improve: passkey session 存储空间隔离

ncuhome · Dec 28, 2023 · 5a3c09f · 5a3c09f
1 parent 4f0e2a0
commit 5a3c09f
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 10 deletions.
diff --git a/internal/api/controllers/public/login/passkey.go b/internal/api/controllers/public/login/passkey.go
@@ -32,11 +32,11 @@ func BeginPasskeyLogin(c *gin.Context) {
 		return
 	}
 
-	identity := tool.NewRand(rand.NewSource(time.Now().UnixNano())).
+	identity := "r" + tool.NewRand(rand.NewSource(time.Now().UnixNano())).
 		WithLetters("qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM").
-		String(passkeyKeyLength)
+		String(passkeyKeyLength-1)
 
-	err = redis.NewPasskey(c.ClientIP(), identity).
+	err = redis.NewPasskey(c.ClientIP(), redis.PasskeyLogin, identity).
 		StoreSession(context.Background(), sessionData, time.Minute*5)
 	if err != nil {
 		callback.Error(c, callback.ErrDBOperation, err)
@@ -69,7 +69,7 @@ func FinishPasskeyLogin(c *gin.Context) {
 	}
 
 	var sessionData webauthn.SessionData
-	err = redis.NewPasskey(c.ClientIP(), identity).
+	err = redis.NewPasskey(c.ClientIP(), redis.PasskeyLogin, identity).
 		ReadSession(context.Background(), &sessionData)
 	if err != nil {
 		if errors.Is(err, redis.Nil) {

diff --git a/internal/api/controllers/user/passkey/data.go b/internal/api/controllers/user/passkey/data.go
@@ -36,7 +36,7 @@ func PasskeyOptions(c *gin.Context) {
 		return
 	}
 
-	err = redis.NewPasskey(c.ClientIP(), fmt.Sprint(uid)).StoreSession(context.Background(), session, time.Minute*5)
+	err = redis.NewPasskey(c.ClientIP(), redis.PasskeyUser, fmt.Sprint(uid)).StoreSession(context.Background(), session, time.Minute*5)
 	if err != nil {
 		callback.Error(c, callback.ErrDBOperation, err)
 		return

diff --git a/internal/api/controllers/user/passkey/register.go b/internal/api/controllers/user/passkey/register.go
@@ -39,7 +39,7 @@ func BeginPasskeyRegistration(c *gin.Context) {
 		callback.Error(c, callback.ErrUnexpected, err)
 	}
 
-	err = redis.NewPasskey(c.ClientIP(), fmt.Sprint(uid)).
+	err = redis.NewPasskey(c.ClientIP(), redis.PasskeyUserRegister, fmt.Sprint(uid)).
 		StoreSession(context.Background(), session, time.Minute*10)
 	if err != nil {
 		callback.Error(c, callback.ErrDBOperation, err)
@@ -53,7 +53,7 @@ func FinishPasskeyRegistration(c *gin.Context) {
 	uid := tools.GetUserInfo(c).UID
 
 	var session webauthn.SessionData
-	err := redis.NewPasskey(c.ClientIP(), fmt.Sprint(uid)).
+	err := redis.NewPasskey(c.ClientIP(), redis.PasskeyUserRegister, fmt.Sprint(uid)).
 		ReadSession(context.Background(), &session)
 	if err != nil {
 		if errors.Is(err, redis.Nil) {

diff --git a/internal/api/controllers/user/u2f.go b/internal/api/controllers/user/u2f.go
@@ -80,7 +80,7 @@ func BeginU2F(c *gin.Context) {
 		}
 	case "passkey":
 		var sessionData webauthn.SessionData
-		err := redis.NewPasskey(c.ClientIP(), fmt.Sprint(uid)).
+		err := redis.NewPasskey(c.ClientIP(), redis.PasskeyUser, fmt.Sprint(uid)).
 			ReadSession(context.Background(), &sessionData)
 		if err != nil {
 			if errors.Is(err, redis.Nil) {

diff --git a/internal/db/redis/Passkey.go b/internal/db/redis/Passkey.go
@@ -6,9 +6,17 @@ import (
 	"time"
 )
 
-func NewPasskey(ip, identity string) Passkey {
+type PasskeyNamespace string
+
+const (
+	PasskeyUser         PasskeyNamespace = "u"
+	PasskeyUserRegister PasskeyNamespace = "ur"
+	PasskeyLogin        PasskeyNamespace = "l"
+)
+
+func NewPasskey(ip string, namespace PasskeyNamespace, identity string) Passkey {
 	return Passkey{
-		key: keyPasskey.String() + "ip" + ip + "id" + identity,
+		key: keyPasskey.String() + "ip" + ip + string(namespace) + identity,
 	}
 }