feat: session without autosignin will expire

Signed-off-by: Kininaru <shiftregister233@outlook.com>

controllers/account.go

@@ -52,6 +52,8 @@ type RequestForm struct {
 	EmailCode   string `json:"emailCode"`
 	PhoneCode   string `json:"phoneCode"`
 	PhonePrefix string `json:"phonePrefix"`
+
+	AutoSignin bool `json:"autoSignin"`
 }
 
 type Response struct {
@@ -185,6 +187,7 @@ func (c *ApiController) Logout() {
 	util.LogInfo(c.Ctx, "API: [%s] logged out", user)
 
 	c.SetSessionUsername("")
+	c.SetSessionData(nil)
 
 	resp = Response{Status: "ok", Msg: "", Data: user}
 

controllers/auth.go

@@ -19,6 +19,7 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+	"time"
 
 	"github.com/astaxie/beego"
 	"github.com/casdoor/casdoor/idp"
@@ -58,6 +59,16 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 	} else {
 		resp = &Response{Status: "error", Msg: fmt.Sprintf("Unknown response type: %s", form.Type)}
 	}
+
+	// if user did not check auto signin
+	if resp.Status == "ok" && !form.AutoSignin {
+		timestamp := time.Now().Unix()
+		timestamp += 3600 * 24
+		c.SetSessionData(&SessionData{
+			ExpireTime: timestamp,
+		})
+	}
+
 	return resp
 }
 

controllers/base.go

@@ -14,13 +14,32 @@
 
 package controllers
 
-import "github.com/astaxie/beego"
+import (
+	"time"
+
+	"github.com/astaxie/beego"
+	"github.com/casdoor/casdoor/util"
+)
 
 type ApiController struct {
 	beego.Controller
 }
 
+type SessionData struct {
+	ExpireTime int64
+}
+
 func (c *ApiController) GetSessionUsername() string {
+	// check if user session expired
+	sessionData := c.GetSessionData()
+	if sessionData != nil &&
+		sessionData.ExpireTime != 0 &&
+		sessionData.ExpireTime < time.Now().Unix() {
+		c.SetSessionUsername("")
+		c.SetSessionData(nil)
+		return ""
+	}
+
 	user := c.GetSession("username")
 	if user == nil {
 		return ""
@@ -33,6 +52,30 @@ func (c *ApiController) SetSessionUsername(user string) {
 	c.SetSession("username", user)
 }
 
+func (c *ApiController) GetSessionData() *SessionData {
+	session := c.GetSession("SessionData")
+	if session == nil {
+		return nil
+	}
+
+	sessionData := &SessionData{}
+	err := util.JsonToStruct(session.(string), sessionData)
+	if err != nil {
+		panic(err)
+	}
+
+	return sessionData
+}
+
+func (c *ApiController) SetSessionData(s *SessionData) {
+	if s == nil {
+		c.DelSession("SessionData")
+		return
+	}
+
+	c.SetSession("SessionData", util.StructToJson(s))
+}
+
 func wrapActionResponse(affected bool) *Response {
 	if affected {
 		return &Response{Status: "ok", Msg: "", Data: "Affected"}

util/json.go

@@ -25,3 +25,7 @@ func StructToJson(v interface{}) string {
 
 	return string(data)
 }
+
+func JsonToStruct(data string, v interface{}) error {
+	return json.Unmarshal([]byte(data), v)
+}

web/src/auth/LoginPage.js

@@ -278,7 +278,7 @@ class LoginPage extends React.Component {
             />
           </Form.Item>
           <Form.Item>
-            <Form.Item name="remember" valuePropName="checked" noStyle>
+            <Form.Item name="autoSignin" valuePropName="checked" noStyle>
               <Checkbox style={{float: "left"}} disabled={!application.enablePassword}>
                 {i18next.t("login:Auto login")}
               </Checkbox>