feat: make user session timeout configurable (#2753)

Co-authored-by: Oleg Lobanov <oleg@lobanov.me>
pull/2800/head
Dardan 2023-11-02 22:01:56 +01:00 committed by GitHub
parent c3079d30e2
commit 7fabadc871
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 42 additions and 21 deletions

View File

@ -16,7 +16,7 @@ import (
)
const (
TokenExpirationTime = time.Hour * 2
DefaultTokenExpirationTime = time.Hour * 2
)
type userInfo struct {
@ -101,7 +101,8 @@ func withAdmin(fn handleFunc) handleFunc {
})
}
var loginHandler = func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
func loginHandler(tokenExpireTime time.Duration) handleFunc {
return func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
auther, err := d.store.Auth.Get(d.settings.AuthMethod)
if err != nil {
return http.StatusInternalServerError, err
@ -113,7 +114,8 @@ var loginHandler = func(w http.ResponseWriter, r *http.Request, d *data) (int, e
} else if err != nil {
return http.StatusInternalServerError, err
} else {
return printToken(w, r, d, user)
return printToken(w, r, d, user, tokenExpireTime)
}
}
}
@ -172,12 +174,14 @@ var signupHandler = func(w http.ResponseWriter, r *http.Request, d *data) (int,
return http.StatusOK, nil
}
var renewHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
func renewHandler(tokenExpireTime time.Duration) handleFunc {
return withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
w.Header().Set("X-Renew-Token", "false")
return printToken(w, r, d, d.user)
})
return printToken(w, r, d, d.user, tokenExpireTime)
})
}
func printToken(w http.ResponseWriter, _ *http.Request, d *data, user *users.User) (int, error) {
func printToken(w http.ResponseWriter, _ *http.Request, d *data, user *users.User, tokenExpirationTime time.Duration) (int, error) {
claims := &authToken{
User: userInfo{
ID: user.ID,
@ -192,7 +196,7 @@ func printToken(w http.ResponseWriter, _ *http.Request, d *data, user *users.Use
},
RegisteredClaims: jwt.RegisteredClaims{
IssuedAt: jwt.NewNumericDate(time.Now()),
ExpiresAt: jwt.NewNumericDate(time.Now().Add(TokenExpirationTime)),
ExpiresAt: jwt.NewNumericDate(time.Now().Add(tokenExpirationTime)),
Issuer: "File Browser",
},
}

View File

@ -48,9 +48,10 @@ func NewHandler(
api := r.PathPrefix("/api").Subrouter()
api.Handle("/login", monkey(loginHandler, ""))
tokenExpirationTime := server.GetTokenExpirationTime(DefaultTokenExpirationTime)
api.Handle("/login", monkey(loginHandler(tokenExpirationTime), ""))
api.Handle("/signup", monkey(signupHandler, ""))
api.Handle("/renew", monkey(renewHandler, ""))
api.Handle("/renew", monkey(renewHandler(tokenExpirationTime), ""))
users := api.PathPrefix("/users").Subrouter()
users.Handle("", monkey(usersGetHandler, "")).Methods("GET")

View File

@ -2,7 +2,9 @@ package settings
import (
"crypto/rand"
"log"
"strings"
"time"
"github.com/filebrowser/filebrowser/v2/rules"
)
@ -47,6 +49,7 @@ type Server struct {
EnableExec bool `json:"enableExec"`
TypeDetectionByHeader bool `json:"typeDetectionByHeader"`
AuthHook string `json:"authHook"`
TokenExpirationTime string `json:"tokenExpirationTime"`
}
// Clean cleans any variables that might need cleaning.
@ -54,6 +57,19 @@ func (s *Server) Clean() {
s.BaseURL = strings.TrimSuffix(s.BaseURL, "/")
}
func (s *Server) GetTokenExpirationTime(fallback time.Duration) time.Duration {
if s.TokenExpirationTime == "" {
return fallback
}
if duration, err := time.ParseDuration(s.TokenExpirationTime); err == nil {
return duration
} else {
log.Printf("[WARN] Failed to parse tokenExpirationTime: %v", err)
return fallback
}
}
// GenerateKey generates a key of 512 bits.
func GenerateKey() ([]byte, error) {
b := make([]byte, 64) //nolint:gomnd