diff --git a/internal/api/csrf_store.go b/internal/api/csrf_store.go index aaec335f4..b743bc693 100644 --- a/internal/api/csrf_store.go +++ b/internal/api/csrf_store.go @@ -99,15 +99,6 @@ func (c *CSRFTokenStore) backgroundWorker() { } } -// Stop gracefully stops the CSRF store -func (c *CSRFTokenStore) Stop() { - c.stopOnce.Do(func() { - c.saveTicker.Stop() - close(c.stopChan) // Close instead of send to signal all readers - c.save() - }) -} - // GenerateCSRFToken creates a new CSRF token for a session func (c *CSRFTokenStore) GenerateCSRFToken(sessionID string) string { tokenBytes := make([]byte, 32) @@ -150,18 +141,6 @@ func (c *CSRFTokenStore) ValidateCSRFToken(sessionID, token string) bool { return subtle.ConstantTimeCompare([]byte(csrfToken.Hash), []byte(csrfTokenHash(token))) == 1 } -// ExtendCSRFToken extends the expiration of a CSRF token -func (c *CSRFTokenStore) ExtendCSRFToken(sessionID string) { - c.mu.Lock() - defer c.mu.Unlock() - - key := csrfSessionKey(sessionID) - if csrfToken, exists := c.tokens[key]; exists { - csrfToken.Expires = time.Now().Add(4 * time.Hour) - c.saveUnsafe() - } -} - // DeleteCSRFToken removes a CSRF token func (c *CSRFTokenStore) DeleteCSRFToken(sessionID string) { c.mu.Lock() diff --git a/internal/api/recovery_tokens.go b/internal/api/recovery_tokens.go index fa0a2dc46..d72d7e8aa 100644 --- a/internal/api/recovery_tokens.go +++ b/internal/api/recovery_tokens.go @@ -90,46 +90,6 @@ func (r *RecoveryTokenStore) GenerateRecoveryToken(duration time.Duration) (stri return tokenStr, nil } -// ValidateRecoveryToken checks if a recovery token is valid -func (r *RecoveryTokenStore) ValidateRecoveryToken(tokenStr string, ip string) bool { - r.mu.Lock() - defer r.mu.Unlock() - - token, exists := r.tokens[tokenStr] - if !exists { - log.Warn().Str("ip", ip).Msg("Invalid recovery token attempted") - return false - } - - // Check if expired - if time.Now().After(token.ExpiresAt) { - log.Warn().Str("token", tokenStr[:8]+"...").Msg("Expired recovery token attempted") - return false - } - - // Check if already used - if token.Used { - log.Warn(). - Str("token", tokenStr[:8]+"..."). - Time("used_at", token.UsedAt). - Msg("Already used recovery token attempted") - return false - } - - // Mark as used - token.Used = true - token.UsedAt = time.Now() - token.IP = ip - r.saveUnsafe() - - log.Info(). - Str("token", tokenStr[:8]+"..."). - Str("ip", ip). - Msg("Recovery token successfully used") - - return true -} - // ValidateRecoveryTokenConstantTime validates token with constant-time comparison func (r *RecoveryTokenStore) ValidateRecoveryTokenConstantTime(providedToken string, ip string) bool { // Use constant-time comparison to prevent timing attacks @@ -195,11 +155,6 @@ func (r *RecoveryTokenStore) cleanupRoutine() { } } -// Stop stops the cleanup routine -func (r *RecoveryTokenStore) Stop() { - close(r.stopCleanup) -} - // cleanup removes expired and used tokens func (r *RecoveryTokenStore) cleanup() { r.mu.Lock() @@ -222,13 +177,6 @@ func (r *RecoveryTokenStore) cleanup() { } } -// save persists tokens to disk -func (r *RecoveryTokenStore) save() { - r.mu.RLock() - defer r.mu.RUnlock() - r.saveUnsafe() -} - // saveUnsafe saves without locking (caller must hold lock) func (r *RecoveryTokenStore) saveUnsafe() { tokensFile := filepath.Join(r.dataPath, "recovery_tokens.json") @@ -291,18 +239,3 @@ func (r *RecoveryTokenStore) load() { log.Info().Int("loaded", loaded).Int("total", len(tokens)).Msg("Recovery tokens loaded from disk") } - -// GetActiveTokenCount returns the number of active (unused, unexpired) tokens -func (r *RecoveryTokenStore) GetActiveTokenCount() int { - r.mu.RLock() - defer r.mu.RUnlock() - - count := 0 - now := time.Now() - for _, token := range r.tokens { - if !token.Used && now.Before(token.ExpiresAt) { - count++ - } - } - return count -} diff --git a/internal/api/session_store.go b/internal/api/session_store.go index f4afd65e5..cb4e5ac6e 100644 --- a/internal/api/session_store.go +++ b/internal/api/session_store.go @@ -77,15 +77,6 @@ func (s *SessionStore) backgroundWorker() { } } -// Stop gracefully stops the session store -func (s *SessionStore) Stop() { - s.stopOnce.Do(func() { - s.saveTicker.Stop() - close(s.stopChan) // Use close instead of send to signal all readers - s.save() - }) -} - // CreateSession creates a new session func (s *SessionStore) CreateSession(token string, duration time.Duration, userAgent, ip string) { s.mu.Lock() @@ -142,17 +133,6 @@ func (s *SessionStore) ValidateAndExtendSession(token string) bool { return true } -// ExtendSession extends the expiration of a session -func (s *SessionStore) ExtendSession(token string, duration time.Duration) { - s.mu.Lock() - defer s.mu.Unlock() - - if session, exists := s.sessions[sessionHash(token)]; exists { - session.ExpiresAt = time.Now().Add(duration) - s.saveUnsafe() - } -} - // DeleteSession removes a session func (s *SessionStore) DeleteSession(token string) { s.mu.Lock() @@ -162,19 +142,6 @@ func (s *SessionStore) DeleteSession(token string) { s.saveUnsafe() } -// GetSession returns session data if it exists and is valid -func (s *SessionStore) GetSession(token string) *SessionData { - s.mu.RLock() - defer s.mu.RUnlock() - - session, exists := s.sessions[sessionHash(token)] - if !exists || time.Now().After(session.ExpiresAt) { - return nil - } - - return session -} - // cleanup removes expired sessions func (s *SessionStore) cleanup() { s.mu.Lock()