From 118861cee14bae0f7e6d0443f1429db84b2d5593 Mon Sep 17 00:00:00 2001
From: slguan <slguan@taosdata.com>
Date: Thu, 28 Nov 2019 21:21:08 +0800
Subject: [PATCH] fix issue #626 and [TBASE-1192]

---
 src/modules/http/inc/httpHandle.h  |  4 ++-
 src/modules/http/src/httpSession.c | 47 ++++++++++++++++++++----------
 src/modules/http/src/httpSql.c     |  4 +--
 3 files changed, 36 insertions(+), 19 deletions(-)

diff --git a/src/modules/http/inc/httpHandle.h b/src/modules/http/inc/httpHandle.h
index f6ca8aee53..1b746e1520 100644
--- a/src/modules/http/inc/httpHandle.h
+++ b/src/modules/http/inc/httpHandle.h
@@ -68,6 +68,8 @@
 #define HTTP_COMPRESS_IDENTITY      0
 #define HTTP_COMPRESS_GZIP          2
 
+#define HTTP_SESSION_ID_LEN         (TSDB_USER_LEN * 2 + 1)
+
 typedef enum {
     HTTP_CONTEXT_STATE_READY,
     HTTP_CONTEXT_STATE_HANDLING,
@@ -83,7 +85,7 @@ typedef struct {
   int   expire;
   int   access;
   void *taos;
-  char  id[TSDB_USER_LEN];
+  char  id[HTTP_SESSION_ID_LEN + 1];
 } HttpSession;
 
 typedef enum {
diff --git a/src/modules/http/src/httpSession.c b/src/modules/http/src/httpSession.c
index 8e8e39c8b0..5a5a32260f 100644
--- a/src/modules/http/src/httpSession.c
+++ b/src/modules/http/src/httpSession.c
@@ -41,8 +41,8 @@ void httpCreateSession(HttpContext *pContext, void *taos) {
   pthread_mutex_lock(&server->serverMutex);
 
   if (pContext->session != NULL && pContext->session == pContext->session->signature) {
-    httpTrace("context:%p, fd:%d, ip:%s, user:%s, set exist session:%p:%s:%p expired", pContext, pContext->fd,
-              pContext->ipstr, pContext->user, pContext->session, pContext->session->id, pContext->session->taos);
+    httpTrace("context:%p, fd:%d, ip:%s, user:%s, set exist session:%p:%p expired", pContext, pContext->fd,
+              pContext->ipstr, pContext->user, pContext->session, pContext->session->taos);
     pContext->session->expire = 0;
     pContext->session->access--;
   }
@@ -51,7 +51,7 @@ void httpCreateSession(HttpContext *pContext, void *taos) {
   session.taos = taos;
   session.expire = (int)taosGetTimestampSec() + server->sessionExpire;
   session.access = 1;
-  strcpy(session.id, pContext->user);
+  snprintf(session.id, HTTP_SESSION_ID_LEN, "%s.%s", pContext->user, pContext->pass);
   pContext->session = (HttpSession *)taosAddStrHash(server->pSessionHash, session.id, (char *)(&session));
   if (pContext->session == NULL) {
     httpError("context:%p, fd:%d, ip:%s, user:%s, error:%s", pContext, pContext->fd, pContext->ipstr, pContext->user,
@@ -62,20 +62,23 @@ void httpCreateSession(HttpContext *pContext, void *taos) {
   }
 
   pContext->session->signature = pContext->session;
-  httpTrace("context:%p, fd:%d, ip:%s, user:%s, create a new session:%p:%s:%p", pContext, pContext->fd, pContext->ipstr,
-            pContext->user, pContext->session, pContext->session->id, pContext->session->taos);
+  httpTrace("context:%p, fd:%d, ip:%s, user:%s, create a new session:%p:%p", pContext, pContext->fd, pContext->ipstr,
+            pContext->user, pContext->session, pContext->session->taos);
   pthread_mutex_unlock(&server->serverMutex);
 }
 
-void httpFetchSession(HttpContext *pContext) {
+void httpFetchSessionImp(HttpContext *pContext) {
   HttpServer *server = pContext->pThread->pServer;
   pthread_mutex_lock(&server->serverMutex);
 
