diff --git a/lib/CharmBoard.pm b/lib/CharmBoard.pm index 4aed698..5f789a0 100644 --- a/lib/CharmBoard.pm +++ b/lib/CharmBoard.pm @@ -102,6 +102,42 @@ sub startup { # now nuke the actual session cookie $self->session(expires => 1); }); + ## verify session + $self->helper(session_verify => sub { + my $self = shift; + + # get info from user's session cookie and store it in vars + my $_user_id = $self->session('user_id'); + my $_session_key = $self->session('session_key'); + + my $_validity = 1; + my $_catch_error; + + try { + # check to see if session with this id is present in db + ($self->schema->resultset('Session')->search + ({ 'session_key' => $_session_key }) + ->get_column('session_key')->first) + or die; + + # check to see if the current session key's user id matches + # that of the user id in the database + $_user_id == ($self->schema->resultset('Session')-> + session_uid($_session_key)) + or die; + + # check if session is still within valid time as recorded in + # the db + time < ($self->schema->resultset('Session')-> + session_expiry($_session_key)) + or die; + } catch ($_catch_error) { + $_validity = undef; + $self->session_destroy; + } + + return $_validity; + }); # router my $r = $self->routes; diff --git a/lib/CharmBoard/Model/Schema/Set/Session.pm b/lib/CharmBoard/Model/Schema/Set/Session.pm new file mode 100644 index 0000000..956b5ec --- /dev/null +++ b/lib/CharmBoard/Model/Schema/Set/Session.pm @@ -0,0 +1,28 @@ +package CharmBoard::Model::Schema::Set::Session; + +use utf8; +use strict; +use warnings; +use experimental qw(try); +use feature ':5.20'; + +use base 'DBIx::Class::ResultSet'; + +sub session_uid { + my $set = shift; + + return ( + $set->search({ 'session_key' => $_[0] })->get_column('user_id') + ->first) +} + +sub session_expiry { + my $set = shift; + + return ( + $set->search({ 'session_key' => $_[0] })->get_column('session_expiry') + ->first) +} + +1; +__END__ \ No newline at end of file