GitHub/ergo
3
0
Fork 0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-10 22:19:31 +01:00
Code Issues Projects Releases Wiki Activity

consume resume token during VerifyToken

Browse Source 
Independently of this, ClientLookupSet.Resume ensures that at most one
resume can succeed, so this doesn't actually change the behavior.
But ResumeManager should be a standalone example of how to implement
resume without race conditions.
This commit is contained in:
Shivaram Lingamneni 2019-02-19 16:47:04 -05:00
parent 7018e3693b
commit d43ce07b66
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
irc/resume.go
View File

@ -52,7 +52,8 @@ func (rm *ResumeManager) GenerateToken(client *Client) (token string) {
}
// VerifyToken looks up the client corresponding to a resume token, returning
// nil if there is no such client or the token is invalid.
// nil if there is no such client or the token is invalid. If successful,
// the token is consumed and cannot be used to resume again.
func (rm *ResumeManager) VerifyToken(token string) (client *Client) {
if len(token) != 2*utils.SecretTokenLength {
return
@ -68,6 +69,8 @@ func (rm *ResumeManager) VerifyToken(token string) (client *Client) {
// disallow resume of an unregistered client; this prevents the use of
// resume as an auth bypass
if pair.client.Registered() {
// consume the token, ensuring that at most one resume can succeed
delete(rm.resumeIDtoCreds, id)
return pair.client
}
}