-  pContext->session = (HttpSession *)taosGetStrHashData(server->pSessionHash, pContext->user);
+  char sessionId[HTTP_SESSION_ID_LEN];
+  snprintf(sessionId, HTTP_SESSION_ID_LEN, "%s.%s", pContext->user, pContext->pass);
+
+  pContext->session = (HttpSession *)taosGetStrHashData(server->pSessionHash, sessionId);
   if (pContext->session != NULL && pContext->session == pContext->session->signature) {
     pContext->session->access++;
-    httpTrace("context:%p, fd:%d, ip:%s, user:%s, find an exist session:%p:%s:%p, access:%d, expire:%d",
-              pContext, pContext->fd, pContext->ipstr, pContext->user, pContext->session, pContext->session->id,
+    httpTrace("context:%p, fd:%d, ip:%s, user:%s, find an exist session:%p:%p, access:%d, expire:%d",
+              pContext, pContext->fd, pContext->ipstr, pContext->user, pContext->session,
               pContext->session->taos, pContext->session->access, pContext->session->expire);
     pContext->session->expire = (int)taosGetTimestampSec() + server->sessionExpire;
   } else {
@@ -86,6 +89,20 @@ void httpFetchSession(HttpContext *pContext) {
   pthread_mutex_unlock(&server->serverMutex);
 }
 
+void httpFetchSession(HttpContext *pContext) {
+  if (pContext->session == NULL) {
+    httpFetchSessionImp(pContext);
+  } else {
+    char sessionId[HTTP_SESSION_ID_LEN];
+    snprintf(sessionId, HTTP_SESSION_ID_LEN, "%s.%s", pContext->user, pContext->pass);
+    if (strcmp(pContext->session->id, sessionId) != 0) {
+      httpError("context:%p, fd:%d, ip:%s, user:%s, password may be changed", pContext, pContext->fd, pContext->ipstr, pContext->user);
+      httpRestoreSession(pContext);
+      httpFetchSessionImp(pContext);
+    }
+  }
+}
+
 void httpRestoreSession(HttpContext *pContext) {
   HttpServer * server = pContext->pThread->pServer;
 
@@ -97,15 +114,15 @@ void httpRestoreSession(HttpContext *pContext) {
     return;
   }
   session->access--;
-  httpTrace("context:%p, ip:%s, user:%s, restore session:%p:%s:%p, access:%d, expire:%d",
-            pContext, pContext->ipstr, pContext->user, session, session->id, session->taos,
+  httpTrace("context:%p, ip:%s, user:%s, restore session:%p:%p, access:%d, expire:%d",
+            pContext, pContext->ipstr, pContext->user, session, session->taos,
             session->access, pContext->session->expire);
   pthread_mutex_unlock(&server->serverMutex);
 }
 
 void httpResetSession(char *session) {
   HttpSession *pSession = (HttpSession *)session;
-  httpTrace("close session:%p:%s:%p", pSession, pSession->id, pSession->taos);
+  httpTrace("close session:%p:%p", pSession, pSession->taos);
   if (pSession->taos != NULL) {
     taos_close(pSession->taos);
     pSession->taos = NULL;
@@ -144,12 +161,12 @@ int httpSessionExpired(char *session) {
       return 0;  // un-expired, so return false
     }
     if (pSession->access > 0) {
-      httpTrace("session:%p:%s:%p is expired, but still access:%d", pSession, pSession->id, pSession->taos,
+      httpTrace("session:%p:%p is expired, but still access:%d", pSession, pSession->taos,
                 pSession->access);
       return 0;  // still used, so return false
     }
-    httpTrace("need close session:%p:%s:%p for it expired, cur:%d, expire:%d, invertal:%d",
-              pSession, pSession->id, pSession->taos, cur, pSession->expire, cur - pSession->expire);
+    httpTrace("need close session:%p:%p for it expired, cur:%d, expire:%d, invertal:%d",
+              pSession, pSession->taos, cur, pSession->expire, cur - pSession->expire);
   }
 
   return 1;
diff --git a/src/modules/http/src/httpSql.c b/src/modules/http/src/httpSql.c
index 732d0179ff..4696e80dc7 100644
--- a/src/modules/http/src/httpSql.c
+++ b/src/modules/http/src/httpSql.c
@@ -378,9 +378,7 @@ void httpProcessRequestCb(void *param, TAOS_RES *result, int code) {
 }
 
 void httpProcessRequest(HttpContext *pContext) {
-  if (pContext->session == NULL) {
-    httpFetchSession(pContext);
-  }
+  httpFetchSession(pContext);
 
   if (pContext->session == NULL || pContext->session != pContext->session->signature ||
       pContext->reqType == HTTP_REQTYPE_LOGIN) {
-- 
GitLab