def get_token_authorization(self, token):
if token and '-' in token:
token_256 = make_sha256(token)
file_path = self.get_token_file_path(token_256)
last_read_time = last_read_file_time(file_path)
if last_read_time:
info = self.get_token_info(token_256)
if info:
now = NOW_TIME()
token_expire_seconds = info.get('token_expire_seconds') or self.token_expire_seconds
expire = last_read_time + token_expire_seconds
end_date = info.get('end_date')
if expire > now and (not end_date or end_date > now):
token_lock = make_token_lock(self.request, token, info['session_id'])
valid_token = compare_digest(info['lock_key'], token_lock)
valid_session_id = compare_digest(info['session_id'], token.split('-', 1)[0])
if valid_token and valid_session_id:
return info['session_id']
# Compromised or ended! Force revalidation
self.delete_session_key_tokens(info['session_key'])
def session_is_alive(self, session_key_256):
reference_path = self.get_reference_file_path(session_key_256)
binary = get_file_binary(reference_path)
if binary:
tokens = binary.splitlines()
if tokens:
now = NOW_TIME()
for token_256 in set(tokens):
if token_256:
token_path = self.get_token_file_path(token_256)
last_read_time = last_read_file_time(token_path)
if last_read_time:
if now <= (last_read_time + self.token_expire_seconds):
return True
else:
# Remove token garbage
remove_file_quietly(token_path)
else:
# Remove session reference
remove_file_quietly(reference_path)
return False
