validate user in session (#32)

2025-08-25 14:31:14 +00:00 · 2021-07-30 13:56:21 +02:00
parent fbc0b26631
commit 57b57931b2
2 changed files with 15 additions and 0 deletions
--- a/internal/server/handlers_common.go
+++ b/internal/server/handlers_common.go
@@ -192,3 +192,10 @@ func (s *Server) setFormInSession(c *gin.Context, formData interface{}) (Session

 	return currentSession, nil
 }
+
+func (s *Server) isUserStillValid(email string) bool {
+	if s.users.GetUser(email) == nil {
+		return false
+	}
+	return true
+}
--- a/internal/server/routes.go
+++ b/internal/server/routes.go
@@ -141,6 +141,14 @@ func (s *Server) RequireAuthentication(scope string) gin.HandlerFunc {
 			return
 		}

+		// Check if logged-in user is still valid
+		if !s.isUserStillValid(session.Email) {
+			_ = DestroySessionData(c)
+			c.Abort()
+			s.GetHandleError(c, http.StatusUnauthorized, "unauthorized", "session no longer available")
+			return
+		}
+
 		// Continue down the chain to handler etc
 		c.Next()
 	}