Add additional columns to aufit_login for session tokens. fixed requireAuth for loading of some pages as requireauth was threating a valid session as not logged in.
This commit is contained in:
@@ -12,6 +12,7 @@ import (
|
||||
"synlotto-website/internal/logging"
|
||||
"synlotto-website/internal/models"
|
||||
"synlotto-website/internal/platform/bootstrap"
|
||||
"synlotto-website/internal/platform/sessionkeys"
|
||||
auditlogStorage "synlotto-website/internal/storage/auditlog"
|
||||
usersStorage "synlotto-website/internal/storage/users"
|
||||
)
|
||||
@@ -74,6 +75,8 @@ func LoginPost(c *gin.Context) {
|
||||
_ = sm.RenewToken(r.Context())
|
||||
|
||||
sm.Put(r.Context(), "user_id", user.Id)
|
||||
sm.Put(r.Context(), sessionkeys.Username, user.Username)
|
||||
sm.Put(r.Context(), sessionkeys.IsAdmin, user.IsAdmin)
|
||||
sm.Put(r.Context(), "last_activity", time.Now().UTC())
|
||||
sm.Put(r.Context(), "flash", "Welcome back, "+user.Username+"!")
|
||||
|
||||
|
||||
@@ -6,37 +6,78 @@ import (
|
||||
"os"
|
||||
|
||||
templateHelpers "synlotto-website/internal/helpers/template"
|
||||
|
||||
"synlotto-website/internal/models"
|
||||
"synlotto-website/internal/platform/sessionkeys"
|
||||
|
||||
"github.com/alexedwards/scs/v2"
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
// RenderStatus renders web/templates/error/<status>.html inside layout.html.
|
||||
// RenderStatus renders web/templates/error/<status>.html inside layout.html,
|
||||
// using ONLY session data (no DB) so 404/500 pages don't crash and still
|
||||
// look "logged in" when a session exists.
|
||||
func RenderStatus(c *gin.Context, sessions *scs.SessionManager, status int) {
|
||||
// Base context
|
||||
ctx := templateHelpers.TemplateContext(c.Writer, c.Request, models.TemplateData{})
|
||||
// Synthesize minimal TemplateData from session only
|
||||
var data models.TemplateData
|
||||
|
||||
// Flash (SCS)
|
||||
if f := sessions.PopString(c.Request.Context(), "flash"); f != "" {
|
||||
ctx["Flash"] = f
|
||||
ctx := c.Request.Context()
|
||||
|
||||
// Read minimal user snapshot from session
|
||||
var uid int64
|
||||
if v := sessions.Get(ctx, sessionkeys.UserID); v != nil {
|
||||
switch t := v.(type) {
|
||||
case int64:
|
||||
uid = t
|
||||
case int:
|
||||
uid = int64(t)
|
||||
}
|
||||
}
|
||||
if uid > 0 {
|
||||
// username and is_admin are optional but make navbar correct
|
||||
var uname string
|
||||
if v := sessions.Get(ctx, sessionkeys.Username); v != nil {
|
||||
if s, ok := v.(string); ok {
|
||||
uname = s
|
||||
}
|
||||
}
|
||||
var isAdmin bool
|
||||
if v := sessions.Get(ctx, sessionkeys.IsAdmin); v != nil {
|
||||
if b, ok := v.(bool); ok {
|
||||
isAdmin = b
|
||||
}
|
||||
}
|
||||
|
||||
// Use your finalized paths
|
||||
// Build a lightweight user; avoids DB lookups in error paths
|
||||
data.User = &models.User{
|
||||
Id: uid,
|
||||
Username: uname,
|
||||
IsAdmin: isAdmin,
|
||||
}
|
||||
data.IsAdmin = isAdmin
|
||||
}
|
||||
|
||||
// Turn into the template context map (adds site meta, funcs, etc.)
