Mirrors/wg-portal
1
0
Fork 0
mirror of https://github.com/h44z/wg-portal.git synced 2025-09-15 07:11:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: fix session handling (remove IdleTimeout)

Browse Source
This commit is contained in:
Christoph Haas
2025-03-30 23:14:49 +02:00
parent 3723e4cc75
commit 87bf5da5bd
6 changed files with 33 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/app/api/v0/handlers/base.go
View File

@@ -57,9 +57,11 @@ func NewRestApi(
return func() (core.ApiVersion, core.GroupSetupFn) {
return "v0", func(group *routegroup.Bundle) {
csrfMiddleware := csrf.New(func(r *http.Request) string {
return session.GetString(r.Context(), "csrf_token")
return session.GetData(r.Context()).CsrfToken
}, func(r *http.Request, token string) {
session.Put(r.Context(), "csrf_token", token)
currentSession := session.GetData(r.Context())
currentSession.CsrfToken = token
session.SetData(r.Context(), currentSession)
})
group.Use(session.LoadAndSave)

9
internal/app/api/v0/handlers/endpoint_authentication.go
View File

@@ -295,6 +295,9 @@ func (e AuthEndpoint) handleOauthCallbackGet() http.HandlerFunc {
}
func (e AuthEndpoint) setAuthenticatedUser(r *http.Request, user *domain.User) {
// start a fresh session
e.session.DestroyData(r.Context())
currentSession := e.session.GetData(r.Context())
currentSession.LoggedIn = true
@@ -358,12 +361,12 @@ func (e AuthEndpoint) handleLoginPost() http.HandlerFunc {
// handleLogoutPost returns a gorm Handler function.
//
// @ID auth_handleLogoutGet
// @ID auth_handleLogoutPost
// @Tags Authentication
// @Summary Get all available external login providers.
// @Produce json
// @Success 200 {object} []model.LoginProviderInfo
// @Router /auth/logout [get]
// @Success 200 {object} model.Error
// @Router /auth/logout [post]
func (e AuthEndpoint) handleLogoutPost() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
currentSession := e.session.GetData(r.Context())

1
internal/app/api/v0/handlers/web_session.go
View File

@@ -43,7 +43,6 @@ type SessionWrapper struct {
func NewSessionWrapper(cfg *config.Config) *SessionWrapper {
sessionManager := scs.New()
sessionManager.Lifetime = 24 * time.Hour
sessionManager.IdleTimeout = 1 * time.Hour
sessionManager.Cookie.Name = cfg.Web.SessionIdentifier
sessionManager.Cookie.Secure = strings.HasPrefix(cfg.Web.ExternalUrl, "https")
sessionManager.Cookie.HttpOnly = true