diff options
Diffstat (limited to '')
-rw-r--r-- | auth.go | 9 | ||||
-rw-r--r-- | config.go | 3 | ||||
-rw-r--r-- | docs/cca.scfg.example | 3 |
3 files changed, 13 insertions, 2 deletions
@@ -205,12 +205,17 @@ func handleAuth(w http.ResponseWriter, req *http.Request) { return } + now := time.Now() + expr := now.Add(time.Duration(config.Auth.Expr) * time.Second) + exprU := expr.Unix() + cookie := http.Cookie{ Name: "session", Value: cookieValue, SameSite: http.SameSiteLaxMode, HttpOnly: true, Secure: config.Prod, + Expires: expr, /* * TODO: Cookies should also have an expiration; cookies * without expiration don't even persist across browser @@ -228,7 +233,7 @@ func handleAuth(w http.ResponseWriter, req *http.Request) { claims.Email, department, cookieValue, - 1881839332, /* TODO */ + exprU, ) if err != nil { var pgErr *pgconn.PgError @@ -240,7 +245,7 @@ func handleAuth(w http.ResponseWriter, req *http.Request) { claims.Email, department, cookieValue, - 1881839332, /* TODO */ + exprU, claims.Oid, ) if err != nil { @@ -66,6 +66,7 @@ var configWithPointers struct { Jwks *string `scfg:"jwks"` Token *string `scfg:"token"` Secret *string `scfg:"secret"` + Expr *int `scfg:"expr"` } `scfg:"auth"` Perf struct { SendQ *int `scfg:"sendq"` @@ -95,6 +96,7 @@ var config struct { Jwks string Token string Secret string + Expr int } Perf struct { SendQ int @@ -129,6 +131,7 @@ func fetchConfig(path string) error { config.Auth.Jwks = *(configWithPointers.Auth.Jwks) config.Auth.Token = *(configWithPointers.Auth.Token) config.Auth.Secret = *(configWithPointers.Auth.Secret) + config.Auth.Expr = *(configWithPointers.Auth.Expr) config.Perf.SendQ = *(configWithPointers.Perf.SendQ) config.Perf.MessageArgumentsCap = *(configWithPointers.Perf.MessageArgumentsCap) config.Perf.MessageBytesCap = *(configWithPointers.Perf.MessageBytesCap) diff --git a/docs/cca.scfg.example b/docs/cca.scfg.example index 95f39b9..8117e57 100644 --- a/docs/cca.scfg.example +++ b/docs/cca.scfg.example @@ -62,6 +62,9 @@ auth { # What is the client secret? Certificates are not supported yet. secret something + + # How long, in seconds, should cookies last? + expr 604800 } # The following block contains some tweaks for performance. |