã§ã³IDãæŽæ°ããããã®æ確ã§çŒãä»ããããæ¹æ³ãããã®ãçæ³çã§ãïŒãããããæ°èŠãä¿åãªã©ãšãšãã«ã€ã³ã¿ãŒãã§ã€ã¹ã®äžéšãšããŠïŒã çŸæç¹ã§ã¯ãå¥ã®ååã§æ°ããã»ãã·ã§ã³ãäœæããããŒã¿ãã³ããŒãããšããäžæ Œå¥œãªåé¿çããªããã°ãããã¯ïŒå°ãªããšãç§ãèŠãéãã§ã¯ïŒäžå¯èœã§ãã
å ¥åããŠãããŠããããšã@ alexedwards-
絶察ã¿ã€ã ã¢ãŠããšã¢ã€ãã«ã¿ã€ã ã¢ãŠãã®äž¡æ¹ããµããŒãã§ããã°äŸ¿å©ã§ãïŒOWASPã®æšå¥šäºé ã«æ²¿ã£ãŠïŒã
ã¯ããåæããŸããã ããã€ãã®opts.MaxAge
ãšopts.IdleTimeout
ã圹ã«ç«ã¡ãŸãã ãã¹ãŠã®å¿çã«å¯ŸããŠSet-Cookie
ãå®è¡ããã«ããããã©ã®ããã«äœ¿çšããããèããå¿
èŠããããŸãã
Cookie以å€ã®ã¹ãã¢ã®å Žåãã»ãã·ã§ã³åºå®æ»æãé²ãããã«ããã°ã€ã³/ãã°ã¢ãŠããªã©ã®åŸã«ã»ãã·ã§ã³IDãæŽæ°ããããã®æ確ã§çŒãä»ããããæ¹æ³ãããã®ãçæ³çã§ãïŒãããããæ°èŠãä¿åãªã©ãšãšãã«ã€ã³ã¿ãŒãã§ã€ã¹ã®äžéšãšããŠïŒã
åæãã-ããã§ã¯Refresh
ã¡ãœããã圹ç«ã€ããåãå¹æãéæããïŒæ°ããIDãçºè¡ããïŒ Save
ãžã®åŒæ°ã圹ç«ã¡ãŸãã
https://github.com/gorilla/securecookie/issues/43ã¯ããã®äœæ¥ã®äžéšãæ¯ããsecurecookieã®ãv2ãã远跡ããŸã
ããã¯çŽ æŽãããèŠããŸãã 1ã€ã®è³ªåïŒstdlib以å€ã®ã€ã³ããŒãïŒcookieãboltdbïŒãå«ãã€ã³ã¯ã«ãŒãã¹ãã¢ãå¥ã ã®ããã±ãŒãžã«å ¥ããããšã®ãã¬ãŒããªããæ€èšããŸãããïŒ
ãç²ãæ§ã§ããïŒ
@ccahoonã¹ãã¢ã¯ããããåå¥ã®ããã±ãŒãžïŒããµãããã±ãŒãžãïŒã«å«ãŸãããããBoltDBã䜿çšããªãå Žåã¯ã€ã³ããŒããããŸããã
RedisãMySQLãPostgresã®ããã¯ãšã³ãã¯ãã§ã«ååšããRedisã¹ãã¢ã¯
ããªãæŽç·ŽãããŠããŸãã ãã¹ãŠã®ãµãŒãããŒãã£ã¹ãã¢ã¯READMEã§ãªã³ã¯ãããŠããŸãã
16:47ã«ã€ã«ããªãŒã®æšã2017幎3æ23æ¥ã«[email protected]æžããŸããïŒ
RedisãšããŒã¿ããŒã¹ïŒsqlïŒã®ãµããŒãããã°ãããã§ãããã nãå®è¡ããŠããå Žå
ãŽãªã©/ã»ãã·ã§ã³ã䜿çšããã¢ããªã±ãŒã·ã§ã³ã®ã€ã³ã¹ã¿ã³ã¹ã¯ã次ã®ããšãã§ããå¿ èŠããããŸã
ã©ãŠã³ãããã³ã®ããã«ã»ãã·ã§ã³ãäžå åããŸããâ
ããªããå²ãåœãŠãããã®ã§ãããªãã¯ãããåãåã£ãŠããŸãã
