mirror of
https://github.com/ergochat/ergo.git
synced 2024-12-22 10:42:52 +01:00
consume resume token during VerifyToken
Independently of this, ClientLookupSet.Resume ensures that at most one resume can succeed, so this doesn't actually change the behavior. But ResumeManager should be a standalone example of how to implement resume without race conditions.
This commit is contained in:
parent
7018e3693b
commit
d43ce07b66
@ -52,7 +52,8 @@ func (rm *ResumeManager) GenerateToken(client *Client) (token string) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// VerifyToken looks up the client corresponding to a resume token, returning
|
// VerifyToken looks up the client corresponding to a resume token, returning
|
||||||
// nil if there is no such client or the token is invalid.
|
// nil if there is no such client or the token is invalid. If successful,
|
||||||
|
// the token is consumed and cannot be used to resume again.
|
||||||
func (rm *ResumeManager) VerifyToken(token string) (client *Client) {
|
func (rm *ResumeManager) VerifyToken(token string) (client *Client) {
|
||||||
if len(token) != 2*utils.SecretTokenLength {
|
if len(token) != 2*utils.SecretTokenLength {
|
||||||
return
|
return
|
||||||
@ -68,6 +69,8 @@ func (rm *ResumeManager) VerifyToken(token string) (client *Client) {
|
|||||||
// disallow resume of an unregistered client; this prevents the use of
|
// disallow resume of an unregistered client; this prevents the use of
|
||||||
// resume as an auth bypass
|
// resume as an auth bypass
|
||||||
if pair.client.Registered() {
|
if pair.client.Registered() {
|
||||||
|
// consume the token, ensuring that at most one resume can succeed
|
||||||
|
delete(rm.resumeIDtoCreds, id)
|
||||||
return pair.client
|
return pair.client
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user