From c724896ecda4f1e8e9c7bd36a524fb48a4866332 Mon Sep 17 00:00:00 2001 From: yubo Date: Mon, 1 Feb 2021 23:29:38 +0800 Subject: [PATCH] adjust session GC interval (#569) * keep at least 4 history passwords * adjust gc time for session --- src/modules/rdb/auth/authenticator.go | 35 +++++++++++++++++---------- src/modules/rdb/session/session_db.go | 24 ++++++++++-------- 2 files changed, 36 insertions(+), 23 deletions(-) diff --git a/src/modules/rdb/auth/authenticator.go b/src/modules/rdb/auth/authenticator.go index fd79b891..280740f5 100644 --- a/src/modules/rdb/auth/authenticator.go +++ b/src/modules/rdb/auth/authenticator.go @@ -20,6 +20,7 @@ import ( const ( ChangePasswordURL = "/change-password" loginModeFifo = true + pwdHistorySize = 4 ) type Authenticator struct { @@ -132,14 +133,13 @@ func (p *Authenticator) ChangePassword(user *models.User, password string) (err return nil } - if !p.extraMode { - return changePassword() - } - // precheck cf := cache.AuthConfig() - if err = checkPassword(cf, password); err != nil { - return + + if p.extraMode { + if err = checkPassword(cf, password); err != nil { + return + } } if err = changePassword(); err != nil { @@ -157,15 +157,22 @@ func (p *Authenticator) ChangePassword(user *models.User, password string) (err return } - for _, v := range passwords { - if user.Password == v { - err = _e("The password is the same as the old password") - return + if p.extraMode { + for _, v := range passwords { + if user.Password == v { + err = _e("The password is the same as the old password") + return + } } } passwords = append(passwords, user.Password) - if n := len(passwords) - cf.PwdHistorySize; n > 0 { + + historySize := pwdHistorySize + if cf.PwdHistorySize > historySize { + historySize = cf.PwdHistorySize + } + if n := len(passwords) - historySize; n > 0 { passwords = passwords[n:] } @@ -301,7 +308,9 @@ func (p *Authenticator) PrepareUser(user *models.User) { } cf := cache.AuthConfig() - user.PwdExpiresAt = user.PwdUpdatedAt + cf.PwdExpiresIn*86400*30 + if cf.PwdExpiresIn > 0 { + user.PwdExpiresAt = user.PwdUpdatedAt + cf.PwdExpiresIn*86400*30 + } } // cleanup rdb.session & sso.token @@ -426,7 +435,7 @@ func lockedUserAccess(cf *models.AuthConfig, user *models.User, loginErr error) user.UpdatedAt = now return nil } - return _e("User is locked, unlock at %dm later", math.Ceil(float64(user.LockedAt+cf.LockTime-now))/60.0) + return _e("User is locked, unlock at %dm later", int(math.Ceil(float64(user.LockedAt+cf.LockTime*60-now))/60.0)) } func frozenUserAccess(cf *models.AuthConfig, user *models.User, loginErr error) error { diff --git a/src/modules/rdb/session/session_db.go b/src/modules/rdb/session/session_db.go index db467308..3f5fb179 100644 --- a/src/modules/rdb/session/session_db.go +++ b/src/modules/rdb/session/session_db.go @@ -13,15 +13,23 @@ func newDbStorage(cf *config.SessionSection, opts *options) (storage, error) { lifeTime := config.Config.HTTP.Session.CookieLifetime if lifeTime == 0 { - if config.Config.Auth.ExtraMode.Enable { - // cleanup by idle time worker - lifeTime = 86400 * 10 - } else { - lifeTime = 86400 + lifeTime = 86400 + } + + cleanup := func() { + now := time.Now().Unix() + err := models.SessionCleanupByUpdatedAt(now - lifeTime) + if err != nil { + logger.Errorf("session gc err %s", err) } + + n, err := models.DB["rdb"].Where("username='' and created_at < ?", now-lifeTime).Delete(new(models.Session)) + logger.Debugf("delete session %d lt created_at %d err %v", n, now-lifeTime, err) } go func() { + cleanup() + t := time.NewTicker(time.Second * time.Duration(cf.GcInterval)) defer t.Stop() for { @@ -29,11 +37,7 @@ func newDbStorage(cf *config.SessionSection, opts *options) (storage, error) { case <-opts.ctx.Done(): return case <-t.C: - err := models.SessionCleanupByUpdatedAt(time.Now().Unix() - lifeTime) - if err != nil { - logger.Errorf("session gc err %s", err) - } - + cleanup() } } }() -- GitLab