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/gorilla/sessions/issues/105#issuecomment-288893992 ã
ãŸãã¯ã¹ã¬ããããã¥ãŒãããŸã
https://github.com/notifications/unsubscribe-auth/AABIcDfaPALfkjOw5FzdDoM_MHs9RbCYks5rowSIgaJpZM4LwM5f
ã
ç¹ã«golangã³ã³ããã¹ãããã±ãŒãžããµããŒãããããšã¯å€§ããªåé²ã«ãªããšæããŸãã ãã¹ãŠã®ã€ã³ã¿ãŒãã§ãŒã¹ãå€ãååŸããèŠæ±ããã§ã«åãå ¥ããŠãããããäžäœäºææ§ããããŸãã
ããã«é¢ããã¿ã€ã ã©ã€ã³ã¯ãããŸããïŒ
@Niondirã¿ã€ã ã©ã€ã³ã¯ãããŸããã golang / depã1.0ã«éãããŸã§åŸ ã¡ããã®ã§ãæ¢åã®ãŠãŒã¶ãŒã¯2.0ããåã«åºå®ããæ確ãªæ¹æ³ããããŸãã çŸç¶ã§ã¯ããã¹ã¿ãŒããåŒã£åŒµã£ãŠãã人ã¯ããã«å€§éã®ç ŽæãèŠãããŸããããã¯ããŽãªã©/ã»ãã·ã§ã³ãå¹ åºãéçºè ïŒåå¿è ã®Gopherããçµéšè±å¯ãªäººïŒããã®äœ¿çšãèŠãŠãããããèŠçã«ãªããŸãã
ã€ã³ã¡ã¢ãªãã£ãã·ã¥ãç¡å¹ã«ããæ¹æ³ã¯çŽ æŽãããã§ãããã
ããã§è©³çŽ°ãå
±æã§ããŸããïŒ ãã£ãã·ã¥ã¯1ã€ã ãåç¶ããå¿
èŠããããŸã
ãªã¯ãšã¹ã; ãã以å€ã®å Žåãã»ãã·ã§ã³ã¯ãªã¯ãšã¹ãéã§ã¡ã¢ãªã«ä¿åãããŸããã
5:16ããã³ã»ã¡ã³ã±ã§æã2017幎12æ18æ¥ã«ã¯[email protected]
æžããŸããïŒ
ã€ã³ã¡ã¢ãªãã£ãã·ã¥ãç¡å¹ã«ããæ¹æ³ã¯çŽ æŽãããã§ãããã ãã®ããã±ãŒãžã¯
è€æ°ã®ã€ã³ã¹ã¿ã³ã¹ãå®è¡ããã¢ããªã±ãŒã·ã§ã³ã§ã¯äœ¿çšã§ããŸãããâ
ããªããå²ãåœãŠãããã®ã§ãããªãã¯ãããåãåã£ãŠããŸãã
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/gorilla/sessions/issues/105#issuecomment-352422398 ã
ãŸãã¯ã¹ã¬ããããã¥ãŒãããŸã
https://github.com/notifications/unsubscribe-auth/AABIcETDijyILlKONBJDuBlr6REcQgK6ks5tBmWTgaJpZM4LwM5f
ã
@elithraræ®å¿µãªããããªã¯ãšã¹ãéã§å ±æãããã¡ã¢ãªå ãã£ãã·ã¥ãå©çšããããã±ãŒãžãå€ãããŸãã ãœãŒã¹ã³ãŒãã調ã¹ããšãããã¬ãžã¹ããªãåäžã®ãªã¯ãšã¹ãã«åé¢ãããŠããããšãããã«ã¯ããããŸããã§ããã ãããææããŠãããŠããããšãïŒ
dep 1.0ã¯ãŸã ãããã«ãŒã§ããïŒ readmeã®ã¹ããŒã¿ã¹ã«ãããšãdepã¯æ¬çªç°å¢ã§ã®äœ¿çšã«å®å
