From a8ec6bd793efb77babb43783afaf50559affdab2 Mon Sep 17 00:00:00 2001
From: Julien Dessaux <julien.dessaux@adyxax.org>
Date: Fri, 18 Apr 2025 23:26:38 +0200
Subject: [PATCH] feat(webui): add sessions expiration

Closes #28
---
 pkg/model/session.go  | 4 ++--
 pkg/webui/login.go    | 2 +-
 pkg/webui/sessions.go | 7 ++++++-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/pkg/model/session.go b/pkg/model/session.go
index fa88693..ac6da89 100644
--- a/pkg/model/session.go
+++ b/pkg/model/session.go
@@ -17,6 +17,6 @@ type Session struct {
 }
 
 func (session *Session) IsExpired() bool {
-	// TODO
-	return false
+	expires := session.Created.Add(12 * time.Hour) // 12 hours sessions
+	return time.Now().After(expires)
 }
diff --git a/pkg/webui/login.go b/pkg/webui/login.go
index 3bf3c03..a1925a9 100644
--- a/pkg/webui/login.go
+++ b/pkg/webui/login.go
@@ -86,7 +86,7 @@ func handleLoginPOST(db *database.DB) http.Handler {
 			Value:    sessionId,
 			Quoted:   false,
 			Path:     "/",
-			MaxAge:   8 * 3600, // 1 hour sessions
+			MaxAge:   12 * 3600, // 12 hours sessions
 			HttpOnly: true,
 			SameSite: http.SameSiteStrictMode,
 			Secure:   true,
diff --git a/pkg/webui/sessions.go b/pkg/webui/sessions.go
index 5a44ab7..73fc48f 100644
--- a/pkg/webui/sessions.go
+++ b/pkg/webui/sessions.go
@@ -31,7 +31,12 @@ func sessionsMiddleware(db *database.DB) func(http.Handler) http.Handler {
 					}
 					if session == nil {
 						unsetSesssionCookie(w)
-					} else if !session.IsExpired() {
+					} else if session.IsExpired() {
+						unsetSesssionCookie(w)
+						if err := db.DeleteSession(session); err != nil {
+							errorResponse(w, r, http.StatusInternalServerError, err)
+						}
+					} else {
 						if err := db.TouchSession(cookie.Value); err != nil {
 							errorResponse(w, r, http.StatusInternalServerError, err)
 							return