zydronium/rdpgw
1
0
Fork 0
mirror of https://github.com/bolkedebruin/rdpgw.git synced 2025-08-25 01:23:28 +02:00
Code Issues Projects Releases Packages Wiki Activity

Allow filesystemstore for sessions (#15)

Browse source 
AD and other IdPs can provide long lists of group
membership. This can lead to securecookie too big
as this cannot always be stored inside a HTTP header.
Filesystem session storage removes this limitions at the
cost of not being entirely stateless anymore. It is therefore
required that clients can keep state with the rdpgw
instance.
This commit is contained in:
Bolke de Bruin 2022-08-11 12:29:52 +02:00
parent 1f7d8620d9
commit b28d1787fc
3 changed files with 14 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
cmd/rdpgw/api/web.go
View file

@ -13,6 +13,7 @@ import (
"log" "log"
"math/rand" "math/rand"
"net/http" "net/http"
"os"
"strconv" "strconv"
"strings" "strings"
"time" "time"
@ -29,11 +30,12 @@ type UserTokenGeneratorFunc func(context.Context, string) (string, error)
type Config struct { type Config struct {
SessionKey []byte SessionKey []byte
SessionEncryptionKey []byte SessionEncryptionKey []byte
SessionStore string
PAATokenGenerator TokenGeneratorFunc PAATokenGenerator TokenGeneratorFunc
UserTokenGenerator UserTokenGeneratorFunc UserTokenGenerator UserTokenGeneratorFunc
EnableUserToken bool EnableUserToken bool
OAuth2Config *oauth2.Config OAuth2Config *oauth2.Config
store *sessions.CookieStore store sessions.Store
OIDCTokenVerifier *oidc.IDTokenVerifier OIDCTokenVerifier *oidc.IDTokenVerifier
stateStore *cache.Cache stateStore *cache.Cache
Hosts []string Hosts []string
@ -53,7 +55,13 @@ func (c *Config) NewApi() {
if len(c.Hosts) < 1 { if len(c.Hosts) < 1 {
log.Fatal("Not enough hosts to connect to specified") log.Fatal("Not enough hosts to connect to specified")
} }
c.store = sessions.NewCookieStore(c.SessionKey, c.SessionEncryptionKey) if c.SessionStore == "file" {
log.Println("Filesystem is used as session storage")
c.store = sessions.NewFilesystemStore(os.TempDir(), c.SessionKey, c.SessionEncryptionKey)
} else {
log.Println("Cookies are used as session storage")
c.store = sessions.NewCookieStore(c.SessionKey, c.SessionEncryptionKey)
}
c.stateStore = cache.New(time.Minute*2, 5*time.Minute) c.stateStore = cache.New(time.Minute*2, 5*time.Minute)
} }

3
cmd/rdpgw/config/configuration.go
View file

@ -23,6 +23,7 @@ type ServerConfig struct {
RoundRobin bool RoundRobin bool
SessionKey string SessionKey string
SessionEncryptionKey string SessionEncryptionKey string
SessionStore string
SendBuf int SendBuf int
ReceiveBuf int ReceiveBuf int
} }
@ -72,6 +73,8 @@ func init() {
viper.SetDefault("client.bandwidthAutoDetect", 1) viper.SetDefault("client.bandwidthAutoDetect", 1)
viper.SetDefault("security.verifyClientIp", true) viper.SetDefault("security.verifyClientIp", true)
viper.SetDefault("server.tlsDisabled", false) viper.SetDefault("server.tlsDisabled", false)
viper.SetDefault("server.sessionStore", "cookie")
viper.SetDefault("caps.tokenAuth", true)
} }
func Load(configFile string) Configuration { func Load(configFile string) Configuration {

1
cmd/rdpgw/main.go
View file

@ -71,6 +71,7 @@ func main() {
EnableUserToken: conf.Security.EnableUserToken, EnableUserToken: conf.Security.EnableUserToken,
SessionKey: []byte(conf.Server.SessionKey), SessionKey: []byte(conf.Server.SessionKey),
SessionEncryptionKey: []byte(conf.Server.SessionEncryptionKey), SessionEncryptionKey: []byte(conf.Server.SessionEncryptionKey),
SessionStore: conf.Server.SessionStore,
Hosts: conf.Server.Hosts, Hosts: conf.Server.Hosts,
NetworkAutoDetect: conf.Client.NetworkAutoDetect, NetworkAutoDetect: conf.Client.NetworkAutoDetect,
UsernameTemplate: conf.Client.UsernameTemplate, UsernameTemplate: conf.Client.UsernameTemplate,