šã§ãïŒ https ïŒ
ã€ãŸãããããã§ã¹ããã¡ã€ã«ãšããã¯ãã¡ã€ã«ã¯å®å®ããŠããŸãã åç
§ïŒ https ïŒ
ç§ã®ç解ã§ã¯ãgorilla / sessionsãdepã®äœ¿çšãéå§ããå ŽåãããŠã³ã¹ããªãŒã ããã±ãŒãžã¯åœ±é¿ãåããªãã¯ãã§ãã åç §ïŒ https ïŒ
ãã¹ã¿ãŒãã©ã³ãã䜿çšããŠããããŠã³ã¹ããªãŒã ããã±ãŒãžã¯ãäžäœäºææ§ã®ãªãå€æŽã«ãµã€ã³ã¢ããããŠããããšã«æ³šæããå¿ èŠããããŸãã ãã1ã€ã®ãªãã·ã§ã³ã¯ãäžäœäºææ§ãç¶æããããšãæãéèŠãªå Žåã¯ãæ°ãããªããžããª/ããã±ãŒãžãäœæããããšã§ãã
ãã¹ã¿ãŒãã©ã³ãã䜿çšããŠããããŠã³ã¹ããªãŒã ããã±ãŒãžã¯ã泚æããå¿ èŠããããŸã
圌ãããµã€ã³ã¢ããããããš
ããã¯çŸç¶ã§ã¯ãªããããŒã«ãã§ãŒã³ã«ãªãã·ã§ã³ããªãããšã§ã
éåžžã®ãŠãŒã¶ãŒã«ãšã£ãŠã®åé¡ç¹ã§ãã
䜿çšããåã«ãGoããŒã«ãã§ãŒã³ã«å«ãŸããŠããããšã匷ããå§ãããŸãã
ããã§APIãå£ããŸãã
ãããããæ©ãè¡ãããšããããŸãããæ éã«æ€èšããå¿ èŠããããŸãã
ä»ã®ãªãã·ã§ã³ã¯ãä¿åããå Žåã¯æ°ãããªããžããª/ããã±ãŒãžãäœæããããšã§ã
äžäœäºææ§ãæãéèŠã§ãã
ããã¯çµå±ãå€ããŠãŒã¶ãŒãå€ç«ãããå€ãã®æ··ä¹±ãåŒãèµ·ãããŸãã ç§ã¯ããŠããŸãã
ãããŸã§ããŸãæ©èœããŠããããšãããããŸããã
æ°Žã§ã¯ã2018幎1æ10æ¥23:19ããŒã«ãã€ã§[email protected]ã¯æžããŸããïŒ
dep 1.0ã¯ãŸã ãããã«ãŒã§ããïŒ readmeã®ã¹ããŒã¿ã¹ã«ãããšãdepã¯
æ¬çªç°å¢ã§ã®äœ¿çšã«å®å šïŒ https ïŒ
ã€ãŸãããããã§ã¹ããã¡ã€ã«ãšããã¯ãã¡ã€ã«ã¯å®å®ããŠããŸãã èŠãïŒ
https://github.com/golang/dep/wiki/Roadmap#timelineç§ã®ç解ã§ã¯ããŽãªã©/ã»ãã·ã§ã³ãdepã䜿ãå§ããããããŠã³ã¹ããªãŒã
ããã±ãŒãžã¯åœ±é¿ãåããªãã¯ãã§ãã èŠãïŒ
https://github.com/golang/dep/blob/master/docs/FAQ.md#my -dependers-dont-use-dep-yet-what-should-i-doãã¹ã¿ãŒãã©ã³ãã䜿çšããŠããããŠã³ã¹ããªãŒã ããã±ãŒãžã¯ã次ã®ããšã«æ³šæããå¿ èŠããããŸãã
圌ãã¯åŸæ¹äºææ§ã®ãªãå€æŽã«ãµã€ã³ã¢ããããŸããã ä»ã®ãªãã·ã§ã³
äžäœäºææ§ãç¶æããå Žåã¯ãæ°ãããªããžããª/ããã±ãŒãžãäœæããããšã§ã
æåªå ã§ããâ
