SynLotto/website
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects 5 Releases Wiki Activity

Add additional columns to aufit_login for session tokens. fixed requireAuth for loading of some pages as requireauth was threating a valid session as not logged in.

Browse Source
This commit is contained in:
Ross Healy
2025-10-28 22:22:17 +00:00
parent e1fa6c502e
commit aec8022439
5 changed files with 78 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/http/middleware/auth.go
View File

@@ -21,6 +21,7 @@ func AuthMiddleware() gin.HandlerFunc {
if v := sm.Get(ctx, sessionkeys.LastActivity); v != nil {
if last, ok := v.(time.Time); ok && time.Since(last) > sm.Lifetime {
// don't destroy here; just rotate and bounce to login with a flash
_ = sm.RenewToken(ctx)
sm.Put(ctx, sessionkeys.Flash, "Your session has timed out.")
c.Redirect(http.StatusSeeOther, "/account/login")
@@ -29,7 +30,10 @@ func AuthMiddleware() gin.HandlerFunc {
}
}
sm.Put(ctx, sessionkeys.LastActivity, time.Now().UTC())
// if logged in, update last activity
if sm.Exists(ctx, sessionkeys.UserID) {
sm.Put(ctx, sessionkeys.LastActivity, time.Now().UTC())
}
c.Next()
}
}
@@ -66,8 +70,7 @@ func RememberMiddleware(app *bootstrap.App) gin.HandlerFunc {
}
if sessionHelper.HashVerifier(verifier) != hash {
// Tampered token revoke for safety.
_ = sessionHelper.RevokeToken(app.DB, selector)
_ = sessionHelper.RevokeToken(app.DB, selector) // tampered
c.Next()
return
}
@@ -76,6 +79,9 @@ func RememberMiddleware(app *bootstrap.App) gin.HandlerFunc {
_ = sm.RenewToken(ctx)
sm.Put(ctx, sessionkeys.UserID, userID)
sm.Put(ctx, sessionkeys.LastActivity, time.Now().UTC())
// (Optional) if you can look up username/is_admin here, also set:
// sm.Put(ctx, sessionkeys.Username, uname)
// sm.Put(ctx, sessionkeys.IsAdmin, isAdmin)
c.Next()
}
@@ -86,8 +92,10 @@ func RequireAuth() gin.HandlerFunc {
return func(c *gin.Context) {
app := c.MustGet("app").(*bootstrap.App)
sm := app.SessionManager
ctx := c.Request.Context()
if sm.GetInt(c.Request.Context(), sessionkeys.UserID) == 0 {
// ✅ Use Exists to be robust to int vs int64 storage
if !sm.Exists(ctx, sessionkeys.UserID) {
c.Redirect(http.StatusSeeOther, "/account/login")
c.Abort()
return