Further session protections and fixes

Use MaxAge instead of Expires Verify if the cookie is not too old and not from the future Verify if the user exists and unchanged Refresh not sooner than 24h Do not refresh temporary sessions Delete cookies on logout
2025-06-07 00:46:58 +03:00 · 2023-12-28 16:20:13 +05:00 · 2023-12-28 16:20:13 +05:00 · bee5c54127
commit bee5c54127
parent 91427427f2
5 changed files with 156 additions and 7 deletions
--- a/store/jsondb/jsondb.go
+++ b/store/jsondb/jsondb.go
@ -163,6 +163,14 @@ func (o *JsonDB) Init() error {
 	}

 	// init cache
+	for _, i := range results {
+		user := model.User{}
+
+		if err := json.Unmarshal([]byte(i), &user); err == nil {
+			util.DBUsersToCRC32[user.Username] = util.GetDBUserCRC32(user)
+		}
+	}
+
 	clients, err := o.GetClients(false)
 	if err != nil {
 		return nil
@ -217,11 +225,13 @@ func (o *JsonDB) SaveUser(user model.User) error {
 	if err != nil {
 		return err
 	}
+	util.DBUsersToCRC32[user.Username] = util.GetDBUserCRC32(user)
 	return output
 }

 // DeleteUser func to remove user from the database
 func (o *JsonDB) DeleteUser(username string) error {
+	delete(util.DBUsersToCRC32, username)
 	return o.conn.Delete("users", username)
 }