adyxax/tfstated
1
0
Fork 0
Code Issues 38 Pull requests Releases Packages Activity Actions

feat(webui): add sessions expiration
All checks were successful
main / main (push) Successful in 2m42s
Details
main / deploy (push) Has been skipped
Details
main / publish (push) Has been skipped
Details

Browse source 
Closes #28
This commit is contained in:
Julien Dessaux 2025-04-18 23:26:38 +02:00
parent d40595cacb
commit a8ec6bd793
Signed by: adyxax
GPG key ID: F92E51B86E07177E
3 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkg/model/session.go
View file

@ -17,6 +17,6 @@ type Session struct {
} }
func (session *Session) IsExpired() bool { func (session *Session) IsExpired() bool {
// TODO expires := session.Created.Add(12 * time.Hour) // 12 hours sessions
return false return time.Now().After(expires)
} }

2
pkg/webui/login.go
View file

@ -86,7 +86,7 @@ func handleLoginPOST(db *database.DB) http.Handler {
Value: sessionId, Value: sessionId,
Quoted: false, Quoted: false,
Path: "/", Path: "/",
MaxAge: 8 * 3600, // 1 hour sessions MaxAge: 12 * 3600, // 12 hours sessions
HttpOnly: true, HttpOnly: true,
SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteStrictMode,
Secure: true, Secure: true,

7
pkg/webui/sessions.go
View file

@ -31,7 +31,12 @@ func sessionsMiddleware(db *database.DB) func(http.Handler) http.Handler {
} }
if session == nil { if session == nil {
unsetSesssionCookie(w) unsetSesssionCookie(w)
} else if !session.IsExpired() { } else if session.IsExpired() {
unsetSesssionCookie(w)
if err := db.DeleteSession(session); err != nil {
errorResponse(w, r, http.StatusInternalServerError, err)
}
} else {
if err := db.TouchSession(cookie.Value); err != nil { if err := db.TouchSession(cookie.Value); err != nil {
errorResponse(w, r, http.StatusInternalServerError, err) errorResponse(w, r, http.StatusInternalServerError, err)
return return