feat(session): add session inactivity timeout feature

Fixes #52.
2026-05-21 15:52:54 +00:00 · 2022-09-21 14:52:14 +02:00
parent 55a5f357d5
commit aaaaaaa38d
8 changed files with 384 additions and 69 deletions
--- a/pkg/handler/api/session/session.go
+++ b/pkg/handler/api/session/session.go
@@ -20,15 +20,18 @@ func Handler(src Source, w http.ResponseWriter, r *http.Request) {

 	data, err := src.GetSessions().Get(r)
 	if err != nil {
-		if errors.Is(err, session.ErrCookieNotFound) || errors.Is(err, session.ErrKeyNotFound) {
+		switch {
+		case errors.Is(err, session.ErrCookieNotFound), errors.Is(err, session.ErrKeyNotFound):
 			logger.Infof("session/info: getting session: %+v", err)
 			w.WriteHeader(http.StatusUnauthorized)
 			return
+		case errors.Is(err, session.ErrSessionInactive):
+			// do nothing; we want to return metadata even if the session is inactive
+		default:
+			logger.Warnf("session/info: getting session: %+v", err)
+			w.WriteHeader(http.StatusInternalServerError)
+			return
 		}
-
-		logger.Warnf("session/info: getting session: %+v", err)
-		w.WriteHeader(http.StatusInternalServerError)
-		return
 	}

 	w.Header().Set("Content-Type", "application/json")
--- a/pkg/handler/api/sessionrefresh/sessionrefresh.go
+++ b/pkg/handler/api/sessionrefresh/sessionrefresh.go
@@ -25,14 +25,14 @@ func Handler(src Source, w http.ResponseWriter, r *http.Request) {

 	data, err := src.GetSessions().Get(r)
 	if err != nil {
-		if errors.Is(err, session.ErrKeyNotFound) {
+		switch {
+		case errors.Is(err, session.ErrKeyNotFound), errors.Is(err, session.ErrSessionInactive):
 			logger.Infof("session/refresh: getting session: %+v", err)
 			w.WriteHeader(http.StatusUnauthorized)
-			return
+		default:
+			logger.Warnf("session/refresh: getting session: %+v", err)
+			w.WriteHeader(http.StatusInternalServerError)
 		}
-
-		logger.Warnf("session/refresh: getting session: %+v", err)
-		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}