commit 35ed37cd0383836418975052c2d3427ce7040d26
parent a968429caee03cd69d5e2d45c1adc5b41c5716f3
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Sat, 30 Dec 2023 12:33:52 -0500
rate limit "last_seen_at"
Diffstat:
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/pkg/web/middlewares/middlewares.go b/pkg/web/middlewares/middlewares.go
@@ -2,6 +2,7 @@ package middlewares
import (
"dkforest/bindata"
+ "dkforest/pkg/cache"
"dkforest/pkg/web/clientFrontends"
hutils "dkforest/pkg/web/handlers/utils"
"net"
@@ -273,6 +274,8 @@ func SetUserMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
}
}
+var lastSeenCache = cache.NewWithKey[database.UserID, struct{}](time.Second, time.Minute)
+
// IsAuthMiddleware will ensure user is authenticated.
// - Find user from context
// - If user is empty, redirect to home
@@ -295,8 +298,11 @@ func IsAuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
c.Response().Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
- now := time.Now()
- db.DB().Exec("UPDATE users SET last_seen_at = ?, updated_at = ? WHERE id = ?", now, now, int64(user.ID))
+ if !lastSeenCache.Has(user.ID) {
+ now := time.Now()
+ db.DB().Exec("UPDATE users SET last_seen_at = ?, updated_at = ? WHERE id = ?", now, now, int64(user.ID))
+ lastSeenCache.SetD(user.ID, struct{}{})
+ }
// Prevent clickjacking by setting the header on every logged in page
if !strings.Contains(c.Path(), "/chess/:key/form") &&