ããªããèšåãããã®ã§ããªãã¯ãããåãåã£ãŠããŸãã
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/gorilla/sessions/issues/105#issuecomment-356847518 ã
ãŸãã¯ã¹ã¬ããããã¥ãŒãããŸã
https://github.com/notifications/unsubscribe-auth/AABIcO-Q_kwTZCommIiIm02ce7dd2afRks5tJbYWgaJpZM4LwM5f
ã
dep ensure -add github.com/gorilla/sessions@^1.0.0
ã¯ããã±ãŒãžãé©åã«åºå®ããå¿
èŠããããŸãã
ããããããã go get
ã䜿çšããŠããïŒãŸãã¯äœ¿çšããŠããïŒäººã¯èª°ã§ãåé¡ãçºçãããã¹ãŠã®ããŠã³ã¹ããªãŒã ããã±ãŒãžã«dep
䜿çšã匷å¶ããã«ã¯ææå°æ©ã ãšæããŸãã
ãã¹ãŠã®v2äœæ¥ãéå§ããããã«v2ãã©ã³ããäœæããv2ãã©ã³ãããæ°ãããªãªãŒã¹ã«ã¿ã°ãä»ããv2ãŠãŒã¶ãŒã«dep
䜿çšãèŠæ±ããããšã«ã€ããŠã©ãæããŸããïŒ dep
ãããŒã«ãã§ãŒã³ã®äžéšã§ããå Žåãv2ãã©ã³ãããã¹ã¿ãŒã«ããŒãžããŠæ»ãããšãã§ããŸãã
ã¯ããããã¯ç§ãæ€èšãããªãã·ã§ã³ã§ãã
ã»ãã·ã§ã³ã¯äŸåããŠããã®ã§ãæåã«securecookieã®äœæ¥ãéå§ããå¿
èŠããããŸã
securecookieã§ããã®ã©ã€ãã©ãªãæŽæ°ããããšæããŸãã
æšã®äžã«ã2018幎1æ11æ¥ã¯11æ45åAMããŒã«ãã€ã§[email protected]æžããŸããïŒ
dep sure -addgithub.com/gorilla/sessions@^1.0.0ãæ£ããåºå®ãããŠããå¿ èŠããããŸã
ãã®å ã¿ã
ããããããã䜿çšããïŒãŸãã¯äœ¿çšããŠããïŒäººã¯èª°ã§ãåé¡ãçºçããç§ã¯
ãã¹ãŠã®ããŠã³ã¹ããªãŒã ããã±ãŒãžã®äœ¿çšã匷å¶ããã«ã¯ææå°æ©ã ãšæããŸã
éšéãã¹ãŠã®v2äœæ¥ãéå§ããããã«ãv2ãã©ã³ããäœæããããšã«ã€ããŠã©ãæããŸããã
v2ãã©ã³ãããæ°ãããªãªãŒã¹ã«ã¿ã°ãä»ããv2ãŠãŒã¶ãŒã«äœ¿çšãèŠæ±ãã
depïŒ depãã®äžéšã§ããå Žåãv2ãã©ã³ãããã¹ã¿ãŒã«ããŒãžããŠæ»ãããšãã§ããŸã
ããŒã«ãã§ãŒã³ãâ
ããªããèšåãããã®ã§ããªãã¯ãããåãåã£ãŠããŸãã
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/gorilla/sessions/issues/105#issuecomment-357039763 ã
ãŸãã¯ã¹ã¬ããããã¥ãŒãããŸã
https://github.com/notifications/unsubscribe-auth/AABIcFVJM02Np6zhOehopNPu2dmzUwPkks5tJmTEgaJpZM4LwM5f
