feat(webui): add sessions expiration

Closes #28
2025-04-18 23:26:38 +02:00 · 2025-04-18 23:26:38 +02:00 · 215c630ba0
commit 215c630ba0
parent d40595cacb
3 changed files with 10 additions and 4 deletions
--- a/pkg/model/session.go
+++ b/pkg/model/session.go
@ -17,6 +17,6 @@ type Session struct {
 }

 func (session *Session) IsExpired() bool {
-	// TODO
-	return false
+	expires := session.Created.Add(12 * time.Hour) // 12 hours sessions
+	return time.Now().After(expires)
 }
--- a/pkg/webui/login.go
+++ b/pkg/webui/login.go
@ -86,7 +86,7 @@ func handleLoginPOST(db *database.DB) http.Handler {
 			Value:    sessionId,
 			Quoted:   false,
 			Path:     "/",
-			MaxAge:   8 * 3600, // 1 hour sessions
+			MaxAge:   12 * 3600, // 12 hours sessions
 			HttpOnly: true,
 			SameSite: http.SameSiteStrictMode,
 			Secure:   true,
--- a/pkg/webui/sessions.go
+++ b/pkg/webui/sessions.go
@ -31,7 +31,13 @@ func sessionsMiddleware(db *database.DB) func(http.Handler) http.Handler {
 					}
 					if session == nil {
 						unsetSesssionCookie(w)
-					} else if !session.IsExpired() {
+					} else if session.IsExpired() {
+						unsetSesssionCookie(w)
+						if err := db.DeleteSession(session); err != nil {
+							errorResponse(w, r, http.StatusInternalServerError, err)
+							return
+						}
+					} else {
 						if err := db.TouchSession(cookie.Value); err != nil {
 							errorResponse(w, r, http.StatusInternalServerError, err)
 							return