From ce554cfb733932624177310d3e1e27b16143be1b Mon Sep 17 00:00:00 2001 From: Tim Wundenberg Date: Tue, 3 Sep 2024 22:49:45 +0200 Subject: [PATCH] fix(auth): #130 delete inactive sessions on login --- service/auth.go | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/service/auth.go b/service/auth.go index faca684..0fdb56e 100644 --- a/service/auth.go +++ b/service/auth.go @@ -154,7 +154,6 @@ func HandleSignInComp(db *sql.DB) http.HandlerFunc { if result { w.Header().Add("HX-Redirect", "/") - w.WriteHeader(http.StatusOK) } else { auth.Error("Invalid email or password").Render(r.Context(), w) } @@ -183,7 +182,7 @@ func HandleSignOutComp(db *sql.DB) http.HandlerFunc { } http.SetCookie(w, &c) - auth.UserComp("").Render(r.Context(), w) + w.Header().Add("HX-Redirect", "/") } } @@ -197,9 +196,15 @@ func tryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sq } session_id := base64.StdEncoding.EncodeToString(session_id_bytes) + // Delete old inactive sessions + _, err = db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", user_uuid) + if err != nil { + slog.Error("Could not delete old sessions: " + err.Error()) + } + _, err = db.Exec("INSERT INTO session (session_id, user_uuid, created_at) VALUES (?, ?, datetime())", session_id, user_uuid) if err != nil { - slog.Error("Could not insert session: %v", err) + slog.Error("Could not insert session: " + err.Error()) auth.Error("Internal Server Error").Render(r.Context(), w) return false } @@ -242,7 +247,7 @@ func verifySessionAndReturnUser(db *sql.DB, r *http.Request) *User { INNER JOIN user u ON s.user_uuid = u.user_uuid WHERE session_id = ?`, sessionId).Scan(&user.id, &user.email, &createdAt) if err != nil { - slog.Error("Could not verify session: " + err.Error()) + slog.Warn("Could not verify session: " + err.Error()) return nil }