fix

itsumura-h · Feb 28, 2024 · e98c30f · e98c30f
1 parent bc5904c
commit e98c30f
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 10 deletions.
diff --git a/src/basolato/core/security/session_db/json_session_db.nim b/src/basolato/core/security/session_db/json_session_db.nim
@@ -26,7 +26,6 @@ proc new*(_:type JsonSessionDb, sessionId=""):Future[JsonSessionDb] {.async.} =
   if not db.hasKey("session_id"):
     let sessionId = secureRandStr(256)
     db.set("session_id", %sessionId)
-    db.set("last_access", %($getTime()))
     db.sync().await
   return JsonSessionDb(db:db)
 

diff --git a/src/basolato/core/security/session_db/libs/json_file_db.nim b/src/basolato/core/security/session_db/libs/json_file_db.nim
@@ -28,12 +28,12 @@ proc new*(_:type JsonFileDb):Future[JsonFileDb] {.async.}=
 
 proc new*(_:type JsonFileDb, id:string):Future[JsonFileDb] {.async.}=
   var file:AsyncFile
+  defer: file.close()
   if not fileExists(SESSION_DB_PATH):
     let newId = genOid()
     let newRow = %*{"_id": $newId}
     file = openAsync(SESSION_DB_PATH, fmWrite)
     file.write($newRow & "\n").await
-    file.close()
     return JsonFileDb(id: $newId, row: newRow)
   else:
     file = openAsync(SESSION_DB_PATH, fmRead)
@@ -47,18 +47,17 @@ proc new*(_:type JsonFileDb, id:string):Future[JsonFileDb] {.async.}=
     let newRow = %*{"_id": id}
     file = openAsync(SESSION_DB_PATH, fmWrite)
     file.write($newRow & "\n").await
-    file.close()
     return JsonFileDb(id: $id, row: newRow)
 
 
 proc search*(_:type JsonFileDb, key, value:string):Future[JsonFileDb] {.async.} =
   var file:AsyncFile
+  defer: file.close()
   if not fileExists(SESSION_DB_PATH):
     let newId = genOid()
     let newRow = %*{"_id": $newId, key: value}
     file = openAsync(SESSION_DB_PATH, fmWrite)
     file.write($newRow & "\n").await
-    file.close()
     return JsonFileDb(id: $newId, row: newRow)
   else:
     file = openAsync(SESSION_DB_PATH, fmRead)
@@ -73,7 +72,6 @@ proc search*(_:type JsonFileDb, key, value:string):Future[JsonFileDb] {.async.}
     let newRow = %*{"_id": $id}
     file = openAsync(SESSION_DB_PATH, fmAppend)
     file.write($newRow & "\n").await
-    file.close()
     return JsonFileDb(id: $id, row: newRow)
 
 
@@ -119,6 +117,7 @@ proc delete*(self:JsonFileDb, key:string) =
 proc destroy*(self:JsonFileDb) {.async.} =
   self.row = newJObject()
   var file = openAsync(SESSION_DB_PATH, fmRead)
+  defer: file.close()
   var content = file.readAll().await.splitLines()
   var position = 0
   for i, row in content:
@@ -129,11 +128,11 @@ proc destroy*(self:JsonFileDb) {.async.} =
   content.delete(position)
   file = openAsync(SESSION_DB_PATH, fmWrite)
   file.write(content.join("\n")).await
-  file.close()
 
 
 proc sync*(self:JsonFileDb) {.async.} =
   var file = openAsync(SESSION_DB_PATH, fmRead)
+  defer: file.close()
   var content = file.readAll().await.splitLines()
   var position = 0
   for i, row in content:
@@ -144,4 +143,3 @@ proc sync*(self:JsonFileDb) {.async.} =
   content[position] = $self.row
   file = openAsync(SESSION_DB_PATH, fmWrite)
   file.write(content.join("\n")).await
-  file.close()
diff --git a/src/basolato/core/security/session_db/redis_session_db.nim b/src/basolato/core/security/session_db/redis_session_db.nim
@@ -93,8 +93,6 @@ proc new*(_:type RedisSessionDb, sessionId=""):Future[RedisSessionDb] {.async.}
     conn: conn,
     id:id,
   )
-  sessionDb.setStr("last_access", $getTime()).await
-  discard sessionDb.updateCsrfToken().await
   return sessionDb
 
 

diff --git a/src/basolato/middleware/session_from_cookie_middleware.nim b/src/basolato/middleware/session_from_cookie_middleware.nim
@@ -2,6 +2,7 @@ import std/asyncdispatch
 import std/httpcore
 import std/options
 import std/times
+import std/strutils
 import ../core/security/context
 import ../core/security/session
 import ../core/security/cookie
@@ -10,16 +11,29 @@ import ../core/logger
 import ../middleware
 
 
+proc createExpire():int =
+  return now().toTime().toUnix() + (60 * 30) # 60 secound * 30 min
+
 proc sessionFromCookie*(c:Context, p:Params):Future[Response] {.async.} =
   try:
     var cookies = Cookies.new(c.request)
     let sessionId = cookies.get("session_id")
     let sessionOpt = Session.new(sessionId).await
     c.setSession(sessionOpt.get())
-    if c.request.httpMethod == HttpGet:
+    # get expire time
+    let expire =
+      if sessionOpt.isSome("csrf_expire").await:
+        sessionOpt.get("csrf_expire").await.parseInt().fromUnix()
+      else:
+        fromUnix(0)
+    let current = now().toTime()
+    if c.request.httpMethod == HttpGet and ( current > expire ):
       c.session.updateCsrfToken().await
+      let newExpire = createExpire()
+      c.session.set("csrf_expire", $newExpire).await
     else:
       globalCsrfToken = sessionOpt.get("csrf_token").await
+
     let newSessionId = sessionOpt.getToken().await
     cookies.set("session_id", newSessionId, expire=timeForward(SESSION_TIME, Minutes))
     return next().setCookie(cookies)