ã
sessions
ãŸãã¯securecookie
åé¡ã«ã€ããŠã¿ã°ãä»ããããšã§ãã©ãã§æ¯æŽã§ããããç¥ã£ãŠããŸãã
ãæèŠãããããŸãããïŒ
ãv2ããšã¿ã°ä»ããããããã€ãã®åé¡ããããŸãã
èæ¯/ãŠãŒã¶ãŒãã£ãŒãããã¯ã§ãããã©ã¡ããæ°ãããã®ã確å®ã«è§£æ±ºããããšæããŸã
APIãå£ããŠãåé¡ã解決ããããå€ãåé¡ãããé©åã«è§£æ±ºãããããŸãã ã®ããã«å£ã
å£ãããã«ã¯ããŸãæå³ããããŸãã;ïŒ
æšã®äžã«ã2018幎1æ11æ¥4:20 PMããŒã«ãã€ã§[email protected]æžããŸããïŒ
ãã£ããããlemmeã¯ã
ã»ãã·ã§ã³ãŸãã¯securecookieâ
ããªããèšåãããã®ã§ããªãã¯ãããåãåã£ãŠããŸãã
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/gorilla/sessions/issues/105#issuecomment-357104851 ã
ãŸãã¯ã¹ã¬ããããã¥ãŒãããŸã
https://github.com/notifications/unsubscribe-auth/AABIcOppAU5Mj8YyU6US-lRBQ14wgb8oks5tJqVJgaJpZM4LwM5f
ã
åé¡ã®èª¬æã«èšèŒãããŠããæ¹åç¹ã®ã»ãšãã©ã¯ãè¯ããã®ã ãšæããŸãã
ç§ãæã圹ç«ã€ãšæãå€æŽïŒé çªã«ïŒã¯æ¬¡ã®ãšããã§ãã
sessions
ããã±ãŒãžã§åŠçããå¿
èŠããããŸããStore
ã¬ã·ãŒããŒã¡ãœãããåçŽåããŠhttp.Request
ãšhttp.ResponseWriter
ãªãããã«ãããšãé倧ãªå€æŽã«ãªããŸããrequest.Context
ã䜿çšãããå Žåã§ããã¬ãžã¹ããª/ãã£ãã·ã¥ã¯å¿
èŠã§ããïŒSave
ååŸã«æ¹åããŸãïŒãµãã¯ãä¿åããã®ãå¿ããŠãååã«äžè¬çã§ãïŒïŒããsessions.Valuesãããè¯ãããïŒãããã§ã¯ãªãã»ãã¿ãŒãã²ãã¿ãŒïŒãã«é¢ããŠã¯ã sessions.Values
ããããç¶æããã ãã§ãªããåãã£ã¹ãã®ã²ãã¿ãŒãšã»ãã¿ãŒãå
¬éããããšæããŸãã éçºè
ã¯ãåãã£ã¹ãã®å€±æãåŠçããç¬èªã®æ¹æ³ãæã£ãŠããå ŽåããããŸãã
ãã£ãŒãããã¯ãããããšã@dhui
ã¹ãã¢APIãå·æ°ããåèšèšããå¿ èŠããããŸãã ã»ãã·ã§ã³ã¹ãã¢ã®å®è£ è ã¯ãå¿çã«HTTPCookieãèšå®ãã責任ãè² ããªãããã«ããå¿ èŠããããŸãã Cookieã®ç®¡çãšã»ãã·ã§ã³ã®ã©ã€ããµã€ã¯ã«ã¯ãã¹ãã¢ã§ã¯ãªãã»ãã·ã§ã³ããã±ãŒãžã§åŠçããå¿ èŠããããŸãã
