authelia/internal/session/encrypting_serializer.go

package session

import (
	"crypto/sha256"
	"fmt"

	"github.com/fasthttp/session/v2"

	"github.com/authelia/authelia/v4/internal/utils"
)

// Serializer is a function that can serialize session information.
type Serializer interface {
	Encode(src session.Dict) (data []byte, err error)
	Decode(dst *session.Dict, src []byte) (err error)
}

// EncryptingSerializer a serializer encrypting the data with AES-GCM with 256-bit keys.
type EncryptingSerializer struct {
	key [32]byte
}

// NewEncryptingSerializer return new encrypt instance.
func NewEncryptingSerializer(secret string) *EncryptingSerializer {
	key := sha256.Sum256([]byte(secret))
	return &EncryptingSerializer{key}
}

// Encode encode and encrypt session.
func (e *EncryptingSerializer) Encode(src session.Dict) (data []byte, err error) {
	if len(src.KV) == 0 {
		return nil, nil
	}

	dst, err := src.MarshalMsg(nil)
	if err != nil {
		return nil, fmt.Errorf("unable to marshal session: %v", err)
	}

	if data, err = utils.Encrypt(dst, &e.key); err != nil {
		return nil, fmt.Errorf("unable to encrypt session: %v", err)
	}

	return data, nil
}

// Decode decrypt and decode session.
func (e *EncryptingSerializer) Decode(dst *session.Dict, src []byte) (err error) {
	if len(src) == 0 {
		return nil
	}

	for k := range dst.KV {
		delete(dst.KV, k)
	}

	var data []byte

	if data, err = utils.Decrypt(src, &e.key); err != nil {
		return fmt.Errorf("unable to decrypt session: %s", err)
	}

	_, err = dst.UnmarshalMsg(data)

	return err
}
[MISC] Encrypt session data in redis store. (#789) This is a regression from v3. With this change session data is encrypted with AES-GCM using a 256-bit key derived from the provided secret. Fixes #652. 2020-03-28 06:10:39 +00:00			`package session`

			`import (`
			`"crypto/sha256"`
			`"fmt"`

refactor(session): use github.com/fasthttp/session/v2 instead of github.com/authelia/session/v2 (#1809) Reverts to the upstream library instead of our maintenance fork. 2021-03-13 05:06:19 +00:00			`"github.com/fasthttp/session/v2"`
[MISC] Update durations to notation format and housekeeping (#824) * added regulation validator * made regulations find_time and ban_time values duration notation strings * added DefaultRegulationConfiguration for the validator * made session expiration and inactivity values duration notation strings * TOTP period does not need to be converted because adjustment should be discouraged * moved TOTP defaults to DefaultTOTPConfiguration and removed the consts * arranged the root config validator in configuration file order * adjusted tests for the changes * moved duration notation docs to root of configuration * added references to duration notation where applicable * project wide gofmt and goimports: * run gofmt * run goimports -local github.com/authelia/authelia -w on all files * Make jwt_secret error uniform and add tests * now at 100% coverage for internal/configuration/validator/configuration.go 2020-04-05 12:37:21 +00:00
fix: include major in go.mod module directive (#2278) * build: include major in go.mod module directive * fix: xflags * revert: cobra changes * fix: mock doc 2021-08-11 01:04:35 +00:00			`"github.com/authelia/authelia/v4/internal/utils"`
[MISC] Encrypt session data in redis store. (#789) This is a regression from v3. With this change session data is encrypted with AES-GCM using a 256-bit key derived from the provided secret. Fixes #652. 2020-03-28 06:10:39 +00:00			`)`

feat(session): multiple session cookie domains (#3754) This adds support to configure multiple session cookie domains. Closes #1198 Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-12 10:57:44 +00:00			`// Serializer is a function that can serialize session information.`
			`type Serializer interface {`
			`Encode(src session.Dict) (data []byte, err error)`
			`Decode(dst *session.Dict, src []byte) (err error)`
			`}`

[MISC] Encrypt session data in redis store. (#789) This is a regression from v3. With this change session data is encrypted with AES-GCM using a 256-bit key derived from the provided secret. Fixes #652. 2020-03-28 06:10:39 +00:00			`// EncryptingSerializer a serializer encrypting the data with AES-GCM with 256-bit keys.`
			`type EncryptingSerializer struct {`
			`key [32]byte`
			`}`

[CI] Add godot linter (#958) * [CI] Add godot linter * Implement godot recommendations 2020-05-02 05:06:39 +00:00			`// NewEncryptingSerializer return new encrypt instance.`
[MISC] Encrypt session data in redis store. (#789) This is a regression from v3. With this change session data is encrypted with AES-GCM using a 256-bit key derived from the provided secret. Fixes #652. 2020-03-28 06:10:39 +00:00			`func NewEncryptingSerializer(secret string) *EncryptingSerializer {`
			`key := sha256.Sum256([]byte(secret))`
			`return &EncryptingSerializer{key}`
			`}`

