github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-04-29 11:00:07 -05:00
Code Issues 690 Packages Projects Releases 11 Wiki Activity
Files
19d77157e25243d4a0b8abc89ef9e0b200737136
vikunja/pkg/models/sessions_permissions.go
kolaente b3d0b2f697 feat: add Session model with CRUD, permissions, and cleanup cron 
- Session struct with UUID primary key, hashed refresh token, device
  info, IP address, and last-active tracking
- Token generation via generateHashedToken (SHA-256, 128 random bytes)
- CreateSession, GetSessionByRefreshToken, GetSessionByID
- Atomic RotateRefreshToken with WHERE on old hash to prevent replays
- ReadAll scoped to authenticated user (link shares rejected)
- Delete scoped to owning user (link shares rejected)
- Hourly cleanup cron for expired sessions based on is_long_session
- ErrSessionNotFound error type with HTTP 404 mapping
2026-02-25 10:30:25 +01:00

44 lines
1.3 KiB
Go
Raw Blame History

// Vikunja is a to-do list application to facilitate your life.
// Copyright 2018-present Vikunja and contributors. All rights reserved.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package models
import (
"code.vikunja.io/api/pkg/web"
"xorm.io/xorm"
)
func (sess *Session) CanDelete(s *xorm.Session, a web.Auth) (bool, error) {
// Link share tokens must not be able to delete user sessions.
if _, is := a.(*LinkSharing); is {
return false, nil
}
session, err := GetSessionByID(s, sess.ID)
if err != nil {
return false, err
}
if session.UserID != a.GetID() {
return false, nil
}
*sess = *session
return true, nil
}
func (sess *Session) CanCreate(_ *xorm.Session, _ web.Auth) (bool, error) {
return true, nil
}
Reference in New Issue View Git Blame Copy Permalink