Add session lifetime

src/api/v0.rs

@@ -16,6 +16,7 @@ use {
 	bb8::Pool,
 	std::sync::Arc,
 	crate::{
+		time,
 		double_split,
 	},
 };
@@ -58,8 +59,8 @@ async fn auth_get(req: Request<Incoming>, pool: DBPool) -> Json {
 		_ => ""
 	};
 
-	let res = con.query_parse::<(String, String)>(&query!(
-		"SELECT login, uuid FROM bitauth.v0 WHERE session = ?",
+	let res = con.query_parse::<(String, String, u32)>(&query!(
+		"SELECT login, uuid, expire FROM bitauth.v0 WHERE session = ?",
 		session
 	)).await;
 	let _ = con.query_parse::<()>(&query!(
@@ -67,13 +68,15 @@ async fn auth_get(req: Request<Incoming>, pool: DBPool) -> Json {
 		session
 	)).await;
 
-	let (login, uuid) = match res.is_ok() {
-		false => ("".to_owned(), "".to_owned()),
+	let (login, uuid, exp) = match res.is_ok() {
+		false => ("".to_owned(), "".to_owned(), 0),
 		_ => res.unwrap()
 	};
 
-	match login {
-		"" => json!({"error": true, "msg": "Not auth yet"}),
-		_ => json!({"error": false, "login": login, "uuid": uuid})
+	if login.as_str() == "" || exp < time() {
+		json!({"error": true, "msg": "Not auth yet"})
+	}
+	else {
+		json!({"error": false, "login": login, "uuid": uuid})
 	}
 }

src/main.rs

@@ -100,6 +100,8 @@ const DB_PASS: &str = "rootpass12345678";
 const TOKEN_LIFETIME: u32 = 300;
 const REFRESH_LIFETIME: u32 = 2_678_400;
 
+const APIV0_LIFETIME: u32 = 120;
+
 
 #[tokio::main]
 async fn main() -> Result<()> {
@@ -373,11 +375,13 @@ async fn authorize_user(pool: DBPool, token: String, session: String) {
 		r#"INSERT INTO bitauth.v0 {
 			session: ?,
 			login: ?,
-			uuid: ?
+			uuid: ?,
+			expire: ?,
 		}"#,
 		session,
 		login,
-		uuid
+		uuid,
+		time() + APIV0_LIFETIME
 	)).await;
 }
 
@@ -484,7 +488,8 @@ async fn init_tables(pool: DBPool) -> Res<(), SkyError> {
 		CREATE MODEL IF NOT EXISTS bitauth.v0(
 			session: string,
 			login: string,
-			uuid: string
+			uuid: string,
+			expire: uint32,
 		)
 	"#)).await;