From d1c41a116b9a3cd61c2bee546285ffb5c22ede00 Mon Sep 17 00:00:00 2001 From: Stavros Date: Tue, 23 Dec 2025 23:01:07 +0200 Subject: [PATCH] feat: refresh session cookie when session is active --- .gitignore | 5 ++- internal/controller/proxy_controller.go | 12 +----- internal/controller/proxy_controller_test.go | 7 --- internal/middleware/context_middleware.go | 2 + internal/service/auth_service.go | 45 +++++++++++++++++--- 5 files changed, 46 insertions(+), 25 deletions(-) diff --git a/.gitignore b/.gitignore index 576aeee..0eefed8 100644 --- a/.gitignore +++ b/.gitignore @@ -33,4 +33,7 @@ # binary out /tinyauth.db -/resources \ No newline at end of file +/resources + +# debug files +__debug_* \ No newline at end of file diff --git a/internal/controller/proxy_controller.go b/internal/controller/proxy_controller.go index eed127e..fb8c880 100644 --- a/internal/controller/proxy_controller.go +++ b/internal/controller/proxy_controller.go @@ -42,7 +42,8 @@ func NewProxyController(config ProxyControllerConfig, router *gin.RouterGroup, a func (controller *ProxyController) SetupRoutes() { proxyGroup := controller.router.Group("/auth") - proxyGroup.Any("/:proxy", controller.proxyHandler) + proxyGroup.GET("/:proxy", controller.proxyHandler) + proxyGroup.POST("/:proxy", controller.proxyHandler) } func (controller *ProxyController) proxyHandler(c *gin.Context) { @@ -67,15 +68,6 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) { return } - if req.Proxy != "envoy" && c.Request.Method != http.MethodGet { - log.Warn().Str("method", c.Request.Method).Msg("Invalid method for proxy") - c.JSON(405, gin.H{ - "status": 405, - "message": "Method Not Allowed", - }) - return - } - isBrowser := strings.Contains(c.Request.Header.Get("Accept"), "text/html") if isBrowser { diff --git a/internal/controller/proxy_controller_test.go b/internal/controller/proxy_controller_test.go index 452155f..91bb572 100644 --- a/internal/controller/proxy_controller_test.go +++ b/internal/controller/proxy_controller_test.go @@ -80,13 +80,6 @@ func TestProxyHandler(t *testing.T) { assert.Equal(t, 400, recorder.Code) - // Test invalid method - recorder = httptest.NewRecorder() - req = httptest.NewRequest("POST", "/api/auth/traefik", nil) - router.ServeHTTP(recorder, req) - - assert.Equal(t, 405, recorder.Code) - // Test logged out user (traefik/caddy) recorder = httptest.NewRecorder() req = httptest.NewRequest("GET", "/api/auth/traefik", nil) diff --git a/internal/middleware/context_middleware.go b/internal/middleware/context_middleware.go index 2c903be..8c5ce01 100644 --- a/internal/middleware/context_middleware.go +++ b/internal/middleware/context_middleware.go @@ -65,6 +65,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc { goto basic } + m.auth.RefreshSessionCookie(c) c.Set("context", &config.UserContext{ Username: cookie.Username, Name: cookie.Name, @@ -89,6 +90,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc { goto basic } + m.auth.RefreshSessionCookie(c) c.Set("context", &config.UserContext{ Username: cookie.Username, Name: cookie.Name, diff --git a/internal/service/auth_service.go b/internal/service/auth_service.go index bcba481..e272b10 100644 --- a/internal/service/auth_service.go +++ b/internal/service/auth_service.go @@ -1,7 +1,6 @@ package service import ( - "context" "errors" "fmt" "regexp" @@ -43,7 +42,6 @@ type AuthService struct { loginMutex sync.RWMutex ldap *LdapService database *gorm.DB - ctx context.Context } func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapService, database *gorm.DB) *AuthService { @@ -57,7 +55,6 @@ func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapS } func (auth *AuthService) Init() error { - auth.ctx = context.Background() return nil } @@ -217,7 +214,7 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio OAuthName: data.OAuthName, } - err = gorm.G[model.Session](auth.database).Create(auth.ctx, &session) + err = gorm.G[model.Session](auth.database).Create(c, &session) if err != nil { return err @@ -228,6 +225,40 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio return nil } +func (auth *AuthService) RefreshSessionCookie(c *gin.Context) error { + cookie, err := c.Cookie(auth.config.SessionCookieName) + + if err != nil { + return err + } + + session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(c) + + if err != nil { + return err + } + + currentTime := time.Now().Unix() + + if session.Expiry-currentTime > int64(time.Hour.Seconds()) { + return nil + } + + newExpiry := session.Expiry + int64(time.Hour.Seconds()) + + _, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Updates(c, model.Session{ + Expiry: newExpiry, + }) + + if err != nil { + return err + } + + c.SetCookie(auth.config.SessionCookieName, cookie, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true) + + return nil +} + func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error { cookie, err := c.Cookie(auth.config.SessionCookieName) @@ -235,7 +266,7 @@ func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error { return err } - _, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(auth.ctx) + _, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(c) if err != nil { return err @@ -253,7 +284,7 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie, return config.SessionCookie{}, err } - session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(auth.ctx) + session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(c) if err != nil { return config.SessionCookie{}, err @@ -266,7 +297,7 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie, currentTime := time.Now().Unix() if currentTime > session.Expiry { - _, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(auth.ctx) + _, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(c) if err != nil { log.Error().Err(err).Msg("Failed to delete expired session") }