From f58c1eabdb42064ab7a656ab69b3377f52e673f5 Mon Sep 17 00:00:00 2001
From: Yukino Song <nutosservice@gmail.com>
Date: Fri, 30 Aug 2024 07:12:38 +0800
Subject: [PATCH] Add expire time to auth cookies

---
 src/confighttp.cpp | 8 ++++++++
 src/confighttp.h   | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/src/confighttp.cpp b/src/confighttp.cpp
index e4beeab9..dea8d411 100644
--- a/src/confighttp.cpp
+++ b/src/confighttp.cpp
@@ -54,6 +54,7 @@ namespace confighttp {
   using req_https_t = std::shared_ptr<typename SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request>;
 
   std::string sessionCookie;
+  static std::chrono::time_point<std::chrono::steady_clock> cookie_creation_time;
 
   enum class op_e {
     ADD,  ///< Add client
@@ -151,6 +152,12 @@ namespace confighttp {
       return false;
     }
 
+    // Cookie has expired
+    if (std::chrono::steady_clock::now() - cookie_creation_time > SESSION_EXPIRE_DURATION) {
+      sessionCookie.clear();
+      return false;
+    }
+
     auto cookies = request->header.find("cookie");
     if (cookies == request->header.end()) {
       return false;
@@ -745,6 +752,7 @@ namespace confighttp {
       }
 
       sessionCookie = crypto::rand_alphabet(64);
+      cookie_creation_time = std::chrono::steady_clock::now();
 
       const SimpleWeb::CaseInsensitiveMultimap headers {
         { "Set-Cookie", "auth=" + sessionCookie + "; Secure; Max-Age=2592000; Path=/" }
diff --git a/src/confighttp.h b/src/confighttp.h
index db202cb6..232ccc7a 100644
--- a/src/confighttp.h
+++ b/src/confighttp.h
@@ -5,14 +5,18 @@
 #pragma once
 
 #include <functional>
+#include <chrono>
 #include <string>
 
 #include "thread_safe.h"
 
 #define WEB_DIR SUNSHINE_ASSETS_DIR "/web/"
 
+using namespace std::chrono_literals;
+
 namespace confighttp {
   constexpr auto PORT_HTTPS = 1;
+  constexpr auto SESSION_EXPIRE_DURATION = 24h * 15;
   void
   start();
 }  // namespace confighttp