fix(auth): cookie expiry and renewal (#1527)

* fix(auth/web): logout when expired/invalid/no cookie is present * fix(auth/web): specify error message in invalid cookie * fix(auth/web): reset error boundary on login * fix(auth/web): fix onboarding * chore: code cleanup * fix(web): revert tanstack/router to 1.31.0 * refactor(web): remove react-error-boundary * feat(auth): refresh cookie when close to expiry * enhancement(web): specify defaultError message in HttpClient * fix(web): use absolute paths for router links (#1530) * chore(web): bump `@tanstack/react-router` to `1.31.6` * fix(web): settings routes * fix(web): filter routes * fix(web): remove unused ReleasesIndexRoute * chore(web): add documentation for HttpClient * chore(lint): remove unnecessary whitespace
autobrr · May 8, 2024 · 8120c33 · 8120c33
1 parent 3dab295
commit 8120c33
Show file tree

Hide file tree

Showing 19 changed files with 363 additions and 365 deletions.
diff --git a/internal/http/auth.go b/internal/http/auth.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"encoding/json"
 	"net/http"
+	"time"
 
 	"github.com/autobrr/autobrr/internal/domain"
 	"github.com/autobrr/autobrr/pkg/errors"
@@ -82,6 +83,7 @@ func (h authHandler) login(w http.ResponseWriter, r *http.Request) {
 
 	// Set user as authenticated
 	session.Values["authenticated"] = true
+	session.Values["created"] = time.Now().Unix()
 
 	// Set cookie options
 	session.Options.HttpOnly = true

diff --git a/internal/http/middleware.go b/internal/http/middleware.go
@@ -57,6 +57,27 @@ func (s Server) IsAuthenticated(next http.Handler) http.Handler {
 				return
 			}
 
+			if created, ok := session.Values["created"].(int64); ok {
+				// created is a unix timestamp MaxAge is in seconds
+				maxAge := time.Duration(session.Options.MaxAge) * time.Second
+				expires := time.Unix(created, 0).Add(maxAge)
+
+				if time.Until(expires) <= 7*24*time.Hour { // 7 days
+					s.log.Info().Msgf("Cookie is expiring in less than 7 days on %s - extending session", expires.Format("2006-01-02 15:04:05"))
+
+					session.Values["created"] = time.Now().Unix()
+
+					// Call session.Save as needed - since it writes a header (the Set-Cookie
+					// header), making sure you call it before writing out a body is important.
+					// https://github.com/gorilla/sessions/issues/178#issuecomment-447674812
+					if err := session.Save(r, w); err != nil {
+						s.log.Error().Err(err).Msgf("could not store session: %s", r.RemoteAddr)
+						http.Error(w, err.Error(), http.StatusInternalServerError)
+						return
+					}
+				}
+			}
+
 			ctx := context.WithValue(r.Context(), "session", session)
 			r = r.WithContext(ctx)
 		}

diff --git a/web/package.json b/web/package.json
@@ -40,7 +40,7 @@
     "@tailwindcss/forms": "^0.5.7",
     "@tanstack/react-query": "^5.29.2",
     "@tanstack/react-query-devtools": "^5.29.2",
-    "@tanstack/react-router": "^1.28.5",
+    "@tanstack/react-router": "^1.31.6",
     "@types/node": "^20.12.7",
     "@types/react": "^18.2.79",
     "@types/react-dom": "^18.2.25",
@@ -58,7 +58,6 @@
     "react": "^18.2.0",
     "react-debounce-input": "^3.3.0",
     "react-dom": "^18.2.0",
-    "react-error-boundary": "^4.0.13",
     "react-hook-form": "^7.51.3",
     "react-hot-toast": "^2.4.1",
     "react-multi-select-component": "^4.3.4",
@@ -78,7 +77,7 @@
   "devDependencies": {
     "@microsoft/eslint-formatter-sarif": "^3.1.0",
     "@rollup/wasm-node": "^4.14.3",
-    "@tanstack/router-devtools": "^1.28.5",
+    "@tanstack/router-devtools": "^1.31.6",
     "@types/node": "^20.12.2",
     "@types/react": "^18.2.73",
     "@types/react-dom": "^18.2.23",