SynLotto/website
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects 5 Releases Wiki Activity
Files
776ea53a666cd78c6c966518f04561513c52bfe1
website/internal/platform/session/session.go
H3ALY 244b882f11 Code documentation
2025-10-29 08:36:10 +00:00

68 lines
2.2 KiB
Go
Raw Blame History

// Package session
// Path: /internal/platform/session
// File: session.go
//
// Purpose
// Initialize and configure the SCS (Server-Side Sessions) session manager
// based on application configuration. Controls session lifetime, idle timeout,
// cookie policy, and security posture.
//
// Responsibilities (as implemented here)
// 1) Create SCS session manager used globally via bootstrap.
// 2) Parse session lifetime + idle timeout from configuration.
// 3) Apply secure cookie settings (HttpOnly, SameSite, Secure if production).
// 4) Provide sensible defaults if configuration is invalid.
//
// Design notes
// - SCS stores session data server-side (DB, file, mem, etc. — backend not set here).
// - Cookie lifespan is enforced server-side (not just client expiry).
// - Secure flag toggled via cfg.HttpServer.ProductionMode.
// - Defaults keep application functional even if config is incomplete.
//
// TODOs (observations from current implementation)
// - Add structured validation + error logging for invalid duration strings.
// - Move secure cookie flag to config for more granular environment control.
// - Consider enabling:
// • Cookie.Persist (for "keep me logged in" flows)
// • Cookie.SameSite = StrictMode by default
// - Potentially expose SCS store configuration here (DB-backed sessions).
//
// Change log
// [2025-10-29] Documentation aligned with final session architecture.
package session
import (
"net/http"
"time"
"synlotto-website/internal/platform/config"
"github.com/alexedwards/scs/v2"
)
// New constructs a new SCS SessionManager using values from Config,
// falling back to secure defaults if configuration is missing/invalid.
func New(cfg config.Config) *scs.SessionManager {
s := scs.New()
// Lifetime (absolute max age)
if d, err := time.ParseDuration(cfg.Session.Lifetime); err == nil && d > 0 {
s.Lifetime = d
} else {
s.Lifetime = 12 * time.Hour
}
// Idle timeout (expire after inactivity)
if d, err := time.ParseDuration(cfg.Session.IdleTimeout); err == nil && d > 0 {
s.IdleTimeout = d
}
s.Cookie.Name = cfg.Session.CookieName
s.Cookie.HttpOnly = true
s.Cookie.SameSite = http.SameSiteLaxMode
s.Cookie.Secure = cfg.HttpServer.ProductionMode
return s
}
Reference in New Issue View Git Blame Copy Permalink