src/main/java/org/openslx/imagemaster/session/SessionManager.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

package org.openslx.imagemaster.session;

import java.sql.SQLException;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.openslx.bwlp.thrift.iface.ClientSessionData;
import org.openslx.bwlp.thrift.iface.Satellite;
import org.openslx.bwlp.thrift.iface.TAuthorizationException;
import org.openslx.bwlp.thrift.iface.TNotFoundException;
import org.openslx.bwlp.thrift.iface.UserInfo;
import org.openslx.imagemaster.db.mappers.DbSatellite;
import org.openslx.imagemaster.util.Hash;
import org.openslx.util.QuickTimer;
import org.openslx.util.QuickTimer.Task;

/**
 * Class for managing active user sessions. This class and all its function are
 * (supposed to be) thread-safe.
 */
public class SessionManager
{
	private static Logger log = LogManager.getLogger( SessionManager.class );

	// Map of currently known sessions
	private static final Map<String, Session> sessions = new LinkedHashMap<>();

	// Map of pending "access code -> session" lookups
	private static final Map<String, AccessCode> accessCodes = new ConcurrentHashMap<>();

	public static ClientSessionData addSession( Session session )
	{
		final String authToken = Hash.md5( UUID.randomUUID().toString() );
		final String sessionId = Hash.sha256( UUID.randomUUID().toString() );

		synchronized ( sessions ) {
			sessions.put( authToken, session );
			sessions.put( sessionId, session );
		}
		UserInfo ui = session.getUserInfo();
		List<Satellite> sats;
		try {
			sats = DbSatellite.getSatellites( ui );
		} catch ( SQLException e ) {
			sats = null;
		}
		return new ClientSessionData( sessionId, authToken, sats, ui );
	}

	public static ClientSessionData addSession( Session session, String accessToken )
	{
		ClientSessionData s = addSession( session );
		if ( accessToken != null ) {
			accessCodes.put( accessToken, new AccessCode( s, null ) );
		}
		return s;
	}

	public static void addAuthError( TAuthorizationException ex, String accessToken )
	{
		accessCodes.put( accessToken, new AccessCode( null, ex ) );
	}

	static {
		QuickTimer.scheduleAtFixedDelay( new Task() {
			@Override
			public void fire()
			{
				synchronized ( sessions ) {
					Iterator<Session> it = sessions.values().iterator();
					while ( it.hasNext() ) {
						final Session s = it.next();
						if ( s.timedOut() ) {
							it.remove();
						}
					}
				}
				Iterator<AccessCode> it = accessCodes.values().iterator();
				while ( it.hasNext() ) {
					final AccessCode s = it.next();
					if ( s.timedOut() ) {
						it.remove();
					}
				}
			}
		}, 123, TimeUnit.MINUTES.toMillis( 13 ) );
	}

	/**
	 * Get from userToken, known to satellite servers.
	 */
	public static Session getSessionFromToken( String token )
	{
		if ( token == null || token.length() != 32 ) {
			log.debug( "invalid token format: " + token );
			return null;
		}
		final Session session;
		synchronized ( sessions ) {
			session = sessions.get( token );
		}
		if ( session == null || session.timedOut() ) {
			return null;
		}
		return session;
	}

	/**
	 * Get from sessionId, only known by client/user and us.
	 */
	public static Session getSessionFromSessionId( String sessionId )
	{
		if ( sessionId == null || sessionId.length() != 64 ) {
			log.debug( "invalid sessionid format: " + sessionId );
			return null;
		}
		final Session session;
		synchronized ( sessions ) {
			session = sessions.get( sessionId );
		}
		if ( session == null || session.timedOut() ) {
			return null;
		}
		session.refresh();
		return session;
	}

	public static Session getSessionFromSessionIdOrToken( String sessionId )
	{
		final Session session;
		synchronized ( sessions ) {
			session = sessions.get( sessionId );
		}
		if ( session == null || session.timedOut() ) {
			return null;
		}
		return session;
	}

	public static void invalidate( String sessionId )
	{
		if ( sessionId == null || sessionId.length() != 64 ) {
			log.debug( "invalidate: invalid sessionid format: " + sessionId );
			return;
		}
		synchronized ( sessions ) {
			Session session = sessions.get( sessionId );
			if ( session != null ) {
				session.invalidate();
			}
		}
	}

	/**
	 * Get the according session data (satToken, masterToken) for given access code, which was
	 * supplied by the client earlier. This can only be done once; retrieving the session will remove
	 * the entry from the lookup table.
	 */
	public static ClientSessionData getSessionFromAccessCode( String accessCode )
			throws TNotFoundException, TAuthorizationException
	{
		AccessCode data = accessCodes.remove( accessCode );
		if ( data == null )
			throw new TNotFoundException();
		if ( data.ex != null )
			throw data.ex;
		return data.clientSession;
	}

}