bagas/filekeeper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Suspicious state for detecting unusual session activity

Browse Source
This commit is contained in:
bagas
2024-09-20 22:44:11 +07:00
parent 29a75b7286
commit 557e7313b2
4 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
middleware/middleware.go
View File

@ -81,7 +81,7 @@ func Handler(next http.Handler) http.Handler {
}
func Auth(next http.HandlerFunc, w http.ResponseWriter, r *http.Request) {
status, user, _ := session.GetSession(r)
status, user, sessionID := session.GetSession(r)
switch status {
case session.Authorized:
@ -109,6 +109,25 @@ func Auth(next http.HandlerFunc, w http.ResponseWriter, r *http.Request) {
})
http.Redirect(w, r, "/signin", http.StatusSeeOther)
return
case session.Suspicious:
userSession := session.Get(sessionID)
err := userSession.Delete()
if err != nil {
app.Server.Logger.Error(err)
}
err = session.RemoveSessionInfo(user.Email, sessionID)
if err != nil {
app.Server.Logger.Error(err)
return
}
http.SetCookie(w, &http.Cookie{
Name: "Session",
Value: "",
Path: "/",
MaxAge: -1,
})
http.Redirect(w, r, "/signin?error=suspicious_session", http.StatusSeeOther)
return
default:
http.Redirect(w, r, "/", http.StatusSeeOther)
return