1
0
mirror of https://github.com/aclindsa/moneygo.git synced 2024-12-26 23:42:29 -05:00

Add expiration and creation times to sessions

Check expiration time when fetching sessions from cookies
This commit is contained in:
Aaron Lindsay 2017-11-18 21:19:30 -05:00
parent 216d413c15
commit ac5826daca

View File

@ -16,6 +16,8 @@ type Session struct {
SessionId int64 SessionId int64
SessionSecret string `json:"-"` SessionSecret string `json:"-"`
UserId int64 UserId int64
Created time.Time
Expires time.Time
} }
func (s *Session) Write(w http.ResponseWriter) error { func (s *Session) Write(w http.ResponseWriter) error {
@ -41,6 +43,11 @@ func GetSession(tx *Tx, r *http.Request) (*Session, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
if s.Expires.Before(time.Now()) {
tx.Delete(&s)
return nil, fmt.Errorf("Session has expired")
}
return &s, nil return &s, nil
} }
@ -86,7 +93,7 @@ func NewSession(tx *Tx, r *http.Request, userid int64) (*NewSessionWriter, error
return nil, err return nil, err
} }
if existing > 0 { if existing > 0 {
return nil, fmt.Errorf("%d session(s) exist with the generated session_secret") return nil, fmt.Errorf("%d session(s) exist with the generated session_secret", existing)
} }
cookie := http.Cookie{ cookie := http.Cookie{
@ -101,6 +108,8 @@ func NewSession(tx *Tx, r *http.Request, userid int64) (*NewSessionWriter, error
s.SessionSecret = session_secret s.SessionSecret = session_secret
s.UserId = userid s.UserId = userid
s.Created = time.Now()
s.Expires = cookie.Expires
err = tx.Insert(&s) err = tx.Insert(&s)
if err != nil { if err != nil {