cleanup sessions and challenges

2025-07-17 21:44:35 +00:00 · 2025-06-20 17:18:42 +02:00
parent 80b9989dd0
commit 3aa63cf62b
6 changed files with 17 additions and 46 deletions
--- a/server/connection.go
+++ b/server/connection.go
@ -1,12 +0,0 @@
-package main
-
-import (
-	"net"
-	"time"
-)
-
-func HandleConnection(conn net.Conn) error {
-	time.Sleep(10 * time.Second)
-
-	return nil
-}
--- a/server/main.go
+++ b/server/main.go
@ -2,10 +2,11 @@ package main

 import (
 	"net/http"
-	"sync"
+	"time"

 	"github.com/coalaura/logger"
 	"github.com/go-chi/chi/v5"
+	"github.com/patrickmn/go-cache"
 )

 var (
@ -13,8 +14,8 @@ var (
 		NoLevel: true,
 	})

-	challenges sync.Map
-	sessions   sync.Map
+	challenges = cache.New(10*time.Second, time.Minute)
+	sessions   = cache.New(10*time.Second, time.Minute)
 )

 func main() {
--- a/server/protocol.go
+++ b/server/protocol.go
@ -8,9 +8,9 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
-	"time"

 	"github.com/coalaura/up/internal"
+	"github.com/patrickmn/go-cache"
 	"github.com/vmihailenco/msgpack/v5"
 	"golang.org/x/crypto/ssh"
 )
@ -65,11 +65,10 @@ func HandleChallengeRequest(w http.ResponseWriter, r *http.Request, authorized m
 		return
 	}

-	challenges.Store(challenge.Token, internal.ChallengeEntry{
+	challenges.Set(challenge.Token, internal.ChallengeEntry{
 		Challenge: raw,
 		PublicKey: public,
-		Expires:   time.Now().Add(20 * time.Second),
-	})
+	}, cache.DefaultExpiration)

 	log.Printf("request: issued challenge to %s\n", r.RemoteAddr)

@ -101,7 +100,7 @@ func HandleCompleteRequest(w http.ResponseWriter, r *http.Request, authorized ma
 		return
 	}

-	entry, ok := challenges.LoadAndDelete(response.Token)
+	entry, ok := challenges.Get(response.Token)
 	if !ok {
 		w.WriteHeader(http.StatusBadRequest)

@ -110,16 +109,10 @@ func HandleCompleteRequest(w http.ResponseWriter, r *http.Request, authorized ma
 		return
 	}

+	challenges.Delete(response.Token)
+
 	challenge := entry.(internal.ChallengeEntry)

-	if time.Now().After(challenge.Expires) {
-		w.WriteHeader(http.StatusBadRequest)
-
-		log.Warning("complete: challenge expired")
-
-		return
-	}
-
 	publicA := public.Marshal()
 	publicB := challenge.PublicKey.Marshal()

@ -173,10 +166,9 @@ func HandleCompleteRequest(w http.ResponseWriter, r *http.Request, authorized ma
 		return
 	}

-	sessions.Store(token, internal.SessionEntry{
+	sessions.Set(token, internal.SessionEntry{
 		PublicKey: public,
-		Expires:   time.Now().Add(5 * time.Minute),
-	})
+	}, cache.DefaultExpiration)

 	log.Printf("complete: completed auth for %s\n", r.RemoteAddr)

@ -198,8 +190,7 @@ func HandleReceiveRequest(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	entry, ok := sessions.LoadAndDelete(token)
-	if !ok {
+	if _, ok := sessions.Get(token); !ok {
 		w.WriteHeader(http.StatusBadRequest)

 		log.Warning("receive: invalid token")
@ -207,15 +198,7 @@ func HandleReceiveRequest(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	session := entry.(internal.SessionEntry)
-
-	if time.Now().After(session.Expires) {
-		w.WriteHeader(http.StatusBadRequest)
-
-		log.Warning("receive: session expired")
-
-		return
-	}
+	sessions.Delete(token)

 	reader, err := r.MultipartReader()
 	if err != nil {