From c8077482f352056ffb593039c71990c893b45a8b Mon Sep 17 00:00:00 2001
From: Quaternions <krakow20@gmail.com>
Date: Wed, 26 Mar 2025 20:51:40 -0700
Subject: [PATCH 1/3] submissions: do not validate session in HandleCookieAuth

---
 pkg/service/security.go | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/pkg/service/security.go b/pkg/service/security.go
index 7c8ffe3..08e44e1 100644
--- a/pkg/service/security.go
+++ b/pkg/service/security.go
@@ -159,16 +159,6 @@ func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName a
 		return nil, ErrMissingSessionID
 	}
 
-	validate, err := svc.Client.ValidateSession(ctx, &auth.IdMessage{
-		SessionID: sessionId,
-	})
-	if err != nil {
-		return nil, err
-	}
-	if !validate.Valid {
-		return nil, ErrInvalidSession
-	}
-
 	newCtx := context.WithValue(ctx, "UserInfo", UserInfoHandle{
 		svc:       &svc,
 		ctx:       &ctx,
-- 
2.47.1


From a7c72163eb9fd29f2eb9fd3e3a65b6408dd27475 Mon Sep 17 00:00:00 2001
From: Quaternions <krakow20@gmail.com>
Date: Wed, 26 Mar 2025 20:52:54 -0700
Subject: [PATCH 2/3] openapi: user session is required for SessionValidate

---
 openapi.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/openapi.yaml b/openapi.yaml
index bf8b646..d12abf5 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -61,7 +61,6 @@ paths:
       operationId: sessionValidate
       tags:
         - Session
-      security: []
       responses:
         "200":
           description: Successful response
-- 
2.47.1


From 2f2241612a5c208aa37aec8b4a02b94f7545b1b3 Mon Sep 17 00:00:00 2001
From: Quaternions <krakow20@gmail.com>
Date: Wed, 26 Mar 2025 20:53:25 -0700
Subject: [PATCH 3/3] openapi: generate

---
 pkg/api/oas_client_gen.go   | 33 +++++++++++++++++++++++
 pkg/api/oas_handlers_gen.go | 52 ++++++++++++++++++++++++++++++++++++-
 2 files changed, 84 insertions(+), 1 deletion(-)

diff --git a/pkg/api/oas_client_gen.go b/pkg/api/oas_client_gen.go
index 12466d7..ae66da5 100644
--- a/pkg/api/oas_client_gen.go
+++ b/pkg/api/oas_client_gen.go
@@ -2947,6 +2947,39 @@ func (c *Client) sendSessionValidate(ctx context.Context) (res bool, err error)
 		return res, errors.Wrap(err, "create request")
 	}
 
+	{
+		type bitset = [1]uint8
+		var satisfied bitset
+		{
+			stage = "Security:CookieAuth"
+			switch err := c.securityCookieAuth(ctx, SessionValidateOperation, r); {
+			case err == nil: // if NO error
+				satisfied[0] |= 1 << 0
+			case errors.Is(err, ogenerrors.ErrSkipClientSecurity):
+				// Skip this security.
+			default:
+				return res, errors.Wrap(err, "security \"CookieAuth\"")
+			}
+		}
+
+		if ok := func() bool {
+		nextRequirement:
+			for _, requirement := range []bitset{
+				{0b00000001},
+			} {
+				for i, mask := range requirement {
+					if satisfied[i]&mask != mask {
+						continue nextRequirement
+					}
+				}
+				return true
+			}
+			return false
+		}(); !ok {
+			return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied
+		}
+	}
+
 	stage = "SendRequest"
 	resp, err := c.cfg.Client.Do(r)
 	if err != nil {
diff --git a/pkg/api/oas_handlers_gen.go b/pkg/api/oas_handlers_gen.go
index 6527f61..f237b03 100644
--- a/pkg/api/oas_handlers_gen.go
+++ b/pkg/api/oas_handlers_gen.go
@@ -4138,8 +4138,58 @@ func (s *Server) handleSessionValidateRequest(args [0]string, argsEscaped bool,
 
 			s.errors.Add(ctx, 1, metric.WithAttributes(attrs...))
 		}
-		err error
+		err          error
+		opErrContext = ogenerrors.OperationContext{
+			Name: SessionValidateOperation,
+			ID:   "sessionValidate",
+		}
 	)
+	{
+		type bitset = [1]uint8
+		var satisfied bitset
+		{
+			sctx, ok, err := s.securityCookieAuth(ctx, SessionValidateOperation, r)
+			if err != nil {
+				err = &ogenerrors.SecurityError{
+					OperationContext: opErrContext,
+					Security:         "CookieAuth",
+					Err:              err,
+				}
+				if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
+					defer recordError("Security:CookieAuth", err)
+				}
+				return
+			}
+			if ok {
+				satisfied[0] |= 1 << 0
+				ctx = sctx
+			}
+		}
+
+		if ok := func() bool {
+		nextRequirement:
+			for _, requirement := range []bitset{
+				{0b00000001},
+			} {
+				for i, mask := range requirement {
+					if satisfied[i]&mask != mask {
+						continue nextRequirement
+					}
+				}
+				return true
+			}
+			return false
+		}(); !ok {
+			err = &ogenerrors.SecurityError{
+				OperationContext: opErrContext,
+				Err:              ogenerrors.ErrSecurityRequirementIsNotSatisfied,
+			}
+			if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
+				defer recordError("Security", err)
+			}
+			return
+		}
+	}
 
 	var response bool
 	if m := s.cfg.Middleware; m != nil {
-- 
2.47.1