WebServer/src/main/java/github/openautonomousconnection/webserver/SessionManager.java

package github.openautonomousconnection.webserver;

import lombok.Getter;

import java.io.IOException;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

public class SessionManager {

    private static final Map<String, Session> sessions = new ConcurrentHashMap<>();
    private static final SecureRandom secureRandom = new SecureRandom();

    private static class Session {
        @Getter
        String login;
        String ip;
        String userAgent;
        long expiresAt;

        Session(String login, String ip, String userAgent) throws IOException {
            this.login = login;
            this.ip = ip;
            this.userAgent = userAgent;
            this.expiresAt = System.currentTimeMillis() + (long) Main.getConfigurationManager().getInt("sessionexpireminutes") * 60 * 1000;;;
        }

        boolean isExpired() {
            return System.currentTimeMillis() > expiresAt;
        }

        boolean matches(String ip, String userAgent) {
            return this.ip.equals(ip) && this.userAgent.equals(userAgent);
        }

        void refresh() throws IOException {
            this.expiresAt = System.currentTimeMillis() + (long) Main.getConfigurationManager().getInt("sessionexpireminutes") * 60 * 1000;;;
        }
    }

    public static String create(String login, String ip, String userAgent) throws IOException {
        byte[] bytes = new byte[32];
        secureRandom.nextBytes(bytes);
        String sessionId = Base64.getUrlEncoder().withoutPadding().encodeToString(bytes);
        sessions.put(sessionId, new Session(login, ip, userAgent));
        return sessionId;
    }

    public static boolean isValid(String sessionId, String ip, String userAgent) throws IOException {
        Session session = sessions.get(sessionId);
        if (session == null || session.isExpired() || !session.matches(ip, userAgent)) {
            sessions.remove(sessionId);
            return false;
        }

        session.refresh();
        return true;
    }

    public static void invalidate(String sessionId) {
        sessions.remove(sessionId);
    }

    public static String getUser(String sessionId) {
        Session session = sessions.get(sessionId);
        if (session == null || session.isExpired()) {
            sessions.remove(sessionId);
            return null;
        }
        return session.getLogin();
    }

    public static void cleanupExpiredSessions() {
        long now = System.currentTimeMillis();
        sessions.entrySet().removeIf(entry -> entry.getValue().isExpired());
    }
}