From 7389f7012829c5f7c458d70f8db485242eb155e3 Mon Sep 17 00:00:00 2001 From: LittleSheep Date: Sat, 29 Mar 2025 15:32:20 +0800 Subject: [PATCH] :passport_control: Clear auth context cache when logout for security --- go.mod | 2 +- go.sum | 2 ++ pkg/internal/services/auth.go | 3 +-- pkg/internal/web/api/security_api.go | 5 +++++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 38bd28d..a2bd002 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module git.solsynth.dev/hypernet/passport go 1.23.2 require ( - git.solsynth.dev/hypernet/nexus v0.0.0-20250329072130-f113ae6cbaf7 + git.solsynth.dev/hypernet/nexus v0.0.0-20250329072729-4a08fd8f1c46 git.solsynth.dev/hypernet/paperclip v0.0.0-20250310151112-1d866f317f47 git.solsynth.dev/hypernet/pusher v0.0.0-20250216145944-5fb769823a88 git.solsynth.dev/hypernet/wallet v0.0.0-20250323095812-468cd655f886 diff --git a/go.sum b/go.sum index b1108ca..119bd8b 100644 --- a/go.sum +++ b/go.sum @@ -2,6 +2,8 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= git.solsynth.dev/hypernet/nexus v0.0.0-20250329072130-f113ae6cbaf7 h1:0OitkUQJ3hrobm71UHETLB9N6jTgm6jKTeGRJuBI/6E= git.solsynth.dev/hypernet/nexus v0.0.0-20250329072130-f113ae6cbaf7/go.mod h1:5tk62VQ1DcbR0EAN2jAOqYxHiegUPEC805JlfQ/G19I= +git.solsynth.dev/hypernet/nexus v0.0.0-20250329072729-4a08fd8f1c46 h1:oH2jq7ZG5cslCULUMWqv4dS/YNvd+Xcuv4rBPj0uGA8= +git.solsynth.dev/hypernet/nexus v0.0.0-20250329072729-4a08fd8f1c46/go.mod h1:5tk62VQ1DcbR0EAN2jAOqYxHiegUPEC805JlfQ/G19I= git.solsynth.dev/hypernet/paperclip v0.0.0-20250310151112-1d866f317f47 h1:fvu+bNKPTNtQocssnKbEZ66MqR0iBfAxY3HwlqnmYyE= git.solsynth.dev/hypernet/paperclip v0.0.0-20250310151112-1d866f317f47/go.mod h1:jvxq2qftz2v72x+24+cTFJdQKr9eHQTdk3KVR7cx36s= git.solsynth.dev/hypernet/pusher v0.0.0-20250216145944-5fb769823a88 h1:2HEENe9KUrdaJeNBzx9lsuXQGyzWqCgnLTKQnr8xFr8= diff --git a/pkg/internal/services/auth.go b/pkg/internal/services/auth.go index c911f24..7c62692 100644 --- a/pkg/internal/services/auth.go +++ b/pkg/internal/services/auth.go @@ -31,7 +31,7 @@ func Authenticate(sessionId uint) (ctx models.AuthTicket, perms map[string]any, } func KgAuthContextCache(sessionId uint) string { - return fmt.Sprintf("auth-context#%d", sessionId) + return cachekit.FKey("auth-context", sessionId) } func GetAuthContext(sessionId uint) (models.AuthTicket, error) { @@ -59,7 +59,6 @@ func CacheAuthContext(sessionId uint) (models.AuthTicket, error) { var ticket models.AuthTicket if err := database.C. Where("id = ?", sessionId). - Preload("Account"). First(&ticket).Error; err != nil { return ticket, fmt.Errorf("invalid auth ticket: %v", err) } else if err := ticket.IsAvailable(); err != nil { diff --git a/pkg/internal/web/api/security_api.go b/pkg/internal/web/api/security_api.go index 73045f6..73ceb9f 100644 --- a/pkg/internal/web/api/security_api.go +++ b/pkg/internal/web/api/security_api.go @@ -1,8 +1,11 @@ package api import ( + "git.solsynth.dev/hypernet/nexus/pkg/nex/cachekit" "git.solsynth.dev/hypernet/passport/pkg/authkit/models" "git.solsynth.dev/hypernet/passport/pkg/internal/database" + "git.solsynth.dev/hypernet/passport/pkg/internal/gap" + "git.solsynth.dev/hypernet/passport/pkg/internal/services" "git.solsynth.dev/hypernet/passport/pkg/internal/web/exts" "github.com/gofiber/fiber/v2" ) @@ -51,6 +54,8 @@ func deleteTicket(c *fiber.Ctx) error { AccountID: user.ID, }).Error; err != nil { return fiber.NewError(fiber.StatusNotFound, err.Error()) + } else { + cachekit.Delete(gap.Ca, services.KgAuthContextCache(uint(id))) } return c.SendStatus(fiber.StatusOK)