From c483d909f9caa6a6c9f9f169a0677f940d4c8402 Mon Sep 17 00:00:00 2001
From: Julien Dessaux <julien.dessaux@adyxax.org>
Date: Sat, 19 Apr 2025 00:00:16 +0200
Subject: [PATCH] chore(webui): clear all expired sessions on each user account
 login

Closes #34
---
 pkg/database/sessions.go | 8 ++++++++
 pkg/webui/login.go       | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/pkg/database/sessions.go b/pkg/database/sessions.go
index 43f9d50..d02f440 100644
--- a/pkg/database/sessions.go
+++ b/pkg/database/sessions.go
@@ -27,6 +27,14 @@ func (db *DB) CreateSession(account *model.Account) (string, error) {
 	return sessionId.String(), nil
 }
 
+func (db *DB) DeleteExpiredSessions() error {
+	_, err := db.Exec(`DELETE FROM sessions WHERE created < ?`, time.Now().Unix())
+	if err != nil {
+		return fmt.Errorf("failed to delete expired session: %w", err)
+	}
+	return nil
+}
+
 func (db *DB) DeleteSession(session *model.Session) error {
 	_, err := db.Exec(`DELETE FROM sessions WHERE id = ?`, session.Id)
 	if err != nil {
diff --git a/pkg/webui/login.go b/pkg/webui/login.go
index a1925a9..c5b1572 100644
--- a/pkg/webui/login.go
+++ b/pkg/webui/login.go
@@ -91,6 +91,9 @@ func handleLoginPOST(db *database.DB) http.Handler {
 			SameSite: http.SameSiteStrictMode,
 			Secure:   true,
 		})
+		if err := db.DeleteExpiredSessions(); err != nil {
+			slog.Error("failed to delete expired sessions after user login", "err", err, "accountId", account.Id)
+		}
 		http.Redirect(w, r, "/", http.StatusFound)
 	})
 }