go: add + use sessionMaxAge

2023-08-04 18:28:56 +02:00 · 2023-08-04 18:28:56 +02:00 · eb555cfcad
commit eb555cfcad
parent 2559092231
5 changed files with 20 additions and 4 deletions
--- a/app/echoSettings.go
+++ b/app/echoSettings.go
@ -117,6 +117,7 @@ func (a *App) SetEchoSettings() {
 	store.Options.HttpOnly = true
 	store.Options.SameSite = http.SameSiteStrictMode
 	store.Options.Secure = a.setting.HTTPSecure()
+	store.Options.MaxAge = a.setting.SessionMaxAge()

 	e.Use(session.Middleware(store))

@ -137,6 +138,7 @@ func (a *App) SetEchoSettings() {
 		CookieSecure:   a.setting.HTTPSecure(),
 		CookieHTTPOnly: true,
 		CookieSameSite: http.SameSiteStrictMode,
+		CookieMaxAge:   a.setting.SessionMaxAge(),
 	}),
 	)

--- a/app/settings/settings.go
+++ b/app/settings/settings.go
@ -31,6 +31,7 @@ type Settings struct {
 	sessionCookieEncrSecret string
 	sessionAuthIsHex        bool
 	sessionEncrIsHex        bool
+	sessionMaxAge           int
 	assetsPath              string
 	templatesPath           string
 	version                 string
@ -214,6 +215,11 @@ func (s *Settings) SessionEncrIsHex() bool {
 	return s.sessionEncrIsHex
 }

+// SessionMaxAge returns the session cookie MaxAge value.
+func (s *Settings) SessionMaxAge() int {
+	return s.sessionMaxAge
+}
+
 // HTTPDomain returns the httpDomain.
 func (s *Settings) HTTPDomain() string {
 	return s.httpDomain
@ -329,6 +335,15 @@ func (s *Settings) SetSessionCookieEncrSecret(sessionCookieEncrSecret string) {
 	s.sessionCookieEncrSecret = sessionCookieEncrSecret
 }

+// SetSessionMaxAge sets sessionMaxAge.
+func (s *Settings) SetSessionMaxAge(sessionMaxAge int) {
+	if sessionMaxAge < 1 {
+		s.sessionMaxAge = 86400
+	} else {
+		s.sessionMaxAge = sessionMaxAge
+	}
+}
+
 // SetHTTPDomain sets the httpDomain.
 func (s *Settings) SetHTTPDomain(domain string) {
 	switch domain {
--- a/handlers/middleware.go
+++ b/handlers/middleware.go
@ -32,8 +32,7 @@ func MiddlewareSession(next echo.HandlerFunc) echo.HandlerFunc {
 			refreshSession(
 				sess,
 				"/",
-				// setting.SessionMaxAge,
-				86400,
+				setting.SessionMaxAge(),
 				true,
 				c.Request().URL.Scheme == "https", //nolint:goconst
 				http.SameSiteStrictMode,
--- a/handlers/signin.go
+++ b/handlers/signin.go
@ -128,7 +128,7 @@ func SigninPost(client *ent.Client) echo.HandlerFunc {
 		if sess != nil {
 			sess.Options = &sessions.Options{
 				Path:     "/",
-				MaxAge:   3600,
+				MaxAge:   setting.SessionMaxAge(),
 				HttpOnly: true,
 				Secure:   secure,
 				SameSite: http.SameSiteStrictMode,
--- a/handlers/signup.go
+++ b/handlers/signup.go
@ -146,7 +146,7 @@ func SignupPost(client *ent.Client) echo.HandlerFunc {
 		sess, _ := session.Get(setting.SessionCookieName(), c)
 		sess.Options = &sessions.Options{
 			Path:     "/",
-			MaxAge:   3600,
+			MaxAge:   setting.SessionMaxAge(),
 			HttpOnly: true,
 			Secure:   secure,
 			SameSite: http.SameSiteStrictMode,