ã»ãã·ã§ã³ã¹ãã¢ã«ã¯ãã»ãã·ã§ã³ããŒã¿ã®æ°žç¶æ§ãšãã1ã€ã®æžå¿µäºé ã®ã¿ãå¿ èŠã§ãã ã³ã¢æ©èœïŒãã®äžéšã§ãïŒãã¹ãã¢ã«ããã·ã¥ãããšããµãŒãããŒãã£ã¹ãã¢éã§åäœã«äžè²«æ§ããªããªããå°æ¥çã«ã³ã¢æ©èœãå€æŽããããšãé£ãããªããŸãã
åæããŸãã ã¹ãã¢ã«ã¯ãã»ãã·ã§ã³IDïŒã«ãã¯ã¢ãããèš±å¯ããããïŒãTTLïŒæå¹æéãèš±å¯ããããïŒãããã³ã»ãã·ã§ã³ãã€ããŒãèªäœãå¿
èŠã§ãã ããã«ã¯ããã€ãã®ã¢ãããŒãããããŸã-ãããªãè°è«ãå¿
èŠãªãããä»ã®ãšãã眲åããcontext.Context
ãçç¥ããŸãã
type Store interface {
Get(id string) (*Session, error)
Save(session *Session) error
Expire(id string) (bool, error)
}
ã¹ãã¢ã¯*Session
ãæ£ãã圢åŒã«ããŒã·ã£ãªã³ã°ããããšã«æ³šæããå¿
èŠããããŸãã代ããã«data
ããã§ã«ããŒã·ã£ãªã³ã°ãããŠããå Žæã«id string, exp time.Time, data []byte
éä¿¡ããããšãã§ããŸãããããŒã·ã£ãªã³ã°ã¯ã¹ãã¢ã®ç¯å²å
ã§ãããšæããŠããŸãã ã
supporting request.ContextïŒã®ã¿ïŒ
request.Contextã䜿çšãããå Žåã§ããã¬ãžã¹ããª/ãã£ãã·ã¥ã¯å¿ èŠã§ããïŒ
ãããããããããã¯ãã倧ããªãç Žå£çãªå€åã«æ»ããŸãã gorilla/context
ã¯ããªã¯ãšã¹ãã®ã¯ããŒã³ãäœæããæ¹æ³ãåå ã§request.WithContext
ãšäžç·ã«äœ¿çšãããšé£æºããªããããv2ã§ã¯context.Context
ã®ã¿ããµããŒãããŸãã
ã»ãã·ã§ã³ãå©çšå¯èœã«ããç®±ããåºããŠããã«äœ¿ããããã«ãŠã§ã¢
ã©ã®ããã«ãããå©çšå¯èœã«ããŸããïŒ ãªã¯ãšã¹ãã®ã³ã³ããã¹ãã§ã¯ïŒ ãããããªããããããããããã§ããããããšã¯ãcontext.Valueãinterface{}
ã§ããå Žåãé€ããŠã sessions.Get(ctx, name)
åŒã³åºãã®ãšåãéã®ã³ãŒãã§ãã
äžæ¹ãä¿åã¯ïŒã»ãšãã©ïŒèªåçã«å®è¡ã§ããŸãããããã«ãŠã§ã¢ãå®è¡ãããåã«ãŠãŒã¶ãŒãå¿çæ¬æã«æžã蟌ããšãåé¡ãçºçããŸãã ããã«ãŠã§ã¢ã¯http.ResponseWriter
ãä¹ã£åããæžã蟌ã¿ã延æããŠSave
ã§ããããã«ããå¿
èŠããããŸãã ãã¹ãŠã®ãªã¯ãšã¹ãã§Save
ãæãŸãªããããããªããšããäºå®ããããŸãã
æ¹åãããæå·ã€ã³ã¿ãŒãã§ãŒã¹
