mirre-mt/pcmt
1
0
Fork 0
Code Issues 6 Pull Requests Releases 4 Activity

go: add + use sessionMaxAge
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
surtur 2023-08-04 18:28:56 +02:00
parent 2559092231
commit eb555cfcad
Signed by: wanderer
SSH Key Fingerprint: SHA256:MdCZyJ2sHLltrLBp0xQO0O1qTW9BT/xl5nXkDvhlMCI
5 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/echoSettings.go
View File

@ -117,6 +117,7 @@ func (a *App) SetEchoSettings() {
store.Options.HttpOnly = true store.Options.HttpOnly = true
store.Options.SameSite = http.SameSiteStrictMode store.Options.SameSite = http.SameSiteStrictMode
store.Options.Secure = a.setting.HTTPSecure() store.Options.Secure = a.setting.HTTPSecure()
store.Options.MaxAge = a.setting.SessionMaxAge()
e.Use(session.Middleware(store)) e.Use(session.Middleware(store))
@ -137,6 +138,7 @@ func (a *App) SetEchoSettings() {
CookieSecure: a.setting.HTTPSecure(), CookieSecure: a.setting.HTTPSecure(),
CookieHTTPOnly: true, CookieHTTPOnly: true,
CookieSameSite: http.SameSiteStrictMode, CookieSameSite: http.SameSiteStrictMode,
CookieMaxAge: a.setting.SessionMaxAge(),
}), }),
) )

15
app/settings/settings.go
View File

@ -31,6 +31,7 @@ type Settings struct {
sessionCookieEncrSecret string sessionCookieEncrSecret string
sessionAuthIsHex bool sessionAuthIsHex bool
sessionEncrIsHex bool sessionEncrIsHex bool
sessionMaxAge int
assetsPath string assetsPath string
templatesPath string templatesPath string
version string version string
@ -214,6 +215,11 @@ func (s *Settings) SessionEncrIsHex() bool {
return s.sessionEncrIsHex return s.sessionEncrIsHex
} }
// SessionMaxAge returns the session cookie MaxAge value.
func (s *Settings) SessionMaxAge() int {
return s.sessionMaxAge
}
// HTTPDomain returns the httpDomain. // HTTPDomain returns the httpDomain.
func (s *Settings) HTTPDomain() string { func (s *Settings) HTTPDomain() string {
return s.httpDomain return s.httpDomain
@ -329,6 +335,15 @@ func (s *Settings) SetSessionCookieEncrSecret(sessionCookieEncrSecret string) {
s.sessionCookieEncrSecret = sessionCookieEncrSecret s.sessionCookieEncrSecret = sessionCookieEncrSecret
} }
// SetSessionMaxAge sets sessionMaxAge.
func (s *Settings) SetSessionMaxAge(sessionMaxAge int) {
if sessionMaxAge < 1 {
s.sessionMaxAge = 86400
} else {
s.sessionMaxAge = sessionMaxAge
}
}
// SetHTTPDomain sets the httpDomain. // SetHTTPDomain sets the httpDomain.
func (s *Settings) SetHTTPDomain(domain string) { func (s *Settings) SetHTTPDomain(domain string) {
switch domain { switch domain {

3
handlers/middleware.go
View File

@ -32,8 +32,7 @@ func MiddlewareSession(next echo.HandlerFunc) echo.HandlerFunc {
refreshSession( refreshSession(
sess, sess,
"/", "/",
// setting.SessionMaxAge, setting.SessionMaxAge(),
86400,
true, true,
c.Request().URL.Scheme == "https", //nolint:goconst c.Request().URL.Scheme == "https", //nolint:goconst
http.SameSiteStrictMode, http.SameSiteStrictMode,

2
handlers/signin.go
View File

@ -128,7 +128,7 @@ func SigninPost(client *ent.Client) echo.HandlerFunc {
if sess != nil { if sess != nil {
sess.Options = &sessions.Options{ sess.Options = &sessions.Options{
Path: "/", Path: "/",
MaxAge: 3600, MaxAge: setting.SessionMaxAge(),
HttpOnly: true, HttpOnly: true,
Secure: secure, Secure: secure,
SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteStrictMode,

2
handlers/signup.go
View File

@ -146,7 +146,7 @@ func SignupPost(client *ent.Client) echo.HandlerFunc {
sess, _ := session.Get(setting.SessionCookieName(), c) sess, _ := session.Get(setting.SessionCookieName(), c)
sess.Options = &sessions.Options{ sess.Options = &sessions.Options{
Path: "/", Path: "/",
MaxAge: 3600, MaxAge: setting.SessionMaxAge(),
HttpOnly: true, HttpOnly: true,
Secure: secure, Secure: secure,
SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteStrictMode,