59 lines
1.1 KiB
Go
59 lines
1.1 KiB
Go
package middlewares
|
|
|
|
import (
|
|
"errors"
|
|
"time"
|
|
|
|
"git.readonly.ch/bouzoure/pop-camarades/helpers"
|
|
"git.readonly.ch/bouzoure/pop-camarades/models"
|
|
"github.com/gofiber/fiber/v2"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
func SavedSessionMiddleware(c *fiber.Ctx) error {
|
|
sess, err := helpers.GetSessionStore(c)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if sess.Get("totp-verified") == "yes" {
|
|
return c.Next()
|
|
}
|
|
|
|
sessionUUID := c.Cookies("saved-session-uuid")
|
|
sessionSecret := c.Cookies("saved-session-secret")
|
|
|
|
if len(sessionUUID) > 0 && len(sessionSecret) > 0 {
|
|
db, err := helpers.GetDatabase()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
var savedSession models.UserSavedSession
|
|
result := db.Find(
|
|
&savedSession,
|
|
"uuid = ? AND expiration >= ?",
|
|
sessionUUID,
|
|
time.Now(),
|
|
)
|
|
|
|
if errors.Is(result.Error, gorm.ErrRecordNotFound) {
|
|
c.ClearCookie("saved-session-uuid")
|
|
c.ClearCookie("saved-session-secret")
|
|
|
|
return c.Next()
|
|
}
|
|
|
|
if result.Error != nil {
|
|
return result.Error
|
|
}
|
|
|
|
if helpers.CheckPasswordHash(sessionSecret, savedSession.Secret) {
|
|
sess.Set("userid", savedSession.UserID)
|
|
sess.Set("totp-verified", "yes")
|
|
sess.Save()
|
|
}
|
|
}
|
|
|
|
return c.Next()
|
|
}
|