ç§ã¯å®å šãªããã©ã«ããæã€ã®ã奜ãã§ãããéçºè ããŠãŒã¹ã±ãŒã¹ã«åãããŠã»ãã¥ãªãã£ãã«ã¹ã¿ãã€ãºã§ããããã«ããŠããŸãã ãããè¡ãè¯ãæ¹æ³ã¯ãå¥ã®ãå®å šã§ãªãããŸãã¯ãå±éºç©ãããã±ãŒãžãå ¬éããããšã§ãã https://golang.org/pkg/unsafe/ããã³https://cryptography.io/en/latest/ã«è§ŠçºãããŸãã
ç§ã¯ããã«ã€ããŠéåžžã«èª¬åŸåã®ããè°è«ãèŠãå¿ èŠãããã§ãããã éçºè ãã»ãã·ã§ã³ã©ã€ãã©ãªã®æå·åããªããã£ããã«ã¹ã¿ãã€ãºããå¿ èŠãããçç±ã«ã€ããŠãè³¢æãªãŠãŒã¹ã±ãŒã¹ã¯èŠåœãããŸããã CSPRNGã亀æããå¿ èŠã¯ãªããAEADãå€æŽããå¿ èŠããããŸããã èªèšŒå°çšã¢ãŒãã«ã¯HMAC-SHA-512ã䜿çšããæå·åã¢ãŒãïŒAEADïŒã«ã¯XSalsa20-Poly1305ã䜿çšããŸãã
ããã©ã«ãã®ãšã³ã³ãŒããŒãšããŠã®JSON
ã¯ãïŒ
ãsessions.Valuesãããè¯ãããïŒãããã§ã¯ãªãã»ãã¿ãŒãã²ãã¿ãŒïŒãã«ã€ããŠã¯ãsessions.Valuesããããç¶æããã ãã§ãªããåãã£ã¹ãã®ã²ãã¿ãŒãšã»ãã¿ãŒãå ¬éããããšæããŸãã éçºè ã¯ãåãã£ã¹ãã®å€±æãåŠçããç¬èªã®æ¹æ³ãæã£ãŠããå ŽåããããŸãã
åæããïŒ
ã©ãããããŸããŠïŒ ãªãŒãã³ã§ããŸããŸãªã¢ã€ãã¢ãåãå ¥ããŠãããŠããããšãïŒ
ã¹ãã¢ã¯ã* Sessionãæ£ãã圢åŒã«ããŒã·ã£ãªã³ã°ããå¿ èŠããããŸãã代ããã«ãid stringãexp time.Timeãdata [] byteãéä¿¡ããããšãã§ããŸããããŒã¿ã¯ãã§ã«ããŒã·ã£ãªã³ã°ãããŠããŸãããããŒã·ã£ãªã³ã°ã¯ã¹ãã¢ã®ç¯å²å ã§ãããšæããŠããŸãã
åæããŸããã []byte
以å€ã«ããã¹ãã¢ã®ããå¹ççãªã¹ãã¬ãŒãžã¡ã«ããºã ãããå¯èœæ§ããããããã¹ãã¢ãããŒã¿ã®ä¿åãæ
åœããå¿
èŠããããšæããŸãã Session
ã¯ãããŒã·ã£ãªã³ã°ãšã¢ã³ããŒã·ã£ãªã³ã°ããµããŒãããããã«ãã¹ãã¢ã«ãšã¯ã¹ããŒãããããã¹ãŠã®é¢é£ãã£ãŒã«ããå¿
èŠãšããŸãã
ã©ã®ããã«ãããå©çšå¯èœã«ããŸããïŒ ãªã¯ãšã¹ãã®ã³ã³ããã¹ãã§ã¯ïŒ
ãããç§ã¯request.Context()
ãšã¯ã¹ããŒããããŠããªãã³ã³ããã¹ãããŒã¿ã€ãã䜿çšããŠSession
ãèšå®ããããã«ãŠã§ã¢ã®ãã¡ã³ã§ãã ããããã°ãæ¶è²»ããéçºè
åãã®ãã€ã©ãŒãã¬ãŒãã³ãŒããå°ãå°ãªããªããŸãã
sessions.SessionFromRequest(http.Request) (*Session, error)
ãããªãã®ã ããã«ãŠã§ã¢ãªãã§äœ¿çšããå Žåã error
ãåé€ããŠãæ°ããSession
error
