🛂 Clear auth context cache when logout for security

2025-03-29 15:32:20 +08:00 · 2025-03-29 15:32:20 +08:00 · 7389f70128
commit 7389f70128
parent cc7c96311f
4 changed files with 9 additions and 3 deletions
--- a/go.mod
+++ b/go.mod
@ -3,7 +3,7 @@ module git.solsynth.dev/hypernet/passport
 go 1.23.2

 require (
-	git.solsynth.dev/hypernet/nexus v0.0.0-20250329072130-f113ae6cbaf7
+	git.solsynth.dev/hypernet/nexus v0.0.0-20250329072729-4a08fd8f1c46
 	git.solsynth.dev/hypernet/paperclip v0.0.0-20250310151112-1d866f317f47
 	git.solsynth.dev/hypernet/pusher v0.0.0-20250216145944-5fb769823a88
 	git.solsynth.dev/hypernet/wallet v0.0.0-20250323095812-468cd655f886
--- a/go.sum
+++ b/go.sum
@ -2,6 +2,8 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 git.solsynth.dev/hypernet/nexus v0.0.0-20250329072130-f113ae6cbaf7 h1:0OitkUQJ3hrobm71UHETLB9N6jTgm6jKTeGRJuBI/6E=
 git.solsynth.dev/hypernet/nexus v0.0.0-20250329072130-f113ae6cbaf7/go.mod h1:5tk62VQ1DcbR0EAN2jAOqYxHiegUPEC805JlfQ/G19I=
+git.solsynth.dev/hypernet/nexus v0.0.0-20250329072729-4a08fd8f1c46 h1:oH2jq7ZG5cslCULUMWqv4dS/YNvd+Xcuv4rBPj0uGA8=
+git.solsynth.dev/hypernet/nexus v0.0.0-20250329072729-4a08fd8f1c46/go.mod h1:5tk62VQ1DcbR0EAN2jAOqYxHiegUPEC805JlfQ/G19I=
 git.solsynth.dev/hypernet/paperclip v0.0.0-20250310151112-1d866f317f47 h1:fvu+bNKPTNtQocssnKbEZ66MqR0iBfAxY3HwlqnmYyE=
 git.solsynth.dev/hypernet/paperclip v0.0.0-20250310151112-1d866f317f47/go.mod h1:jvxq2qftz2v72x+24+cTFJdQKr9eHQTdk3KVR7cx36s=
 git.solsynth.dev/hypernet/pusher v0.0.0-20250216145944-5fb769823a88 h1:2HEENe9KUrdaJeNBzx9lsuXQGyzWqCgnLTKQnr8xFr8=
--- a/pkg/internal/services/auth.go
+++ b/pkg/internal/services/auth.go
@ -31,7 +31,7 @@ func Authenticate(sessionId uint) (ctx models.AuthTicket, perms map[string]any,
 }

 func KgAuthContextCache(sessionId uint) string {
-	return fmt.Sprintf("auth-context#%d", sessionId)
+	return cachekit.FKey("auth-context", sessionId)
 }

 func GetAuthContext(sessionId uint) (models.AuthTicket, error) {
@ -59,7 +59,6 @@ func CacheAuthContext(sessionId uint) (models.AuthTicket, error) {
 	var ticket models.AuthTicket
 	if err := database.C.
 		Where("id = ?", sessionId).
-		Preload("Account").
 		First(&ticket).Error; err != nil {
 		return ticket, fmt.Errorf("invalid auth ticket: %v", err)
 	} else if err := ticket.IsAvailable(); err != nil {
--- a/pkg/internal/web/api/security_api.go
+++ b/pkg/internal/web/api/security_api.go
@ -1,8 +1,11 @@
 package api

 import (
+	"git.solsynth.dev/hypernet/nexus/pkg/nex/cachekit"
 	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
 	"git.solsynth.dev/hypernet/passport/pkg/internal/database"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/gap"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/services"
 	"git.solsynth.dev/hypernet/passport/pkg/internal/web/exts"
 	"github.com/gofiber/fiber/v2"
 )
@ -51,6 +54,8 @@ func deleteTicket(c *fiber.Ctx) error {
 		AccountID: user.ID,
 	}).Error; err != nil {
 		return fiber.NewError(fiber.StatusNotFound, err.Error())
+	} else {
+		cachekit.Delete(gap.Ca, services.KgAuthContextCache(uint(id)))
 	}

 	return c.SendStatus(fiber.StatusOK)