sessionpath = luci.config.sauth.sessionpath
sessiontime = tonumber(luci.config.sauth.sessiontime) or 15 * 60
---- Manually clean up expired sessions.
-function clean()
- local now = os.time()
- local files = fs.dir(sessionpath)
-
- if not files then
- return nil
- end
-
- for file in files do
- local fname = sessionpath .. "/" .. file
- local stat = fs.stat(fname)
- if stat and stat.type == "reg" and stat.mtime + sessiontime < now then
- fs.unlink(fname)
- end
- end
-end
-
--- Prepare session storage by creating the session directory.
function prepare()
fs.mkdir(sessionpath, 700)
-
if not sane() then
error("Security Exception: Session path is not sane!")
end
end
+local function _read(id)
+ local blob = fs.readfile(sessionpath .. "/" .. id)
+ return blob
+end
+
+local function _write(id, data)
+ local f = nixio.open(sessionpath .. "/" .. id, "w", 600)
+ f:writeall(data)
+ f:close()
+end
+
+local function _checkid(id)
+ return not not (id and #id == 32 and id:match("^[a-fA-F0-9]+$"))
+end
+
+--- Write session data to a session file.
+-- @param id Session identifier
+-- @param data Session data table
+function write(id, data)
+ if not sane() then
+ prepare()
+ end
+
+ assert(_checkid(id), "Security Exception: Session ID is invalid!")
+ assert(type(data) == "table", "Security Exception: Session data invalid!")
+
+ data.atime = luci.sys.uptime()
+
+ _write(id, luci.util.get_bytecode(data))
+end
+
--- Read a session and return its content.
-- @param id Session identifier
--- @return Session data
+-- @return Session data table or nil if the given id is not found
function read(id)
- if not id or #id == 0then
- return
- end
- if not id:match("^%w+$") then
- error("Session ID is not sane!")
+ if not id or #id == 0 then
+ return nil
end
- clean()
+
+ assert(_checkid(id), "Security Exception: Session ID is invalid!")
+
if not sane(sessionpath .. "/" .. id) then
- return
+ return nil
end
- fs.utimes(sessionpath .. "/" .. id)
- return fs.readfile(sessionpath .. "/" .. id)
-end
+ local blob = _read(id)
+ local func = loadstring(blob)
+ setfenv(func, {})
+
+ local sess = func()
+ assert(type(sess) == "table", "Session data invalid!")
+
+ if sess.atime and sess.atime + sessiontime < luci.sys.uptime() then
+ kill(id)
+ return nil
+ end
+
+ -- refresh atime in session
+ write(id, sess)
+
+ return sess
+end
--- Check whether Session environment is sane.
-- @return Boolean status
== (file and "rw-------" or "rwx------")
end
-
---- Write session data to a session file.
--- @param id Session identifier
--- @param data Session data
-function write(id, data)
- if not sane() then
- prepare()
- end
- if not id:match("^%w+$") then
- error("Session ID is not sane!")
- end
-
- local f = nixio.open(sessionpath .. "/" .. id, "w", 600)
- f:writeall(data)
- f:close()
-end
-
-
--- Kills a session
-- @param id Session identifier
function kill(id)
- if not id:match("^%w+$") then
- error("Session ID is not sane!")
- end
+ assert(_checkid(id), "Security Exception: Session ID is invalid!")
fs.unlink(sessionpath .. "/" .. id)
end
+
+--- Remove all expired session data files
+function reap()
+ if sane() then
+ local id
+ for id in nixio.fs.dir(sessionpath) do
+ if _checkid(id) then
+ -- reading the session will kill it if it is expired
+ read(id)
+ end
+ end
+ end
+end
projects / project / luci.git / blobdiff