ãäœæããããšãã§ããŸãããåããªã¯ãšã¹ãã䜿çšããè€æ°ã®åŒã³åºããããå Žåã埮åŠãªãã°ãçºçããå¯èœæ§ããããŸãã
ããã«ãŠã§ã¢ã¯ãä¿åã§ããããã«http.ResponseWriterãä¹ã£åããæžã蟌ã¿ã延æããå¿ èŠããããŸãã
ç§ã¯Hijacker
ã€ã³ã¿ãŒãã§ãŒã¹ã«æ
£ããŠããŸããããHTTP / 2æ¥ç¶ãšã®äºææ§ãå¿
èŠãªããã§ãã WriteHeader()
åŒã³åºãããåŸã«Cookieãèšå®ããããã«ResponseWriter
ãã©ããããããšããæé©ãªã«ãŒãã§ãããã©ããã¯ããããŸããã
ãã¹ãŠã®ãªã¯ãšã¹ãã§ä¿åããããªãå Žåããããšããäºå®ããããŸãã
ããã«ãŠã§ã¢ã«é¢ããè¯ãç¹ã 2ã€ã®ããã«ãŠã§ã¢ãæã€ããšãã§ããŸãïŒ
ç§ã¯ããã«ã€ããŠéåžžã«èª¬åŸåã®ããè°è«ãèŠãå¿ èŠãããã§ãããã
ã¯ã¯ã¯ãç§ã¯æã£ãŠãããšã¯æããŸããããè©ŠããŠã¿ãŸã...ç§ã®æåã®è°è«ã¯ãã»ãã¥ãªãã£ã®ããã«ãã¹ãŠã«é©åãã1ã€ã®ãµã€ãºã¯ãªããšããããšã§ãã ã»ãã¥ãªãã£ãšã¯ã䜿ãããããããã©ãŒãã³ã¹ãããã³äºæ³ãããæ»æãã¯ãã«ã«å¯Ÿããä¿è·ã®éã§ãã¬ãŒããªããè¡ãããšã§ãã ãã®æ±ºå®ãäžãã®ã«æé©ãªäººã¯ã¢ããªéçºè ã§ãã ã¯ãªãŒã³ãªæå·ã€ã³ã¿ãŒãã§ãŒã¹ïŒæ£åžžãªããã©ã«ããšååãªèŠåä»ãã®ã«ã¹ã¿ãã€ãºãå¯èœã«ããïŒãæäŸããããšã§ãéçºè ã¯ãŠãŒã¹ã±ãŒã¹ã®ã»ãã¥ãªãã£ãã«ã¹ã¿ãã€ãºã§ããŸãã ããšãã°ãã»ãã·ã§ã³ã§ã¯å€åããéãã§ãããå¿ èŠã«å¿ããŠHSMãTRNGã䜿çšã§ããŸãã
æå·ã€ã³ã¿ãŒãã§ãŒã¹ã«é¢ãããã1ã€ã®ããšïŒã¢ã«ãŽãªãºã ãããŒãµã€ãºãããã³äœæ¥ä¿æ°ãå€æŽ/ã¢ããã°ã¬ãŒãããæ¹æ³ãããããšã確èªããŠãã ããã ãããã¯åžžã«å€åãããããã¢ã«ãŽãããŒãµã€ãºãããã³äœæ¥èŠçŽ ãèªåã¢ããã°ã¬ãŒãã§ããã·ã¹ãã ã¯ãå°æ¥ã®å€ãã®é çã®çš®ã軜æžããŸãã
ãã®åé¡ã¯ãæè¿ã®æŽæ°ã確èªãããŠããªããããèªåçã«å€ããã®ãšããŠããŒã¯ãããŠããŸãã æ°æ¥ã§èªåçã«ééãããŸãã
ãã®åé¡ã¯ãæè¿ã®æŽæ°ã確èªãããŠããªããããèªåçã«å€ããã®ãšããŠããŒã¯ãããŠããŸãã æ°æ¥ã§èªåçã«ééãããŸãã
ãããåéããå¿ èŠããããŸããïŒ
æãåèã«ãªãã³ã¡ã³ã
ç¹ã«golangã³ã³ããã¹ãããã±ãŒãžããµããŒãããããšã¯å€§ããªåé²ã«ãªããšæããŸãã ãã¹ãŠã®ã€ã³ã¿ãŒãã§ãŒã¹ãå€ãååŸããèŠæ±ããã§ã«åãå ¥ããŠãããããäžäœäºææ§ããããŸãã
ããã«é¢ããã¿ã€ã ã©ã€ã³ã¯ãããŸããïŒ