SynLotto/website
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects 5 Releases Wiki Activity

Implement a stronger, reusable session timeout

Browse Source
This commit is contained in:
Ross Healy
2025-04-16 10:32:34 +01:00
parent f7e9fe7794
commit 7f91771166
4 changed files with 61 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
constants/session.go Normal file
View File

@@ -0,0 +1,5 @@
package constants
import "time"
const SessionDuration = 30 * time.Minute

9
middleware/auth.go
View File

@@ -4,11 +4,10 @@ import (
"net/http" "net/http"
"time" "time"
"synlotto-website/constants"
"synlotto-website/helpers" "synlotto-website/helpers"
) )
const SessionTimeout = 30 * time.Minute
func Auth(required bool) func(http.HandlerFunc) http.HandlerFunc { func Auth(required bool) func(http.HandlerFunc) http.HandlerFunc {
return func(next http.HandlerFunc) http.HandlerFunc { return func(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
@@ -23,7 +22,7 @@ func Auth(required bool) func(http.HandlerFunc) http.HandlerFunc {
if ok { if ok {
last, hasLast := session.Values["last_activity"].(time.Time) last, hasLast := session.Values["last_activity"].(time.Time)
if hasLast && time.Since(last) > SessionTimeout { if hasLast && time.Since(last) > constants.SessionDuration {
session.Options.MaxAge = -1 session.Options.MaxAge = -1
session.Save(r, w) session.Save(r, w)
@@ -43,3 +42,7 @@ func Auth(required bool) func(http.HandlerFunc) http.HandlerFunc {
} }
} }
} }
func Protected(h http.HandlerFunc) http.HandlerFunc {
return Auth(true)(SessionTimeout(h))
}

40
middleware/sessiontimeout.go Normal file
View File

@@ -0,0 +1,40 @@
package middleware
import (
"log"
"net/http"
"time"
session "synlotto-website/handlers/session"
"synlotto-website/constants"
)
func SessionTimeout(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
sess, err := session.GetSession(w, r)
if err != nil {
http.Redirect(w, r, "/account/login", http.StatusSeeOther)
return
}
last, ok := sess.Values["last_activity"].(time.Time)
if !ok || time.Since(last) > constants.SessionDuration {
sess.Options.MaxAge = -1
_ = sess.Save(r, w)
newSession, _ := session.GetSession(w, r)
newSession.Values["flash"] = "Your session has timed out."
_ = newSession.Save(r, w)
log.Printf("Session timeout triggered")
http.Redirect(w, r, "/account/login", http.StatusSeeOther)
return
}
sess.Values["last_activity"] = time.Now().UTC()
_ = sess.Save(r, w)
next(w, r)
}
}

20
routes/accountroutes.go
View File

@@ -9,17 +9,17 @@ import (
) )
func SetupAccountRoutes(mux *http.ServeMux, db *sql.DB) { func SetupAccountRoutes(mux *http.ServeMux, db *sql.DB) {
mux.HandleFunc("/login", middleware.Auth(false)(handlers.Login)) mux.HandleFunc("/login", middleware.Protected(handlers.Login))
mux.HandleFunc("/logout", handlers.Logout) mux.HandleFunc("/logout", handlers.Logout)
mux.HandleFunc("/signup", middleware.Auth(false)(handlers.Signup)) mux.HandleFunc("/signup", middleware.Protected(handlers.Signup))
mux.HandleFunc("/account/tickets/add_ticket", handlers.AddTicket(db)) mux.HandleFunc("/account/tickets/add_ticket", handlers.AddTicket(db))
mux.HandleFunc("/account/tickets/my_tickets", handlers.GetMyTickets(db)) mux.HandleFunc("/account/tickets/my_tickets", handlers.GetMyTickets(db))
mux.HandleFunc("/account/messages", middleware.Auth(true)(handlers.MessagesInboxHandler(db))) mux.HandleFunc("/account/messages", middleware.Protected(handlers.MessagesInboxHandler(db)))
mux.HandleFunc("/account/messages/read", middleware.Auth(true)(handlers.ReadMessageHandler(db))) mux.HandleFunc("/account/messages/read", middleware.Protected(handlers.ReadMessageHandler(db)))
mux.HandleFunc("/account/messages/archive", middleware.Auth(true)(handlers.ArchiveMessageHandler(db))) mux.HandleFunc("/account/messages/archive", middleware.Protected(handlers.ArchiveMessageHandler(db)))
mux.HandleFunc("/account/messages/archived", middleware.Auth(true)(handlers.ArchivedMessagesHandler(db))) mux.HandleFunc("/account/messages/archived", middleware.Protected(handlers.ArchivedMessagesHandler(db)))
mux.HandleFunc("/account/messages/restore", middleware.Auth(true)(handlers.RestoreMessageHandler(db))) mux.HandleFunc("/account/messages/restore", middleware.Protected(handlers.RestoreMessageHandler(db)))
mux.HandleFunc("/account/messages/send", middleware.Auth(true)(handlers.SendMessageHandler(db))) mux.HandleFunc("/account/messages/send", middleware.Protected(handlers.SendMessageHandler(db)))
mux.HandleFunc("/account/notifications", middleware.Auth(true)(handlers.NotificationsHandler(db))) mux.HandleFunc("/account/notifications", middleware.Protected(handlers.NotificationsHandler(db)))
mux.HandleFunc("/account/notifications/read", middleware.Auth(true)(handlers.MarkNotificationReadHandler(db))) mux.HandleFunc("/account/notifications/read", middleware.Protected(handlers.MarkNotificationReadHandler(db)))
} }