mirror of
https://github.com/ngoduykhanh/wireguard-ui.git
synced 2025-07-26 20:00:27 +03:00
Added SESSION_MAX_DURATION param
Added created_at field to the session
This commit is contained in:
0xCA
parent
9f527d18ac
commit
a4d17ac489
5 changed files with 46 additions and 21 deletions
|
|
@ -110,12 +110,14 @@ func Login(db store.IStore) echo.HandlerFunc {
|
|||
|
||||
// set session_token
|
||||
tokenUID := xid.New().String()
|
||||
now := time.Now().UTC().Unix()
|
||||
sess.Values["username"] = dbuser.Username
|
||||
sess.Values["user_hash"] = util.GetDBUserCRC32(dbuser)
|
||||
sess.Values["admin"] = dbuser.Admin
|
||||
sess.Values["session_token"] = tokenUID
|
||||
sess.Values["max_age"] = ageMax
|
||||
sess.Values["updated_at"] = time.Now().UTC().Unix()
|
||||
sess.Values["created_at"] = now
|
||||
sess.Values["updated_at"] = now
|
||||
sess.Save(c.Request(), c.Response())
|
||||
|
||||
// set session_token in cookie
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ func isValidSession(c echo.Context) bool {
|
|||
}
|
||||
|
||||
// Check time bounds
|
||||
createdAt := getCreatedAt(sess)
|
||||
updatedAt := getUpdatedAt(sess)
|
||||
maxAge := getMaxAge(sess)
|
||||
// Temporary session is considered valid within 24h if browser is not closed before
|
||||
|
|
@ -62,7 +63,7 @@ func isValidSession(c echo.Context) bool {
|
|||
}
|
||||
expiration := updatedAt + int64(maxAge)
|
||||
now := time.Now().UTC().Unix()
|
||||
if updatedAt > now || expiration < now {
|
||||
if updatedAt > now || expiration < now || createdAt+util.SessionMaxDuration < now {
|
||||
return false
|
||||
}
|
||||
|
||||
|
|
@ -96,10 +97,11 @@ func doRefreshSession(c echo.Context) {
|
|||
}
|
||||
|
||||
// Refresh no sooner than 24h
|
||||
createdAt := getCreatedAt(sess)
|
||||
updatedAt := getUpdatedAt(sess)
|
||||
expiration := updatedAt + int64(getMaxAge(sess))
|
||||
now := time.Now().UTC().Unix()
|
||||
if expiration < now || now-updatedAt < 86400 {
|
||||
if updatedAt > now || expiration < now || now-updatedAt < 86_400 || createdAt+util.SessionMaxDuration < now {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -140,6 +142,22 @@ func getMaxAge(sess *sessions.Session) int {
|
|||
}
|
||||
}
|
||||
|
||||
// Get a timestamp in seconds of the time the session was created
|
||||
func getCreatedAt(sess *sessions.Session) int64 {
|
||||
if util.DisableLogin {
|
||||
return 0
|
||||
}
|
||||
|
||||
createdAt := sess.Values["created_at"]
|
||||
|
||||
switch typedCreatedAt := createdAt.(type) {
|
||||
case int64:
|
||||
return typedCreatedAt
|
||||
default:
|
||||
return 0
|
||||
}
|
||||
}
|
||||
|
||||
// Get a timestamp in seconds of the last session update
|
||||
func getUpdatedAt(sess *sessions.Session) int64 {
|
||||
if util.DisableLogin {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue