Commit 3fc3ddf0 authored by David Venhoek's avatar David Venhoek
Browse files

Made session lifetime configurable in the irma server.

parent 3f743367
......@@ -59,6 +59,7 @@ func configureIRMAServer() *server.Configuration {
LogJSON: viper.GetBool("log-json"),
Logger: logger,
Production: viper.GetBool("production"),
MaxSessionLifetime: viper.GetInt("max-session-lifetime"),
JwtIssuer: viper.GetString("jwt-issuer"),
JwtPrivateKey: viper.GetString("jwt-privkey"),
JwtPrivateKeyFile: viper.GetString("jwt-privkey-file"),
......
......@@ -110,6 +110,7 @@ func setFlags(cmd *cobra.Command, production bool) error {
flags.StringSlice("revoke-perms", nil, "list of credentials that all requestors may revoke")
flags.Bool("skip-private-keys-check", false, "whether or not to skip checking whether the private keys that requestors have permission for using are present in the configuration")
flags.String("static-sessions", "", "preconfigured static sessions (in JSON)")
flags.Int("max-session-lifetime", 5, "maximum duration of a session once a client connects in minutes")
flags.Lookup("no-auth").Header = `Requestor authentication and default requestor permissions`
flags.String("revocation-settings", "", "revocation settings (in JSON)")
......
......@@ -51,6 +51,9 @@ type Configuration struct {
// Static session requests after parsing
StaticSessionRequests map[string]irma.RequestorRequest `json:"-"`
// Session Timeout in minutes (default value 0 means 5)
MaxSessionLifetime int `json:"max_session_lifetime" mapstructure:"max_session_lifetime"`
// Used in the "iss" field of result JWTs from /result-jwt and /getproof
JwtIssuer string `json:"jwt_issuer" mapstructure:"jwt_issuer"`
// Private key to sign result JWTs with. If absent, /result-jwt and /getproof are disabled.
......@@ -93,6 +96,11 @@ func (conf *Configuration) Check() error {
Logger = conf.Logger
irma.SetLogger(conf.Logger)
// Use default session lifetime if not specified
if conf.MaxSessionLifetime == 0 {
conf.MaxSessionLifetime = 5
}
// loop to avoid repetetive err != nil line triplets
for _, f := range []func() error{
conf.verifyIrmaConf,
......
......@@ -72,10 +72,6 @@ type memorySessionStore struct {
client map[irma.ClientToken]*session
}
const (
maxSessionLifetime = 5 * time.Minute // After this a session is cancelled
)
var (
minProtocolVersion = irma.NewVersion(2, 4)
maxProtocolVersion = irma.NewVersion(2, 8)
......@@ -132,7 +128,7 @@ func (s *memorySessionStore) deleteExpired() {
expired := make([]irma.RequestorToken, 0, len(toCheck))
for token, session := range toCheck {
session.Lock()
timeout := maxSessionLifetime
timeout := time.Duration(s.conf.MaxSessionLifetime) * time.Minute
if session.status == irma.ServerStatusInitialized && session.rrequest.Base().ClientTimeout != 0 {
timeout = time.Duration(session.rrequest.Base().ClientTimeout) * time.Second
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment