x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

feat(security): #328 delete old sessions for change and forgot password
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 43s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 50s
Details

Browse Source
This commit was merged in pull request #335.
This commit is contained in:
Tim Wundenberg
2024-12-17 22:21:46 +01:00
parent 43d0a3d022
commit dcc5207272
13 changed files with 292 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
db/auth.go
View File

@@ -100,6 +100,7 @@ type Auth interface {
InsertSession(session *Session) error
GetSession(sessionId string) (*Session, error)
GetSessions(userId uuid.UUID) ([]*Session, error)
DeleteSession(sessionId string) error
DeleteOldSessions(userId uuid.UUID) error
}
@@ -416,9 +417,44 @@ func (db AuthSqlite) GetSession(sessionId string) (*Session, error) {
return NewSession(sessionId, userId, createdAt, expiresAt), nil
}
func (db AuthSqlite) GetSessions(userId uuid.UUID) ([]*Session, error) {
sessions, err := db.db.Query(`
SELECT session_id, created_at, expires_at
FROM session
WHERE user_id = ?`, userId)
if err != nil {
log.Error("Could not get sessions: %v", err)
return nil, types.ErrInternal
}
var result []*Session
for sessions.Next() {
var (
sessionId string
createdAt time.Time
expiresAt time.Time
)
err := sessions.Scan(&sessionId, &createdAt, &expiresAt)
if err != nil {
log.Error("Could not scan session: %v", err)
return nil, types.ErrInternal
}
session := NewSession(sessionId, userId, createdAt, expiresAt)
result = append(result, session)
}
return result, nil
}
func (db AuthSqlite) DeleteOldSessions(userId uuid.UUID) error {
// Delete old inactive sessions
_, err := db.db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_id = ?", userId)
_, err := db.db.Exec(`
DELETE FROM session
WHERE expires_at < datetime('now')
AND user_id = ?`, userId)
if err != nil {
log.Error("Could not delete old sessions: %v", err)
return types.ErrInternal