fix issue #626 and [TBASE-1192]

118861ce · slguan · 8254aba1 · 118861ce · 118861ce · 118861ce
3 changed file
--- a/src/modules/http/inc/httpHandle.h
+++ b/src/modules/http/inc/httpHandle.h
@@ -68,6 +68,8 @@
 #define HTTP_COMPRESS_IDENTITY      0
 #define HTTP_COMPRESS_GZIP          2

+#define HTTP_SESSION_ID_LEN         (TSDB_USER_LEN * 2 + 1)
+
 typedef enum {
    HTTP_CONTEXT_STATE_READY,
    HTTP_CONTEXT_STATE_HANDLING,
@@ -83,7 +85,7 @@ typedef struct {
  int   expire;
  int   access;
  void *taos;
-  char  id[TSDB_USER_LEN];
+  char  id[HTTP_SESSION_ID_LEN + 1];
 } HttpSession;

 typedef enum {

--- a/src/modules/http/src/httpSession.c
+++ b/src/modules/http/src/httpSession.c
@@ -41,8 +41,8 @@ void httpCreateSession(HttpContext *pContext, void *taos) {
  pthread_mutex_lock(&server->serverMutex);

  if (pContext->session != NULL && pContext->session == pContext->session->signature) {
-    httpTrace("context:%p, fd:%d, ip:%s, user:%s, set exist session:%p:%s:%p expired", pContext, pContext->fd,
-              pContext->ipstr, pContext->user, pContext->session, pContext->session->id, pContext->session->taos);
+    httpTrace("context:%p, fd:%d, ip:%s, user:%s, set exist session:%p:%p expired", pContext, pContext->fd,
+              pContext->ipstr, pContext->user, pContext->session, pContext->session->taos);
    pContext->session->expire = 0;
    pContext->session->access--;
  }
@@ -51,7 +51,7 @@ void httpCreateSession(HttpContext *pContext, void *taos) {
  session.taos = taos;
  session.expire = (int)taosGetTimestampSec() + server->sessionExpire;
  session.access = 1;
-  strcpy(session.id, pContext->user);
+  snprintf(session.id, HTTP_SESSION_ID_LEN, "%s.%s", pContext->user, pContext->pass);
  pContext->session = (HttpSession *)taosAddStrHash(server->pSessionHash, session.id, (char *)(&session));
  if (pContext->session == NULL) {
    httpError("context:%p, fd:%d, ip:%s, user:%s, error:%s", pContext, pContext->fd, pContext->ipstr, pContext->user,
@@ -62,20 +62,23 @@ void httpCreateSession(HttpContext *pContext, void *taos) {
  }

  pContext->session->signature = pContext->session;
-  httpTrace("context:%p, fd:%d, ip:%s, user:%s, create a new session:%p:%s:%p", pContext, pContext->fd, pContext->ipstr,
-            pContext->user, pContext->session, pContext->session->id, pContext->session->taos);
+  httpTrace("context:%p, fd:%d, ip:%s, user:%s, create a new session:%p:%p", pContext, pContext->fd, pContext->ipstr,
+            pContext->user, pContext->session, pContext->session->taos);
  pthread_mutex_unlock(&server->serverMutex);
 }

-void httpFetchSession(HttpContext *pContext) {
+void httpFetchSessionImp(HttpContext *pContext) {
  HttpServer *server = pContext->pThread->pServer;
  pthread_mutex_lock(&server->serverMutex);

