bagas/filekeeper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Suspicious state for detecting unusual session activity

Browse Source
This commit is contained in:
bagas
2024-09-20 22:44:11 +07:00
parent 29a75b7286
commit 557e7313b2
4 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
session/session.go
View File

@ -37,6 +37,7 @@ const (
Authorized UserStatus = "authorized"
Unauthorized UserStatus = "unauthorized"
InvalidSession UserStatus = "invalid_session"
Suspicious UserStatus = "suspicious"
)
func (e *SessionNotFoundError) Error() string {
@ -196,6 +197,16 @@ func GetSession(r *http.Request) (UserStatus, types.User, string) {
if !storeSession.Authenticated {
return Unauthorized, types.User{}, ""
}
sessionInfo, err := GetSessionInfo(storeSession.Email, cookie.Value)
if err != nil {
return Unauthorized, types.User{}, ""
}
if sessionInfo.IP != utils.ClientIP(r) {
return Suspicious, storeSession, cookie.Value
}
return Authorized, storeSession, cookie.Value
}