Theodor-Springmann-Stiftung/musenalm
1
0
Fork 0
mirror of https://github.com/Theodor-Springmann-Stiftung/musenalm.git synced 2025-10-29 09:15:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: store hashed session tokens

Browse Source
This commit is contained in:
Simon Martens
2025-05-29 03:20:35 +02:00
parent e0bb939764
commit 0d0918fb5d
4 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
middleware/authenticated.go
View File

@@ -32,7 +32,8 @@ func Authenticated(app core.App) func(*core.RequestEvent) error {
user, session, loaded := SESSION_CACHE.Get(cookie.Value)
if !loaded {
record, err := app.FindFirstRecordByData(dbmodels.SESSIONS_TABLE, dbmodels.SESSIONS_TOKEN_FIELD, cookie.Value)
hashedsession := dbmodels.HashStringSHA256(cookie.Value)
record, err := app.FindFirstRecordByData(dbmodels.SESSIONS_TABLE, dbmodels.SESSIONS_TOKEN_FIELD, hashedsession)
if err != nil {
e.SetCookie(deact_cookie)
e.Response.Header().Set("Clear-Site-Data", "\"cookies\"")