SynLotto/website
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects 5 Releases Wiki Activity

Implement a stronger, reusable session timeout

Browse Source
This commit is contained in:
Ross Healy
2025-04-16 10:32:34 +01:00
parent f7e9fe7794
commit 7f91771166
4 changed files with 61 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
middleware/auth.go
View File

@@ -4,11 +4,10 @@ import (
"net/http"
"time"
"synlotto-website/constants"
"synlotto-website/helpers"
)
const SessionTimeout = 30 * time.Minute
func Auth(required bool) func(http.HandlerFunc) http.HandlerFunc {
return func(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
@@ -23,7 +22,7 @@ func Auth(required bool) func(http.HandlerFunc) http.HandlerFunc {
if ok {
last, hasLast := session.Values["last_activity"].(time.Time)
if hasLast && time.Since(last) > SessionTimeout {
if hasLast && time.Since(last) > constants.SessionDuration {
session.Options.MaxAge = -1
session.Save(r, w)
@@ -43,3 +42,7 @@ func Auth(required bool) func(http.HandlerFunc) http.HandlerFunc {
}
}
}
func Protected(h http.HandlerFunc) http.HandlerFunc {
return Auth(true)(SessionTimeout(h))
}