feat: refresh session cookie when session is active

2025-12-24 17:12:30 +00:00 · 2025-12-23 23:01:07 +02:00
parent ef25872fc3
commit d1c41a116b
5 changed files with 46 additions and 25 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -33,4 +33,7 @@

 # binary out
 /tinyauth.db
-/resources
+/resources
+
+# debug files
+__debug_*
--- a/internal/controller/proxy_controller.go
+++ b/internal/controller/proxy_controller.go
@@ -42,7 +42,8 @@ func NewProxyController(config ProxyControllerConfig, router *gin.RouterGroup, a

 func (controller *ProxyController) SetupRoutes() {
 	proxyGroup := controller.router.Group("/auth")
-	proxyGroup.Any("/:proxy", controller.proxyHandler)
+	proxyGroup.GET("/:proxy", controller.proxyHandler)
+	proxyGroup.POST("/:proxy", controller.proxyHandler)
 }

 func (controller *ProxyController) proxyHandler(c *gin.Context) {
@@ -67,15 +68,6 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}

-	if req.Proxy != "envoy" && c.Request.Method != http.MethodGet {
-		log.Warn().Str("method", c.Request.Method).Msg("Invalid method for proxy")
-		c.JSON(405, gin.H{
-			"status":  405,
-			"message": "Method Not Allowed",
-		})
-		return
-	}
-
 	isBrowser := strings.Contains(c.Request.Header.Get("Accept"), "text/html")

 	if isBrowser {
--- a/internal/controller/proxy_controller_test.go
+++ b/internal/controller/proxy_controller_test.go
@@ -80,13 +80,6 @@ func TestProxyHandler(t *testing.T) {

 	assert.Equal(t, 400, recorder.Code)

-	// Test invalid method
-	recorder = httptest.NewRecorder()
-	req = httptest.NewRequest("POST", "/api/auth/traefik", nil)
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 405, recorder.Code)
-
 	// Test logged out user (traefik/caddy)
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
--- a/internal/middleware/context_middleware.go
+++ b/internal/middleware/context_middleware.go
@@ -65,6 +65,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				goto basic
 			}

+			m.auth.RefreshSessionCookie(c)
 			c.Set("context", &config.UserContext{
 				Username:   cookie.Username,
 				Name:       cookie.Name,
@@ -89,6 +90,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				goto basic
 			}

+			m.auth.RefreshSessionCookie(c)
 			c.Set("context", &config.UserContext{
 				Username:    cookie.Username,
 				Name:        cookie.Name,
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -1,7 +1,6 @@
 package service

 import (
-	"context"
 	"errors"
 	"fmt"
 	"regexp"
@@ -43,7 +42,6 @@ type AuthService struct {
 	loginMutex    sync.RWMutex
 	ldap          *LdapService
 	database      *gorm.DB
-	ctx           context.Context
 }

 func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapService, database *gorm.DB) *AuthService {
@@ -57,7 +55,6 @@ func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapS
 }

 func (auth *AuthService) Init() error {
-	auth.ctx = context.Background()
 	return nil
 }

@@ -217,7 +214,7 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 		OAuthName:   data.OAuthName,
 	}

-	err = gorm.G[model.Session](auth.database).Create(auth.ctx, &session)
+	err = gorm.G[model.Session](auth.database).Create(c, &session)

 	if err != nil {
 		return err
@@ -228,6 +225,40 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 	return nil
 }

+func (auth *AuthService) RefreshSessionCookie(c *gin.Context) error {
+	cookie, err := c.Cookie(auth.config.SessionCookieName)
+
+	if err != nil {
+		return err
+	}
+
+	session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(c)
+
+	if err != nil {
+		return err
+	}
+
+	currentTime := time.Now().Unix()
+
+	if session.Expiry-currentTime > int64(time.Hour.Seconds()) {
+		return nil
+	}
+
+	newExpiry := session.Expiry + int64(time.Hour.Seconds())
+
+	_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Updates(c, model.Session{
+		Expiry: newExpiry,
+	})
+
+	if err != nil {
+		return err
+	}
+
+	c.SetCookie(auth.config.SessionCookieName, cookie, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)
+
+	return nil
+}
+
 func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
 	cookie, err := c.Cookie(auth.config.SessionCookieName)

@@ -235,7 +266,7 @@ func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
 		return err
 	}

-	_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(auth.ctx)
+	_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(c)

 	if err != nil {
 		return err
@@ -253,7 +284,7 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 		return config.SessionCookie{}, err
 	}

-	session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(auth.ctx)
+	session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(c)

 	if err != nil {
 		return config.SessionCookie{}, err
@@ -266,7 +297,7 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 	currentTime := time.Now().Unix()

 	if currentTime > session.Expiry {
-		_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(auth.ctx)
+		_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(c)
 		if err != nil {
 			log.Error().Err(err).Msg("Failed to delete expired session")
 		}