From c56ba425c7e327ba2bc0587b6b5faaee16e08f1b Mon Sep 17 00:00:00 2001 From: adro Date: Wed, 23 Feb 2022 13:34:52 +0100 Subject: [PATCH] Session refresh, shorter default ttl - Session cookies also no longer expire on the client --- config/config.go | 2 +- example/config.toml | 2 +- web/auth.go | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/config/config.go b/config/config.go index e179641..580b99e 100644 --- a/config/config.go +++ b/config/config.go @@ -27,7 +27,7 @@ var configPath string func init() { Config = config{ Server: ":8080", - SessionTTL: 1440, + SessionTTL: 10, } // Locations to look for a config file for diff --git a/example/config.toml b/example/config.toml index 779ab5b..f388eca 100644 --- a/example/config.toml +++ b/example/config.toml @@ -1,6 +1,6 @@ Server = ":8080" # The address the webserver should bind to PassHash = "$2a$10$I.26oCzkjZ8qwfhbmeYM3.kppBjxtPsxkeE1Y.ULjVvA1IBPcQP42" # "password" -SessionTTL = 60 # How many minutes sessions last for +SessionTTL = 10 # How many minutes sessions last for [[Devices]] Alias = "SomeDevice" diff --git a/web/auth.go b/web/auth.go index 91500ac..e11fd3d 100644 --- a/web/auth.go +++ b/web/auth.go @@ -37,9 +37,12 @@ func checkAuth(token string) error { func withAuth(handler echo.HandlerFunc) echo.HandlerFunc { return func(c echo.Context) error { session, err := c.Cookie("session") + // Redirect to login if session expired/invalid if err != nil || checkAuth(session.Value) != nil { return c.Redirect(http.StatusSeeOther, "/") } + // Refresh session + sessions[session.Value] = time.Now().Add(time.Second * time.Duration(config.Config.SessionTTL*60)) return handler(c) } } @@ -59,7 +62,6 @@ func auth(c echo.Context) error { Secure: true, HttpOnly: true, SameSite: http.SameSiteStrictMode, - Expires: sessions[token], }) return c.Redirect(http.StatusSeeOther, "/") }