Skip to content
Snippets Groups Projects
Commit b8582dfc authored by Christian Pointner's avatar Christian Pointner
Browse files

auth: only allow logging out a session once

parent dffb71f9
No related branches found
No related tags found
No related merge requests found
......@@ -167,7 +167,7 @@ func getSession(c *gin.Context) {
func deleteSession(c *gin.Context) {
s := getSessionFromBearerToken(c.Request)
if s == nil {
if s == nil || s.State() > SessionStateLoggedIn {
sendHTTPInvalidSessionResponse(c)
return
}
......
......@@ -29,31 +29,31 @@ importer:
normalizer: ffmpeg
### uncomment to enable authentication
# auth:
# sessions:
# ## defaults to 24h
# max-age: 12h
# static:
# engine:
# secret: ${AURA_ENGINE_SECRET}
# readonly: true
# all-shows: true
# oidc:
# issuer-url: http://localhost:8000/openid
# client-id: ${OIDC_CLIENT_ID}
# client-secret: ${OIDC_CLIENT_SECRET}
# callback-url: http://localhost:8040/auth/oidc/callback
# login-timeout: 10m # defaults to 5 Minutes
# passwd:
# admin:
# password: ${ADMIN_PASSWORD}
# all-shows: true
# hugo:
# password: changeme
# readonly: true
# shows:
# - hugo
# - yet-another-hugo-show
auth:
sessions:
## defaults to 24h
max-age: 12h
static:
engine:
secret: ${AURA_ENGINE_SECRET}
readonly: true
all-shows: true
oidc:
issuer-url: http://localhost:8000/openid
client-id: ${OIDC_CLIENT_ID}
client-secret: ${OIDC_CLIENT_SECRET}
callback-url: http://localhost:8040/auth/oidc/callback
login-timeout: 10m # defaults to 5 Minutes
passwd:
admin:
password: ${ADMIN_PASSWORD}
all-shows: true
hugo:
password: changeme
readonly: true
shows:
- hugo
- yet-another-hugo-show
### uncomment to enable CORS headers
### see: https://godoc.org/github.com/rs/cors#Options
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment