diff --git a/cmd/rdpgw/api/web.go b/cmd/rdpgw/api/web.go index e7ccd84cb526ce78f07c0ee7e08f1febaf4d5537..ac804e23b134662046bde4b5976dabae2c7b05f7 100644 --- a/cmd/rdpgw/api/web.go +++ b/cmd/rdpgw/api/web.go @@ -13,6 +13,7 @@ import ( "log" "math/rand" "net/http" + "os" "strconv" "strings" "time" @@ -29,11 +30,12 @@ type UserTokenGeneratorFunc func(context.Context, string) (string, error) type Config struct { SessionKey []byte SessionEncryptionKey []byte + SessionStore string PAATokenGenerator TokenGeneratorFunc UserTokenGenerator UserTokenGeneratorFunc EnableUserToken bool OAuth2Config *oauth2.Config - store *sessions.CookieStore + store sessions.Store OIDCTokenVerifier *oidc.IDTokenVerifier stateStore *cache.Cache Hosts []string @@ -53,7 +55,13 @@ func (c *Config) NewApi() { if len(c.Hosts) < 1 { log.Fatal("Not enough hosts to connect to specified") } - c.store = sessions.NewCookieStore(c.SessionKey, c.SessionEncryptionKey) + if c.SessionStore == "file" { + log.Println("Filesystem is used as session storage") + c.store = sessions.NewFilesystemStore(os.TempDir(), c.SessionKey, c.SessionEncryptionKey) + } else { + log.Println("Cookies are used as session storage") + c.store = sessions.NewCookieStore(c.SessionKey, c.SessionEncryptionKey) + } c.stateStore = cache.New(time.Minute*2, 5*time.Minute) } diff --git a/cmd/rdpgw/config/configuration.go b/cmd/rdpgw/config/configuration.go index f47733e7634de39c7cc2857314820506421de598..cb851e3c2680da9df67f24a06199f0f8365446c0 100644 --- a/cmd/rdpgw/config/configuration.go +++ b/cmd/rdpgw/config/configuration.go @@ -23,6 +23,7 @@ type ServerConfig struct { RoundRobin bool SessionKey string SessionEncryptionKey string + SessionStore string SendBuf int ReceiveBuf int } @@ -72,6 +73,8 @@ func init() { viper.SetDefault("client.bandwidthAutoDetect", 1) viper.SetDefault("security.verifyClientIp", true) viper.SetDefault("server.tlsDisabled", false) + viper.SetDefault("server.sessionStore", "cookie") + viper.SetDefault("caps.tokenAuth", true) } func Load(configFile string) Configuration { diff --git a/cmd/rdpgw/main.go b/cmd/rdpgw/main.go index 1736a8f641b741a9e2cf267ce7c2d94f8a1811b5..9f8510bc9ed8558d0fe9d0a1f79469a20bc0833b 100644 --- a/cmd/rdpgw/main.go +++ b/cmd/rdpgw/main.go @@ -71,6 +71,7 @@ func main() { EnableUserToken: conf.Security.EnableUserToken, SessionKey: []byte(conf.Server.SessionKey), SessionEncryptionKey: []byte(conf.Server.SessionEncryptionKey), + SessionStore: conf.Server.SessionStore, Hosts: conf.Server.Hosts, NetworkAutoDetect: conf.Client.NetworkAutoDetect, UsernameTemplate: conf.Client.UsernameTemplate,