Mercurial > gemma
comparison pkg/auth/session.go @ 2639:0db742c7813d
Make session timeout configurable
Useful e.g. for testing, long running scripts, coping with a client
clock which is more than 3 hours fast and maybe more.
Even configuring a timeout <= 0 might be useful to actually prevent
clients from doing anything.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Thu, 14 Mar 2019 11:15:43 +0100 |
parents | 20b9c3f261db |
children | 7cccf7fef3e8 |
comparison
equal
deleted
inserted
replaced
2638:6c1730fc3dc1 | 2639:0db742c7813d |
---|---|
19 "io" | 19 "io" |
20 "sync" | 20 "sync" |
21 "time" | 21 "time" |
22 | 22 |
23 "gemma.intevation.de/gemma/pkg/common" | 23 "gemma.intevation.de/gemma/pkg/common" |
24 "gemma.intevation.de/gemma/pkg/config" | |
24 "gemma.intevation.de/gemma/pkg/misc" | 25 "gemma.intevation.de/gemma/pkg/misc" |
25 ) | 26 ) |
26 | 27 |
27 // Roles is a list of roles a logged in user has. | 28 // Roles is a list of roles a logged in user has. |
28 type Roles []string | 29 type Roles []string |
64 return false | 65 return false |
65 } | 66 } |
66 | 67 |
67 const ( | 68 const ( |
68 sessionKeyLength = 20 | 69 sessionKeyLength = 20 |
69 maxTokenValid = time.Hour * 3 | |
70 ) | 70 ) |
71 | 71 |
72 // newSession creates a new session. | 72 // newSession creates a new session. |
73 func newSession(user, password string, roles Roles) *Session { | 73 func newSession(user, password string, roles Roles) *Session { |
74 | 74 |
75 // Create the Claims | 75 // Create the Claims |
76 return &Session{ | 76 return &Session{ |
77 ExpiresAt: time.Now().Add(maxTokenValid).Unix(), | 77 ExpiresAt: time.Now().Add(config.SessionTimeout()).Unix(), |
78 User: user, | 78 User: user, |
79 Roles: roles, | 79 Roles: roles, |
80 } | 80 } |
81 } | 81 } |
82 | 82 |