adjust session GC interval (#569)

* keep at least 4 history passwords * adjust gc time for session
2021-02-01 23:29:38 +08:00 · 2021-02-01 23:29:38 +08:00 · c724896ecd
parent 914aaa0a96
commit c724896ecd
2 changed files with 36 additions and 23 deletions
--- a/src/modules/rdb/auth/authenticator.go
+++ b/src/modules/rdb/auth/authenticator.go
@ -20,6 +20,7 @@ import (
 const (
 	ChangePasswordURL = "/change-password"
 	loginModeFifo     = true
 	pwdHistorySize    = 4
 )
 type Authenticator struct {
@ -132,14 +133,13 @@ func (p *Authenticator) ChangePassword(user *models.User, password string) (err
 		return nil
 	}
 	if !p.extraMode {
 		return changePassword()
 	}
 	// precheck
 	cf := cache.AuthConfig()
-	if err = checkPassword(cf, password); err != nil {
+
-		return
+	if p.extraMode {
 		if err = checkPassword(cf, password); err != nil {
 			return
 		}
 	}
 	if err = changePassword(); err != nil {
@ -157,15 +157,22 @@ func (p *Authenticator) ChangePassword(user *models.User, password string) (err
 		return
 	}
-	for _, v := range passwords {
+	if p.extraMode {
-		if user.Password == v {
+		for _, v := range passwords {
-			err = _e("The password is the same as the old password")
+			if user.Password == v {
-			return
+				err = _e("The password is the same as the old password")
 				return
 			}
 		}
 	}
 	passwords = append(passwords, user.Password)
-	if n := len(passwords) - cf.PwdHistorySize; n > 0 {
+
 	historySize := pwdHistorySize
 	if cf.PwdHistorySize > historySize {
 		historySize = cf.PwdHistorySize
 	}
 	if n := len(passwords) - historySize; n > 0 {
 		passwords = passwords[n:]
 	}
@ -301,7 +308,9 @@ func (p *Authenticator) PrepareUser(user *models.User) {
 	}
 	cf := cache.AuthConfig()
-	user.PwdExpiresAt = user.PwdUpdatedAt + cf.PwdExpiresIn*86400*30
+	if cf.PwdExpiresIn > 0 {
 		user.PwdExpiresAt = user.PwdUpdatedAt + cf.PwdExpiresIn*86400*30
 	}
 }
 // cleanup rdb.session & sso.token
@ -426,7 +435,7 @@ func lockedUserAccess(cf *models.AuthConfig, user *models.User, loginErr error)
 		user.UpdatedAt = now
 		return nil
 	}
-	return _e("User is locked, unlock at %dm later", math.Ceil(float64(user.LockedAt+cf.LockTime-now))/60.0)
+	return _e("User is locked, unlock at %dm later", int(math.Ceil(float64(user.LockedAt+cf.LockTime*60-now))/60.0))
 }
 func frozenUserAccess(cf *models.AuthConfig, user *models.User, loginErr error) error {
--- a/src/modules/rdb/session/session_db.go
+++ b/src/modules/rdb/session/session_db.go
@ -13,15 +13,23 @@ func newDbStorage(cf *config.SessionSection, opts *options) (storage, error) {
 	lifeTime := config.Config.HTTP.Session.CookieLifetime
 	if lifeTime == 0 {
-		if config.Config.Auth.ExtraMode.Enable {
+		lifeTime = 86400
-			// cleanup by idle time worker
+	}
-			lifeTime = 86400 * 10
+
-		} else {
+	cleanup := func() {
-			lifeTime = 86400
+		now := time.Now().Unix()
 		err := models.SessionCleanupByUpdatedAt(now - lifeTime)
 		if err != nil {
 			logger.Errorf("session gc err %s", err)
 		}
 		n, err := models.DB["rdb"].Where("username='' and created_at < ?", now-lifeTime).Delete(new(models.Session))
 		logger.Debugf("delete session %d lt created_at %d err %v", n, now-lifeTime, err)
 	}
 	go func() {
 		cleanup()
 		t := time.NewTicker(time.Second * time.Duration(cf.GcInterval))
 		defer t.Stop()
 		for {
@ -29,11 +37,7 @@ func newDbStorage(cf *config.SessionSection, opts *options) (storage, error) {
 			case <-opts.ctx.Done():
 				return
 			case <-t.C:
-				err := models.SessionCleanupByUpdatedAt(time.Now().Unix() - lifeTime)
+				cleanup()
 				if err != nil {
 					logger.Errorf("session gc err %s", err)
 				}
 			}
 		}
 	}()