adjust session GC interval (#569)

* keep at least 4 history passwords * adjust gc time for session

adjust session GC interval (#569)
* keep at least 4 history passwords * adjust gc time for session
c724896e · yubo · GitHub · 914aaa0a · c724896e · c724896e
隐藏空白更改
内联并排

Showing with 36 addition and 23 deletion

src/modules/rdb/auth/authenticator.go src/modules/rdb/auth/authenticator.go +22 -13

src/modules/rdb/session/session_db.go src/modules/rdb/session/session_db.go +14 -10

未找到文件。
--- a/src/modules/rdb/auth/authenticator.go
+++ b/src/modules/rdb/auth/authenticator.go
@@ -20,6 +20,7 @@ import (
 const (
 	ChangePasswordURL = "/change-password"
 	loginModeFifo     = true
+	pwdHistorySize    = 4
 )

 type Authenticator struct {
@@ -132,14 +133,13 @@ func (p *Authenticator) ChangePassword(user *models.User, password string) (err
 		return nil
 	}

-	if !p.extraMode {
-		return changePassword()
-	}
-
 	// precheck
 	cf := cache.AuthConfig()
-	if err = checkPassword(cf, password); err != nil {
-		return
+
+	if p.extraMode {
+		if err = checkPassword(cf, password); err != nil {
+			return
+		}
 	}

 	if err = changePassword(); err != nil {
@@ -157,15 +157,22 @@ func (p *Authenticator) ChangePassword(user *models.User, password string) (err
 		return
 	}

-	for _, v := range passwords {
-		if user.Password == v {
-			err = _e("The password is the same as the old password")
-			return
+	if p.extraMode {
+		for _, v := range passwords {
+			if user.Password == v {
+				err = _e("The password is the same as the old password")
+				return
+			}
 		}
 	}

 	passwords = append(passwords, user.Password)
-	if n := len(passwords) - cf.PwdHistorySize; n > 0 {
+
+	historySize := pwdHistorySize
+	if cf.PwdHistorySize > historySize {
+		historySize = cf.PwdHistorySize
+	}
+	if n := len(passwords) - historySize; n > 0 {
 		passwords = passwords[n:]
 	}

@@ -301,7 +308,9 @@ func (p *Authenticator) PrepareUser(user *models.User) {
 	}

 	cf := cache.AuthConfig()
-	user.PwdExpiresAt = user.PwdUpdatedAt + cf.PwdExpiresIn*86400*30
+	if cf.PwdExpiresIn > 0 {
+		user.PwdExpiresAt = user.PwdUpdatedAt + cf.PwdExpiresIn*86400*30
+	}
 }

 // cleanup rdb.session & sso.token
@@ -426,7 +435,7 @@ func lockedUserAccess(cf *models.AuthConfig, user *models.User, loginErr error)
 		user.UpdatedAt = now
 		return nil
 	}
-	return _e("User is locked, unlock at %dm later", math.Ceil(float64(user.LockedAt+cf.LockTime-now))/60.0)
+	return _e("User is locked, unlock at %dm later", int(math.Ceil(float64(user.LockedAt+cf.LockTime*60-now))/60.0))
 }

 func frozenUserAccess(cf *models.AuthConfig, user *models.User, loginErr error) error {

--- a/src/modules/rdb/session/session_db.go
+++ b/src/modules/rdb/session/session_db.go
@@ -13,15 +13,23 @@ func newDbStorage(cf *config.SessionSection, opts *options) (storage, error) {

 	lifeTime := config.Config.HTTP.Session.CookieLifetime
 	if lifeTime == 0 {
-		if config.Config.Auth.ExtraMode.Enable {
-			// cleanup by idle time worker
-			lifeTime = 86400 * 10
-		} else {
-			lifeTime = 86400
+		lifeTime = 86400
+	}
+
+	cleanup := func() {
+		now := time.Now().Unix()
+		err := models.SessionCleanupByUpdatedAt(now - lifeTime)
+		if err != nil {
+			logger.Errorf("session gc err %s", err)
 		}
+
+		n, err := models.DB["rdb"].Where("username='' and created_at < ?", now-lifeTime).Delete(new(models.Session))
+		logger.Debugf("delete session %d lt created_at %d err %v", n, now-lifeTime, err)
 	}

 	go func() {
+		cleanup()
+
 		t := time.NewTicker(time.Second * time.Duration(cf.GcInterval))
 		defer t.Stop()
 		for {
@@ -29,11 +37,7 @@ func newDbStorage(cf *config.SessionSection, opts *options) (storage, error) {
 			case <-opts.ctx.Done():
 				return
 			case <-t.C:
-				err := models.SessionCleanupByUpdatedAt(time.Now().Unix() - lifeTime)
-				if err != nil {
-					logger.Errorf("session gc err %s", err)
-				}
-
+				cleanup()
 			}
 		}
 	}()