src/hg/lib/cartDb.c 4b5cd61950725b446645ab7276dd60cb3765d8e8

4b5cd61950725b446645ab7276dd60cb3765d8e8
galt
  Mon Feb 10 12:30:20 2014 -0800
initial work on creating a random session key for greater securiy of cart data
diff --git src/hg/lib/cartDb.c src/hg/lib/cartDb.c
index fdecba5..135c9e6 100644
--- src/hg/lib/cartDb.c
+++ src/hg/lib/cartDb.c
@@ -1,52 +1,115 @@
 /* cartDb.c was originally generated by the autoSql program, which also 
  * generated cartDb.h and cartDb.sql.  This module links the database and
  * the RAM representation of objects. */
 
 #include "common.h"
 #include "linefile.h"
 #include "dystring.h"
 #include "jksql.h"
+#include "hgConfig.h"
 #include "cartDb.h"
 
+boolean cartDbHasSessionKey(struct sqlConnection *conn, char *table)
+/* Check to see if the table has the sessionKey field */
+{
+static boolean userDbInitialized = FALSE;
+static boolean sessionDbInitialized = FALSE;
+static boolean userDbHasSessionKey = FALSE;
+static boolean sessionDbHasSessionKey = FALSE;
+if (sameString(table, "userDb"))
+    {
+    if (!userDbInitialized)
+	{
+	userDbInitialized = TRUE;
+	if (sqlFieldIndex(conn, table, "sessionKey") >= 0)
+	    {
+	    userDbHasSessionKey = TRUE;
+	    } 
+	}
+    return userDbHasSessionKey;
+    }
+else if (sameString(table, "sessionDb"))
+    {
+    if (!sessionDbInitialized)
+	{
+	sessionDbInitialized = TRUE;
+	if (sqlFieldIndex(conn, table, "sessionKey") >= 0)
+	    {
+	    sessionDbHasSessionKey = TRUE;
+	    } 
+	}
+    return sessionDbHasSessionKey;
+    }
+else
+    errAbort("Unknown table %s", table);
+return FALSE;
+}
+
+boolean cartDbUseSessionKey()
+/* Check settings and and state to determine if sessionKey is in use */
+{
+static boolean initialized = FALSE;
+static boolean useSessionKey = FALSE;
+if (!initialized)
+    {
+    initialized = TRUE;
+    char *sessionKey = cfgOption2("browser", "sessionKey");
+    if (!sessionKey)
+	sessionKey = "off";  // DEFAULT
+    if (sameString(sessionKey, "on"))
+	useSessionKey = TRUE;
+    else if (sameString(sessionKey, "off"))
+	useSessionKey = FALSE;
+    else if (sameString(sessionKey, "autodetect"))
+	{
+	errAbort("brower.sessionKey=autodetect has not implemented yet."); // TODO
+	}
+    }
+return useSessionKey;
+}
 
 void cartDbStaticLoad(char **row, struct cartDb *ret)
 /* Load a row from cartDb table into ret.  The contents of ret will
  * be replaced at the next call to this function. */
 {
 
 ret->id = sqlUnsigned(row[0]);
 ret->contents = row[1];
 ret->reserved = sqlSigned(row[2]);
 ret->firstUse = row[3];
 ret->lastUse = row[4];
 ret->useCount = sqlSigned(row[5]);
+if (cartDbUseSessionKey())
+    ret->sessionKey = row[6];
 }
 
 struct cartDb *cartDbLoad(char **row)
 /* Load a cartDb from row fetched with select * from cartDb
  * from database.  Dispose of this with cartDbFree(). */
 {
 struct cartDb *ret;
 
 AllocVar(ret);
 ret->id = sqlUnsigned(row[0]);
 ret->contents = cloneString(row[1]);
 ret->reserved = sqlSigned(row[2]);
 ret->firstUse = cloneString(row[3]);
 ret->lastUse = cloneString(row[4]);
 ret->useCount = sqlSigned(row[5]);
+if (cartDbUseSessionKey())
+    ret->sessionKey = cloneString(row[6]);
 return ret;
 }
 
 struct cartDb *cartDbLoadAll(char *fileName) 
 /* Load all cartDb from a tab-separated file.
  * Dispose of this with cartDbFreeList(). */
 {
 struct cartDb *list = NULL, *el;
 struct lineFile *lf = lineFileOpen(fileName, TRUE);
 char *row[6];
 
 while (lineFileRow(lf, row))
     {
     el = cartDbLoad(row);
     slAddHead(&list, el);
@@ -84,44 +147,48 @@
 struct cartDb *cartDbCommaIn(char **pS, struct cartDb *ret)
 /* Create a cartDb out of a comma separated string. 
  * This will fill in ret if non-null, otherwise will
  * return a new cartDb */
 {
 char *s = *pS;
 
 if (ret == NULL)
     AllocVar(ret);
 ret->id = sqlUnsignedComma(&s);
 ret->contents = sqlStringComma(&s);
 ret->reserved = sqlSignedComma(&s);
 ret->firstUse = sqlStringComma(&s);
 ret->lastUse = sqlStringComma(&s);
 ret->useCount = sqlSignedComma(&s);
+if (cartDbUseSessionKey())
+    ret->sessionKey = sqlStringComma(&s);
 *pS = s;
 return ret;
 }
 
 void cartDbFree(struct cartDb **pEl)
 /* Free a single dynamically allocated cartDb such as created
  * with cartDbLoad(). */
 {
 struct cartDb *el;
 
 if ((el = *pEl) == NULL) return;
 freeMem(el->contents);
 freeMem(el->firstUse);
 freeMem(el->lastUse);
+if (cartDbUseSessionKey())
+    freeMem(el->sessionKey);
 freez(pEl);
 }
 
 void cartDbFreeList(struct cartDb **pList)
 /* Free a list of dynamically allocated cartDb's */
 {
 struct cartDb *el, *next;
 
 for (el = *pList; el != NULL; el = next)
     {
     next = el->next;
     cartDbFree(&el);
     }
 *pList = NULL;
 }
@@ -136,18 +203,23 @@
 if (sep == ',') fputc('"',f);
 fprintf(f, "%s", el->contents);
 if (sep == ',') fputc('"',f);
 fputc(sep,f);
 fprintf(f, "%d", el->reserved);
 fputc(sep,f);
 if (sep == ',') fputc('"',f);
 fprintf(f, "%s", el->firstUse);
 if (sep == ',') fputc('"',f);
 fputc(sep,f);
 if (sep == ',') fputc('"',f);
 fprintf(f, "%s", el->lastUse);
 if (sep == ',') fputc('"',f);
 fputc(sep,f);
 fprintf(f, "%d", el->useCount);
+if (cartDbUseSessionKey())
+    {
+    fputc(sep,f);
+    fprintf(f, "%s", el->sessionKey);
+    }
 fputc(lastSep,f);
 }