|
||||
ctxMap := templateHelpers.TemplateContext(c.Writer, c.Request, data)
|
||||
|
||||
// Flash (SCS)
|
||||
if f := sessions.PopString(ctx, sessionkeys.Flash); f != "" {
|
||||
ctxMap["Flash"] = f
|
||||
}
|
||||
|
||||
// Template paths (layout-first)
|
||||
pagePath := fmt.Sprintf("web/templates/error/%d.html", status)
|
||||
if _, err := os.Stat(pagePath); err != nil {
|
||||
c.String(status, http.StatusText(status))
|
||||
return
|
||||
}
|
||||
|
||||
// Keep your "layout first" load order
|
||||
tmpl := templateHelpers.LoadTemplateFiles(
|
||||
"web/templates/layout.html",
|
||||
pagePath,
|
||||
)
|
||||
|
||||
c.Status(status)
|
||||
if err := tmpl.ExecuteTemplate(c.Writer, "layout", ctx); err != nil {
|
||||
if err := tmpl.ExecuteTemplate(c.Writer, "layout", ctxMap); err != nil {
|
||||
c.String(status, http.StatusText(status))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,6 +21,7 @@ func AuthMiddleware() gin.HandlerFunc {
|
||||
|
||||
if v := sm.Get(ctx, sessionkeys.LastActivity); v != nil {
|
||||
if last, ok := v.(time.Time); ok && time.Since(last) > sm.Lifetime {
|
||||
// don't destroy here; just rotate and bounce to login with a flash
|
||||
_ = sm.RenewToken(ctx)
|
||||
sm.Put(ctx, sessionkeys.Flash, "Your session has timed out.")
|
||||
c.Redirect(http.StatusSeeOther, "/account/login")
|
||||
@@ -29,7 +30,10 @@ func AuthMiddleware() gin.HandlerFunc {
|
||||
}
|
||||
}
|
||||
|
||||
// if logged in, update last activity
|
||||
if sm.Exists(ctx, sessionkeys.UserID) {
|
||||
sm.Put(ctx, sessionkeys.LastActivity, time.Now().UTC())
|
||||
}
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
@@ -66,8 +70,7 @@ func RememberMiddleware(app *bootstrap.App) gin.HandlerFunc {
|
||||
}
|
||||
|
||||
if sessionHelper.HashVerifier(verifier) != hash {
|
||||
// Tampered token – revoke for safety.
|
||||
_ = sessionHelper.RevokeToken(app.DB, selector)
|
||||
_ = sessionHelper.RevokeToken(app.DB, selector) // tampered
|
||||
c.Next()
|
||||
return
|
||||
}
|
||||
@@ -76,6 +79,9 @@ func RememberMiddleware(app *bootstrap.App) gin.HandlerFunc {
|
||||
_ = sm.RenewToken(ctx)
|
||||
sm.Put(ctx, sessionkeys.UserID, userID)
|
||||
sm.Put(ctx, sessionkeys.LastActivity, time.Now().UTC())
|
||||
// (Optional) if you can look up username/is_admin here, also set:
|
||||
// sm.Put(ctx, sessionkeys.Username, uname)
|
||||
// sm.Put(ctx, sessionkeys.IsAdmin, isAdmin)
|
||||
|
||||
c.Next()
|
||||
}
|
||||
@@ -86,8 +92,10 @@ func RequireAuth() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
app := c.MustGet("app").(*bootstrap.App)
|
||||
sm := app.SessionManager
|
||||
ctx := c.Request.Context()
|
||||
|
||||
if sm.GetInt(c.Request.Context(), sessionkeys.UserID) == 0 {
|
||||
// ✅ Use Exists to be robust to int vs int64 storage
|
||||
if !sm.Exists(ctx, sessionkeys.UserID) {
|
||||
c.Redirect(http.StatusSeeOther, "/account/login")
|
||||
c.Abort()
|
||||
return
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
package sessionkeys
|
||||
|
||||
//ToDo: Is this just putting in "user_id" rather than the users ID?
|
||||
const (
|
||||
UserID = "user_id"
|
||||
Username = "username"
|
||||
IsAdmin = "is_admin"
|
||||
LastActivity = "last_activity"
|
||||
Flash = "flash"
|
||||
)
|
||||
|
||||
@@ -217,14 +217,17 @@ CREATE TABLE IF NOT EXISTS audit_log (
|
||||
ON UPDATE CASCADE ON DELETE SET NULL
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
||||
|
||||
-- AUDIT LOGIN (new)
|
||||
CREATE TABLE IF NOT EXISTS audit_login (
|
||||
id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
|
||||
username VARCHAR(191),
|
||||
success TINYINT(1),
|
||||
ip VARCHAR(64),
|
||||
user_id BIGINT UNSIGNED NULL,
|
||||
username VARCHAR(191) NOT NULL,
|
||||
success TINYINT(1) NOT NULL,
|
||||
ip VARCHAR(64) NOT NULL,
|
||||
user_agent VARCHAR(255),
|
||||
timestamp DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
|
||||
timestamp DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
KEY idx_audit_login_user_id (user_id),
|
||||
CONSTRAINT fk_audit_login_user
|
||||
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
||||
|
||||
-- SYNDICATES
|
||||
|
||||
Reference in New Issue
Block a user