[CI] Add godot linter (#958) * [CI] Add godot linter * Implement godot recommendations 2020-05-02 05:06:39 +00:00			`// Encode encode and encrypt session.`
feat(session): multiple session cookie domains (#3754) This adds support to configure multiple session cookie domains. Closes #1198 Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-12 10:57:44 +00:00			`func (e *EncryptingSerializer) Encode(src session.Dict) (data []byte, err error) {`
build(deps): update module github.com/fasthttp/session/v2 to v2.4.15 (#4292) * build(deps): update module github.com/fasthttp/session/v2 to v2.4.15 * fix(session): adjust api for changes in upstream library Fixes #3751. Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-09 04:57:40 +00:00			`if len(src.KV) == 0 {`
[MISC] Encrypt session data in redis store. (#789) This is a regression from v3. With this change session data is encrypted with AES-GCM using a 256-bit key derived from the provided secret. Fixes #652. 2020-03-28 06:10:39 +00:00			`return nil, nil`
			`}`

			`dst, err := src.MarshalMsg(nil)`
			`if err != nil {`
fix(session): use lower case in error messages (#2150) 2021-07-08 01:33:22 +00:00			`return nil, fmt.Errorf("unable to marshal session: %v", err)`
[MISC] Encrypt session data in redis store. (#789) This is a regression from v3. With this change session data is encrypted with AES-GCM using a 256-bit key derived from the provided secret. Fixes #652. 2020-03-28 06:10:39 +00:00			`}`

feat(session): multiple session cookie domains (#3754) This adds support to configure multiple session cookie domains. Closes #1198 Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-12 10:57:44 +00:00			`if data, err = utils.Encrypt(dst, &e.key); err != nil {`
fix(session): use lower case in error messages (#2150) 2021-07-08 01:33:22 +00:00			`return nil, fmt.Errorf("unable to encrypt session: %v", err)`
[MISC] Encrypt session data in redis store. (#789) This is a regression from v3. With this change session data is encrypted with AES-GCM using a 256-bit key derived from the provided secret. Fixes #652. 2020-03-28 06:10:39 +00:00			`}`

feat(session): multiple session cookie domains (#3754) This adds support to configure multiple session cookie domains. Closes #1198 Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-12 10:57:44 +00:00			`return data, nil`
[MISC] Encrypt session data in redis store. (#789) This is a regression from v3. With this change session data is encrypted with AES-GCM using a 256-bit key derived from the provided secret. Fixes #652. 2020-03-28 06:10:39 +00:00			`}`

[CI] Add godot linter (#958) * [CI] Add godot linter * Implement godot recommendations 2020-05-02 05:06:39 +00:00			`// Decode decrypt and decode session.`
feat(session): multiple session cookie domains (#3754) This adds support to configure multiple session cookie domains. Closes #1198 Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-12 10:57:44 +00:00			`func (e EncryptingSerializer) Decode(dst session.Dict, src []byte) (err error) {`
[MISC] Encrypt session data in redis store. (#789) This is a regression from v3. With this change session data is encrypted with AES-GCM using a 256-bit key derived from the provided secret. Fixes #652. 2020-03-28 06:10:39 +00:00			`if len(src) == 0 {`
			`return nil`
			`}`

build(deps): update module github.com/fasthttp/session/v2 to v2.4.15 (#4292) * build(deps): update module github.com/fasthttp/session/v2 to v2.4.15 * fix(session): adjust api for changes in upstream library Fixes #3751. Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-09 04:57:40 +00:00			`for k := range dst.KV {`
			`delete(dst.KV, k)`
			`}`
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-05 19:35:32 +00:00
feat(session): multiple session cookie domains (#3754) This adds support to configure multiple session cookie domains. Closes #1198 Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-12 10:57:44 +00:00			`var data []byte`

			`if data, err = utils.Decrypt(src, &e.key); err != nil {`
refactor(session): remove unencrypted session fallback (#2314) This removes a temporary session fallback for unencrypted sessions. 2021-08-26 11:48:14 +00:00			`return fmt.Errorf("unable to decrypt session: %s", err)`
[MISC] Encrypt session data in redis store. (#789) This is a regression from v3. With this change session data is encrypted with AES-GCM using a 256-bit key derived from the provided secret. Fixes #652. 2020-03-28 06:10:39 +00:00			`}`

feat(session): multiple session cookie domains (#3754) This adds support to configure multiple session cookie domains. Closes #1198 Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-12 10:57:44 +00:00			`_, err = dst.UnmarshalMsg(data)`
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-05 19:35:32 +00:00
[MISC] Encrypt session data in redis store. (#789) This is a regression from v3. With this change session data is encrypted with AES-GCM using a 256-bit key derived from the provided secret. Fixes #652. 2020-03-28 06:10:39 +00:00			`return err`
			`}`