-  pContext->session = (HttpSession *)taosGetStrHashData(server->pSessionHash, pContext->user);
+  char sessionId[HTTP_SESSION_ID_LEN];
+  snprintf(sessionId, HTTP_SESSION_ID_LEN, "%s.%s", pContext->user, pContext->pass);
+
+  pContext->session = (HttpSession *)taosGetStrHashData(server->pSessionHash, sessionId);
  if (pContext->session != NULL && pContext->session == pContext->session->signature) {
    pContext->session->access++;
-    httpTrace("context:%p, fd:%d, ip:%s, user:%s, find an exist session:%p:%s:%p, access:%d, expire:%d",
-              pContext, pContext->fd, pContext->ipstr, pContext->user, pContext->session, pContext->session->id,
+    httpTrace("context:%p, fd:%d, ip:%s, user:%s, find an exist session:%p:%p, access:%d, expire:%d",
+              pContext, pContext->fd, pContext->ipstr, pContext->user, pContext->session,
              pContext->session->taos, pContext->session->access, pContext->session->expire);
    pContext->session->expire = (int)taosGetTimestampSec() + server->sessionExpire;
  } else {
@@ -86,6 +89,20 @@ void httpFetchSession(HttpContext *pContext) {
  pthread_mutex_unlock(&server->serverMutex);
 }

+void httpFetchSession(HttpContext *pContext) {
+  if (pContext->session == NULL) {
+    httpFetchSessionImp(pContext);
+  } else {
+    char sessionId[HTTP_SESSION_ID_LEN];
+    snprintf(sessionId, HTTP_SESSION_ID_LEN, "%s.%s", pContext->user, pContext->pass);
+    if (strcmp(pContext->session->id, sessionId) != 0) {
+      httpError("context:%p, fd:%d, ip:%s, user:%s, password may be changed", pContext, pContext->fd, pContext->ipstr, pContext->user);
+      httpRestoreSession(pContext);
+      httpFetchSessionImp(pContext);
+    }
+  }
+}
+
 void httpRestoreSession(HttpContext *pContext) {
  HttpServer * server = pContext->pThread->pServer;

@@ -97,15 +114,15 @@ void httpRestoreSession(HttpContext *pContext) {
    return;
  }
  session->access--;
-  httpTrace("context:%p, ip:%s, user:%s, restore session:%p:%s:%p, access:%d, expire:%d",
-            pContext, pContext->ipstr, pContext->user, session, session->id, session->taos,
+  httpTrace("context:%p, ip:%s, user:%s, restore session:%p:%p, access:%d, expire:%d",
+            pContext, pContext->ipstr, pContext->user, session, session->taos,
            session->access, pContext->session->expire);
  pthread_mutex_unlock(&server->serverMutex);
 }

 void httpResetSession(char *session) {
  HttpSession *pSession = (HttpSession *)session;
-  httpTrace("close session:%p:%s:%p", pSession, pSession->id, pSession->taos);
+  httpTrace("close session:%p:%p", pSession, pSession->taos);
  if (pSession->taos != NULL) {
    taos_close(pSession->taos);
    pSession->taos = NULL;
@@ -144,12 +161,12 @@ int httpSessionExpired(char *session) {
      return 0;  // un-expired, so return false
    }
    if (pSession->access > 0) {
-      httpTrace("session:%p:%s:%p is expired, but still access:%d", pSession, pSession->id, pSession->taos,
+      httpTrace("session:%p:%p is expired, but still access:%d", pSession, pSession->taos,
                pSession->access);
      return 0;  // still used, so return false
    }
-    httpTrace("need close session:%p:%s:%p for it expired, cur:%d, expire:%d, invertal:%d",
-              pSession, pSession->id, pSession->taos, cur, pSession->expire, cur - pSession->expire);
+    httpTrace("need close session:%p:%p for it expired, cur:%d, expire:%d, invertal:%d",
+              pSession, pSession->taos, cur, pSession->expire, cur - pSession->expire);
  }

  return 1;

--- a/src/modules/http/src/httpSql.c
+++ b/src/modules/http/src/httpSql.c
@@ -378,9 +378,7 @@ void httpProcessRequestCb(void *param, TAOS_RES *result, int code) {
 }

 void httpProcessRequest(HttpContext *pContext) {
-  if (pContext->session == NULL) {
-    httpFetchSession(pContext);
-  }
+  httpFetchSession(pContext);

  if (pContext->session == NULL || pContext->session != pContext->session->signature ||
      pContext->reqType == HTTP_REQTYPE_LOGIN) {