фича: автообновление сессии

2025-01-17 19:09:44 +03:00
parent a4214fd007
commit 3537965393
16 changed files with 170 additions and 96 deletions
--- a/src/auth/resources.cpp
+++ b/src/auth/resources.cpp
@@ -44,12 +44,12 @@ http::auth::User::~User() = default;

 http::auth::AuthProvider::AuthProvider() = default;

-std::shared_ptr<http::auth::User> http::auth::AuthProvider::doAuth(const std::string &username, const std::string &password, server::Reply &rep) {
+std::shared_ptr<http::auth::User> http::auth::AuthProvider::doAuth(const std::string &username, const std::string &password, const server::Request &req, server::Reply &rep) {
    for (const auto& u: users) {
        if (u->username == username) {
            if (u->checkPassword(password)) {
                auto t = jwt::Jwt::fromUser(u->username);
-                rep.headers.push_back({.name = "Set-Cookie", .value = t.asCookie()});
+                rep.headers.push_back({.name = "Set-Cookie", .value = t.asCookie(req.isSecure)});
                return u;
            }
            BOOST_LOG_TRIVIAL(warning) << "http::auth::AuthProvider::doAuth(): Failed to login " << username << ", password: " << password << " (incorrect password)";
@@ -60,13 +60,17 @@ std::shared_ptr<http::auth::User> http::auth::AuthProvider::doAuth(const std::st
    return nullptr;
 }

-std::shared_ptr<http::auth::User> http::auth::AuthProvider::getSession(const server::Request &req) {
+std::shared_ptr<http::auth::User> http::auth::AuthProvider::getSession(const server::Request &req, server::Reply &rep) {
    auto t = jwt::Jwt::fromCookies(req.getHeaderValue("cookie"));
    if (t.isValid()) {
        const auto name = t.getUsername();
        // токен валидный, ищем юзера
        for (auto& u: users) {
            if (u->username == name) {
+                // на всякий случай тут проверяем, что токен пора обновлять
+                if (t.needUpdate()) {
+                    rep.headers.push_back({.name = "Set-Cookie", .value = t.asCookie(req.isSecure)});
+                }
                return u;
            }
        }
@@ -84,7 +88,7 @@ http::auth::AuthRequiredResource::AuthRequiredResource(const std::string &path,
    BasicResource(path), provider_(provider), generator_(std::move(generator)), perms(perms) {}

 void http::auth::AuthRequiredResource::handle(const server::Request &req, server::Reply &rep) {
-    if (auto user = this->provider_.getSession(req)) {
+    if (auto user = this->provider_.getSession(req, rep)) {
        if (user->checkPremisions(this->perms)) {
            this->generator_(req, rep);
            return;