From fb7422e5a8456d32fc05ef33619e3baf0443626e Mon Sep 17 00:00:00 2001
From: Jakob Ketterl <jakob.ketterl@gmx.de>
Date: Sun, 23 Feb 2020 21:39:12 +0100
Subject: [PATCH] generate session cookie

---
 owrx/controllers/__init__.py |  4 +++-
 owrx/controllers/session.py  | 37 ++++++++++++++++++++++++++++++++++--
 2 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/owrx/controllers/__init__.py b/owrx/controllers/__init__.py
index 2faa1ab..f668c6e 100644
--- a/owrx/controllers/__init__.py
+++ b/owrx/controllers/__init__.py
@@ -20,8 +20,10 @@ class Controller(object):
             content = content.encode()
         self.handler.wfile.write(content)
 
-    def send_redirect(self, location, code=303, cookies=[]):
+    def send_redirect(self, location, code=303, cookies=None):
         self.handler.send_response(code)
+        if cookies is not None:
+            self.handler.send_header("Set-Cookie", cookies.output(header=''))
         self.handler.send_header("Location", location)
         self.handler.end_headers()
 
diff --git a/owrx/controllers/session.py b/owrx/controllers/session.py
index ea2721a..e4da220 100644
--- a/owrx/controllers/session.py
+++ b/owrx/controllers/session.py
@@ -1,10 +1,41 @@
 from .template import WebpageController
 from urllib.parse import parse_qs
+from uuid import uuid4
+from http.cookies import SimpleCookie
 import logging
 
 logger = logging.getLogger(__name__)
 
 
+class SessionStorage(object):
+    sharedInstance = None
+
+    @staticmethod
+    def getSharedInstance():
+        if SessionStorage.sharedInstance is None:
+            SessionStorage.sharedInstance = SessionStorage()
+        return SessionStorage.sharedInstance
+
+    def __init__(self):
+        self.sessions = {}
+
+    def generateKey(self):
+        return str(uuid4())
+
+    def startSession(self, data):
+        key = self.generateKey()
+        self.updateSession(key, data)
+        return key
+
+    def getSession(self, key):
+        if key not in self.sessions:
+            return None
+        return self.sessions[key]
+
+    def updateSession(self, key, data):
+        self.sessions[key] = data
+
+
 class SessionController(WebpageController):
     def loginAction(self):
         self.serve_template("login.html", **self.template_variables())
@@ -17,8 +48,10 @@ class SessionController(WebpageController):
             # TODO actually check user and password
             if data["user"] == "admin" and data["password"] == "password":
                 # TODO pass the final destination
-                # TODO actual session cookie
-                self.send_redirect("/settings", cookies=["session-cookie"])
+                key = SessionStorage.getSharedInstance().startSession({"user": data["user"]})
+                cookie = SimpleCookie()
+                cookie["session"] = key
+                self.send_redirect("/settings", cookies=cookie)
             else:
                 self.send_redirect("/login")
         else: