feat(security): #328 delete old sessions change password [tbs]
Some checks failed
Build Docker Image / Build-Docker-Image (push) Failing after 40s
Some checks failed
Build Docker Image / Build-Docker-Image (push) Failing after 40s
This commit is contained in:
19
db/auth.go
19
db/auth.go
@@ -101,6 +101,7 @@ type Auth interface {
|
||||
InsertSession(session *Session) error
|
||||
GetSession(sessionId string) (*Session, error)
|
||||
DeleteSession(sessionId string) error
|
||||
DeleteOtherSessions(userId uuid.UUID, sessionId string) error
|
||||
DeleteOldSessions(userId uuid.UUID) error
|
||||
}
|
||||
|
||||
@@ -416,9 +417,23 @@ func (db AuthSqlite) GetSession(sessionId string) (*Session, error) {
|
||||
return NewSession(sessionId, userId, createdAt, expiresAt), nil
|
||||
}
|
||||
|
||||
func (db AuthSqlite) DeleteOtherSessions(userId uuid.UUID, sessionId string) error {
|
||||
_, err := db.db.Exec(`
|
||||
DELETE FROM session
|
||||
WHERE session_id != ?
|
||||
AND user_id = ?`, sessionId, userId)
|
||||
if err != nil {
|
||||
log.Error("Could not delete other active sessions: %v", err)
|
||||
return types.ErrInternal
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db AuthSqlite) DeleteOldSessions(userId uuid.UUID) error {
|
||||
// Delete old inactive sessions
|
||||
_, err := db.db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_id = ?", userId)
|
||||
_, err := db.db.Exec(`
|
||||
DELETE FROM session
|
||||
WHERE expires_at < datetime('now')
|
||||
AND user_id = ?`, userId)
|
||||
if err != nil {
|
||||
log.Error("Could not delete old sessions: %v", err)
|
||||
return types.ErrInternal
|
||||
|
||||
Reference in New Issue
Block a user