Add expire time to auth cookies

src/confighttp.cpp

@@ -54,6 +54,7 @@ namespace confighttp {
   using req_https_t = std::shared_ptr<typename SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request>;
 
   std::string sessionCookie;
+  static std::chrono::time_point<std::chrono::steady_clock> cookie_creation_time;
 
   enum class op_e {
     ADD,  ///< Add client
@@ -151,6 +152,12 @@ namespace confighttp {
       return false;
     }
 
+    // Cookie has expired
+    if (std::chrono::steady_clock::now() - cookie_creation_time > SESSION_EXPIRE_DURATION) {
+      sessionCookie.clear();
+      return false;
+    }
+
     auto cookies = request->header.find("cookie");
     if (cookies == request->header.end()) {
       return false;
@@ -745,6 +752,7 @@ namespace confighttp {
       }
 
       sessionCookie = crypto::rand_alphabet(64);
+      cookie_creation_time = std::chrono::steady_clock::now();
 
       const SimpleWeb::CaseInsensitiveMultimap headers {
         { "Set-Cookie", "auth=" + sessionCookie + "; Secure; Max-Age=2592000; Path=/" }

src/confighttp.h

@@ -5,14 +5,18 @@
 #pragma once
 
 #include <functional>
+#include <chrono>
 #include <string>
 
 #include "thread_safe.h"
 
 #define WEB_DIR SUNSHINE_ASSETS_DIR "/web/"
 
+using namespace std::chrono_literals;
+
 namespace confighttp {
   constexpr auto PORT_HTTPS = 1;
+  constexpr auto SESSION_EXPIRE_DURATION = 24h * 15;
   void
   start();
 }  // namespace confighttp