Skip to content

Commit

Permalink
Fix expiring sessions crashing app
Browse files Browse the repository at this point in the history
  • Loading branch information
@knpwrs
knpwrs committed Sep 11, 2024
1 parent d2b8249 commit d602d96
Show file tree
Hide file tree
Showing 6 changed files with 43 additions and 49 deletions.
3 changes: 0 additions & 3 deletions services/web/internal/data/auth.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,3 @@ WHERE u.id = sqlc.arg(id);

-- name: ChangePassword :exec
UPDATE app_user SET password=sqlc.arg(password) WHERE id=sqlc.arg(id);

-- name: GetValidSession :one
SELECT * FROM app_session WHERE id = sqlc.arg(id) AND expires_at > NOW();
18 changes: 0 additions & 18 deletions services/web/internal/data/auth.sql.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion services/web/internal/data/session.sql
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
-- name: GetSession :one
-- name: GetValidSession :many
SELECT s.*, u.id as user_id, u.username as username
FROM app_session s, app_user u
WHERE s.id = sqlc.arg(id)
Expand Down
45 changes: 29 additions & 16 deletions services/web/internal/data/session.sql.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion services/web/internal/handler/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -473,7 +473,7 @@ func (h *Handler) createSession(c echo.Context, user *data.GetUserRow, remember
return &sessionId, nil
}

func (h *Handler) deleteSession(c echo.Context, sessionRow *data.GetSessionRow) error {
func (h *Handler) deleteSession(c echo.Context, sessionRow *data.GetValidSessionRow) error {
eb := oops.In("deleteSession")
sess, err := session.Get("session", c)
if err != nil {
Expand Down
22 changes: 12 additions & 10 deletions services/web/internal/handler/handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ type Handler struct {
ZxcvbnMinimumScore int
}

func (h *Handler) getAppSession(c echo.Context) (*data.GetSessionRow, error) {
func (h *Handler) getAppSession(c echo.Context) (*data.GetValidSessionRow, error) {
sess, _ := session.Get("session", c)
sessionId := sess.Values["id"]

Expand All @@ -37,12 +37,16 @@ func (h *Handler) getAppSession(c echo.Context) (*data.GetSessionRow, error) {
return nil, eb.Wrap(err)
}

session, err := h.Queries.GetSession(c.Request().Context(), sessionUuid.Pg())
session, err := h.Queries.GetValidSession(c.Request().Context(), sessionUuid.Pg())

return &session, eb.Wrap(err)
if len(session) == 0 {
return nil, eb.Errorf("No valid session found")
}

return &session[0], eb.Wrap(err)
}

func (h *Handler) getAppUserFromSession(c echo.Context, session *data.GetSessionRow) (*data.GetUserByIdRow, error) {
func (h *Handler) getAppUserFromSession(c echo.Context, session *data.GetValidSessionRow) (*data.GetUserByIdRow, error) {
if session == nil {
return nil, nil
}
Expand All @@ -62,18 +66,16 @@ func (h *Handler) getAppContext(c echo.Context) (*util.AppContext, error) {
flashes := lo.Map(sess.Flashes(), func(f any, _ int) util.Flash {
return f.(util.Flash)
})

eb := oops.In("getAppContext")
err := sess.Save(c.Request(), c.Response())
if err != nil {
return nil, eb.Hint("Could not save session after getting flashes").Wrap(err)
}

appSession, err := h.getAppSession(c)
if err != nil {
return nil, eb.Hint("Could not get app session").Wrap(err)
return nil, eb.Hint("Could not save session after getting flashes").Wrap(err)
}

appUser, err := h.getAppUserFromSession(c, appSession)
appSession, _ := h.getAppSession(c)
appUser, _ := h.getAppUserFromSession(c, appSession)

return &util.AppContext{
Flashes: flashes,
Expand Down

0 comments on commit d602d96

Please sign in to comment.