clean stale sessions

app/__init__.py

@@ -1,6 +1,6 @@
 from flask import Flask, session, request, render_template
 from dotenv import load_dotenv
-from .models import Avatars, Users, PostHistory, Posts, MOTD, BadgeUploads
+from .models import Avatars, Users, PostHistory, Posts, MOTD, BadgeUploads, Sessions
 from .auth import digest
 from .routes.users import is_logged_in, get_active_user, get_prefers_theme
 from .constants import (
@@ -138,6 +138,16 @@ def bind_default_badges(path):
                     'uploaded_at': int(os.path.getmtime(real_path)),
                 })
 
+def clear_stale_sessions():
+    from .db import db
+    with db.transaction():
+        now = int(time.time())
+        stale_sessions = Sessions.findall([
+            ('expires_at', '<', now)
+        ])
+        for sess in stale_sessions:
+            sess.delete()
+
 
 cache = Cache()
 
@@ -226,6 +236,8 @@ def create_app():
         create_admin()
         create_deleted_user()
 
+        clear_stale_sessions()
+
         reparse_babycode()
 
         bind_default_badges(app.config['BADGES_PATH'])

app/routes/users.py

@@ -74,7 +74,17 @@ def validate_and_create_badge(input_image, filename):
         return False
 
 def is_logged_in():
-    return "pyrom_session_key" in session
+    if "pyrom_session_key" not in session:
+        return False
+    sess = Sessions.find({"key": session["pyrom_session_key"]})
+    if not sess:
+        return False
+    if sess.expires_at < int(time.time()):
+        session.clear()
+        sess.delete()
+        flash('Your session expired.;Please log in again.', InfoboxKind.INFO)
+        return False
+    return True
 
 
 def get_active_user():
@@ -83,6 +93,8 @@ def get_active_user():
     sess = Sessions.find({"key": session["pyrom_session_key"]})
     if not sess:
         return None
+    if sess.expires_at < int(time.time()):
+        return None
     return Users.find({"id": sess.user_id})