liquid_feedback_frontend
view model/session.lua @ 1859:02c34183b6df
Fixed wrong filename in INSTALL file
| author | bsw |
|---|---|
| date | Tue Nov 28 18:54:51 2023 +0100 (23 months ago) |
| parents | 0d74a25bd399 |
| children |
line source
1 Session = mondelefant.new_class()
2 Session.table = 'session'
3 Session.primary_key = { 'ident' }
5 Session:add_reference{
6 mode = 'm1',
7 to = "Member",
8 this_key = 'member_id',
9 that_key = 'id',
10 ref = 'member',
11 }
13 Session:add_reference{
14 mode = 'm1',
15 to = "Member",
16 this_key = 'real_member_id',
17 that_key = 'id',
18 ref = 'real_member',
19 }
21 local secret_length = 24
22 local secret_alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
23 local secret_purposes = { "oauth", "_other" }
24 for idx, purpose in ipairs(secret_purposes) do
25 secret_purposes[purpose] = idx
26 end
28 local function random_string(length_multiplier)
29 return multirand.string(
30 secret_length * (length_multiplier or 1),
31 secret_alphabet
32 )
33 end
35 function Session:new()
36 local session = self.prototype.new(self) -- super call
37 session.ident = random_string()
38 session.additional_secret = random_string(#secret_purposes)
39 session:save()
40 return session
41 end
43 function Session.object:set_cookie()
44 request.set_cookie{
45 name = config.cookie_name,
46 value = self.ident,
47 samesite = "none"
48 }
49 request.set_cookie{
50 name = config.cookie_name_samesite,
51 value = self.ident
52 }
53 end
55 function Session.object:additional_secret_for(purpose)
56 local use_hash = false
57 local idx = secret_purposes[purpose]
58 if not idx then
59 idx = assert(secret_purposes._other, "No other secrets supported")
60 use_hash = true
61 end
62 local from_pos = secret_length * (idx-1) + 1
63 local to_pos = from_pos + secret_length - 1
64 local secret = string.sub(self.additional_secret, from_pos, to_pos)
65 if #secret ~= secret_length then
66 self:destroy()
67 error("Session state invalid")
68 end
69 if use_hash then
70 local moonhash = require "moonhash" -- TODO: auto loader for libraries in WebMCP?
71 secret = moonhash.shake256(secret .. "\0" .. purpose, secret_length, secret_alphabet)
72 end
73 return secret
74 end
76 function Session:by_ident(ident)
77 local selector = self:new_selector()
78 selector:add_where{ 'ident = ?', ident }
79 selector:add_field{ 'authority_uid' }
80 selector:optional_object_mode()
81 return selector:exec()
82 end
84 function Session.object:has_access(level)
85 if level == "member" then
86 if app.session.member_id then
87 return true
88 else
89 return false
90 end
92 elseif level == "everything" then
93 if self:has_access("member") or config.public_access == "everything" then
94 return true
95 else
96 return false
97 end
99 elseif level == "all_pseudonymous" then
100 if self:has_access("everything") or config.public_access == "all_pseudonymous" then
101 return true
102 else
103 return false
104 end
106 elseif level == "authors_pseudonymous" then
107 if self:has_access("all_pseudonymous") or config.public_access == "authors_pseudonymous" then
108 return true
109 else
110 return false
111 end
113 elseif level == "anonymous" then
114 if self:has_access("authors_pseudonymous") or config.public_access == "anonymous" then
115 return true
116 else
117 return false
118 end
120 end
122 error("invalid access level")
123 end