mirror of
https://github.com/volatiletech/authboss.git
synced 2025-01-08 04:03:53 +02:00
69 lines
1.7 KiB
Go
69 lines
1.7 KiB
Go
package authboss
|
|
|
|
import (
|
|
"net/http"
|
|
"time"
|
|
)
|
|
|
|
var nowTime = time.Now
|
|
|
|
// TimeToExpiry returns zero if the user session is expired else the time until expiry.
|
|
func TimeToExpiry(w http.ResponseWriter, r *http.Request) time.Duration {
|
|
return timeToExpiry(Cfg.SessionStoreMaker(w, r))
|
|
}
|
|
|
|
func timeToExpiry(session ClientStorer) time.Duration {
|
|
dateStr, ok := session.Get(SessionLastAction)
|
|
if !ok {
|
|
return Cfg.ExpireAfter
|
|
}
|
|
|
|
date, err := time.Parse(time.RFC3339, dateStr)
|
|
if err != nil {
|
|
panic("last_action is not a valid RFC3339 date")
|
|
}
|
|
|
|
remaining := date.Add(Cfg.ExpireAfter).Sub(nowTime().UTC())
|
|
if remaining > 0 {
|
|
return remaining
|
|
}
|
|
|
|
return 0
|
|
}
|
|
|
|
// RefreshExpiry updates the last action for the user, so he doesn't become expired.
|
|
func RefreshExpiry(w http.ResponseWriter, r *http.Request) {
|
|
session := Cfg.SessionStoreMaker(w, r)
|
|
refreshExpiry(session)
|
|
}
|
|
|
|
func refreshExpiry(session ClientStorer) {
|
|
session.Put(SessionLastAction, nowTime().UTC().Format(time.RFC3339))
|
|
}
|
|
|
|
type expireMiddleware struct {
|
|
next http.Handler
|
|
}
|
|
|
|
// ExpireMiddleware ensures that the user's expiry information is kept up-to-date
|
|
// on each request. Deletes the SessionKey from the session if the user is
|
|
// expired (Cfg.ExpireAfter duration since SessionLastAction).
|
|
func ExpireMiddleware(next http.Handler) http.Handler {
|
|
return expireMiddleware{next}
|
|
}
|
|
|
|
func (m expireMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
session := Cfg.SessionStoreMaker(w, r)
|
|
if _, ok := session.Get(SessionKey); ok {
|
|
ttl := timeToExpiry(session)
|
|
if ttl == 0 {
|
|
session.Del(SessionKey)
|
|
session.Del(SessionLastAction)
|
|
} else {
|
|
refreshExpiry(session)
|
|
}
|
|
}
|
|
|
|
m.next.ServeHTTP(w, r)
|
|
}
|