bagas/filekeeper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Suspicious state for detecting unusual session activity

Browse Source
This commit is contained in:
bagas
2024-09-20 22:44:11 +07:00
parent 29a75b7286
commit 557e7313b2
4 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
handler/logout/logout.go
View File

@ -2,6 +2,7 @@ package logoutHandler
import ( import (
"errors" "errors"
"github.com/fossyy/filekeeper/app"
"github.com/fossyy/filekeeper/types" "github.com/fossyy/filekeeper/types"
"net/http" "net/http"
@ -26,12 +27,12 @@ func GET(w http.ResponseWriter, r *http.Request) {
err = storeSession.Delete() err = storeSession.Delete()
if err != nil { if err != nil {
panic(err) app.Server.Logger.Error(err)
return return
} }
err = session.RemoveSessionInfo(userSession.Email, cookie.Value) err = session.RemoveSessionInfo(userSession.Email, cookie.Value)
if err != nil { if err != nil {
panic(err) app.Server.Logger.Error(err)
return return
} }

1
handler/signin/signin.go
View File

@ -37,6 +37,7 @@ func init() {
"account_selection_required": "Please select an account to proceed with the request.", "account_selection_required": "Please select an account to proceed with the request.",
"consent_required": "Consent is required to proceed. Please provide consent to continue.", "consent_required": "Consent is required to proceed. Please provide consent to continue.",
"csrf_token_error": "The CSRF token is missing or invalid. Please refresh the page and try again.", "csrf_token_error": "The CSRF token is missing or invalid. Please refresh the page and try again.",
"suspicious_session": "We've detected unusual activity on your account. Please log in again to confirm it's you.",
} }
} }

21
middleware/middleware.go
View File

@ -81,7 +81,7 @@ func Handler(next http.Handler) http.Handler {
} }
func Auth(next http.HandlerFunc, w http.ResponseWriter, r *http.Request) { func Auth(next http.HandlerFunc, w http.ResponseWriter, r *http.Request) {
status, user, _ := session.GetSession(r) status, user, sessionID := session.GetSession(r)
switch status { switch status {
case session.Authorized: case session.Authorized:
@ -109,6 +109,25 @@ func Auth(next http.HandlerFunc, w http.ResponseWriter, r *http.Request) {
}) })
http.Redirect(w, r, "/signin", http.StatusSeeOther) http.Redirect(w, r, "/signin", http.StatusSeeOther)
return return
case session.Suspicious:
userSession := session.Get(sessionID)
err := userSession.Delete()
if err != nil {
app.Server.Logger.Error(err)
}
err = session.RemoveSessionInfo(user.Email, sessionID)
if err != nil {
app.Server.Logger.Error(err)
return
}
http.SetCookie(w, &http.Cookie{
Name: "Session",
Value: "",
Path: "/",
MaxAge: -1,
})
http.Redirect(w, r, "/signin?error=suspicious_session", http.StatusSeeOther)
return
default: default:
http.Redirect(w, r, "/", http.StatusSeeOther) http.Redirect(w, r, "/", http.StatusSeeOther)
return return

11
session/session.go
View File

@ -37,6 +37,7 @@ const (
Authorized UserStatus = "authorized" Authorized UserStatus = "authorized"
Unauthorized UserStatus = "unauthorized" Unauthorized UserStatus = "unauthorized"
InvalidSession UserStatus = "invalid_session" InvalidSession UserStatus = "invalid_session"
Suspicious UserStatus = "suspicious"
) )
func (e *SessionNotFoundError) Error() string { func (e *SessionNotFoundError) Error() string {
@ -196,6 +197,16 @@ func GetSession(r *http.Request) (UserStatus, types.User, string) {
if !storeSession.Authenticated { if !storeSession.Authenticated {
return Unauthorized, types.User{}, "" return Unauthorized, types.User{}, ""
} }
sessionInfo, err := GetSessionInfo(storeSession.Email, cookie.Value)
if err != nil {
return Unauthorized, types.User{}, ""
}
if sessionInfo.IP != utils.ClientIP(r) {
return Suspicious, storeSession, cookie.Value
}
return Authorized, storeSession, cookie.Value return Authorized, storeSession, cookie.Value
} }