From a098a4fcbfe0649cfd9d171e59e822a4bd1b2ec4 Mon Sep 17 00:00:00 2001
From: Thomas Karpiniec <tom.karpiniec@outlook.com>
Date: Mon, 28 Oct 2024 21:17:18 +1100
Subject: [PATCH 1/1] Clear up logged out and old sessions

---
 server/database.go | 6 ++++++
 server/main.go     | 4 ++++
 2 files changed, 10 insertions(+)

diff --git a/server/database.go b/server/database.go
index 06e5968..5b1361c 100644
--- a/server/database.go
+++ b/server/database.go
@@ -42,6 +42,8 @@ func InitDatabase() {
 	CREATE TABLE IF NOT EXISTS playlist_entries (id INTEGER PRIMARY KEY AUTOINCREMENT, playlist_id INTEGER, position INTEGER, filename TEXT, delay_seconds INTEGER, is_relative INTEGER, CONSTRAINT fk_playlists FOREIGN KEY (playlist_id) REFERENCES playlists(id) ON DELETE CASCADE);
 	CREATE TABLE IF NOT EXISTS radios (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT, token TEXT);
 	CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT UNIQUE, password_hash TEXT, is_admin INTEGER);
+
+	DELETE FROM sessions WHERE expiry < CURRENT_TIMESTAMP;
 	`
 	_, err = db.sqldb.Exec(sqlStmt)
 	if err != nil {
@@ -113,6 +115,10 @@ func (d *Database) ClearOtherSessions(username string, token string) {
 	d.sqldb.Exec("DELETE FROM sessions WHERE username = ? AND token != ?", username, token)
 }
 
+func (d *Database) ClearSession(username string, token string) {
+	d.sqldb.Exec("DELETE FROM sessions WHERE username = ? AND token = ?", username, token)
+}
+
 func (d *Database) SetUserIsAdmin(username string, isAdmin bool) {
 	d.sqldb.Exec("UPDATE users SET is_admin = ? WHERE username = ?", isAdmin, username)
 }
diff --git a/server/main.go b/server/main.go
index 105e858..69d1ca7 100644
--- a/server/main.go
+++ b/server/main.go
@@ -678,6 +678,10 @@ func uploadFile(w http.ResponseWriter, r *http.Request) {
 }
 
 func logOutPage(w http.ResponseWriter, r *http.Request, user User) {
+	cookie, err := r.Cookie("broadcast_session")
+	if err == nil {
+		db.ClearSession(user.Username, cookie.Value)
+	}
 	clearSessionCookie(w)
 	renderHeader(w, "", user)
 	tmpl := template.Must(template.ParseFS(content, "templates/logout.html"))
-- 
2.39.5