adjust session GC interval (#569)

* keep at least 4 history passwords * adjust gc time for session
2021-02-01 23:29:38 +08:00 · 2021-02-01 23:29:38 +08:00 · c724896ecd
parent 914aaa0a96
commit c724896ecd
2 changed files with 36 additions and 23 deletions
--- a/src/modules/rdb/auth/authenticator.go
+++ b/src/modules/rdb/auth/authenticator.go
@ -20,6 +20,7 @@ import (
 const (
 	ChangePasswordURL = "/change-password"
 	loginModeFifo     = true
+	pwdHistorySize    = 4
 )

 type Authenticator struct {
@ -132,15 +133,14 @@ func (p *Authenticator) ChangePassword(user *models.User, password string) (err
 		return nil
 	}

-	if !p.extraMode {
-		return changePassword()
-	}
-
 	// precheck
 	cf := cache.AuthConfig()
+
+	if p.extraMode {
 		if err = checkPassword(cf, password); err != nil {
 			return
 		}
+	}

 	if err = changePassword(); err != nil {
 		return
@ -157,15 +157,22 @@ func (p *Authenticator) ChangePassword(user *models.User, password string) (err
 		return
 	}

+	if p.extraMode {
 		for _, v := range passwords {
 			if user.Password == v {
 				err = _e("The password is the same as the old password")
 				return
 			}
 		}
+	}

 	passwords = append(passwords, user.Password)
-	if n := len(passwords) - cf.PwdHistorySize; n > 0 {
+
+	historySize := pwdHistorySize
+	if cf.PwdHistorySize > historySize {
+		historySize = cf.PwdHistorySize
+	}
+	if n := len(passwords) - historySize; n > 0 {
 		passwords = passwords[n:]
 	}

@ -301,7 +308,9 @@ func (p *Authenticator) PrepareUser(user *models.User) {
 	}

 	cf := cache.AuthConfig()
+	if cf.PwdExpiresIn > 0 {
 		user.PwdExpiresAt = user.PwdUpdatedAt + cf.PwdExpiresIn*86400*30
+	}
 }

 // cleanup rdb.session & sso.token
@ -426,7 +435,7 @@ func lockedUserAccess(cf *models.AuthConfig, user *models.User, loginErr error)
 		user.UpdatedAt = now
 		return nil
 	}
-	return _e("User is locked, unlock at %dm later", math.Ceil(float64(user.LockedAt+cf.LockTime-now))/60.0)
+	return _e("User is locked, unlock at %dm later", int(math.Ceil(float64(user.LockedAt+cf.LockTime*60-now))/60.0))
 }

 func frozenUserAccess(cf *models.AuthConfig, user *models.User, loginErr error) error {
--- a/src/modules/rdb/session/session_db.go
+++ b/src/modules/rdb/session/session_db.go
@ -13,15 +13,23 @@ func newDbStorage(cf *config.SessionSection, opts *options) (storage, error) {

 	lifeTime := config.Config.HTTP.Session.CookieLifetime
 	if lifeTime == 0 {
-		if config.Config.Auth.ExtraMode.Enable {
-			// cleanup by idle time worker
-			lifeTime = 86400 * 10
-		} else {
 		lifeTime = 86400
 	}
+
+	cleanup := func() {
+		now := time.Now().Unix()
+		err := models.SessionCleanupByUpdatedAt(now - lifeTime)
+		if err != nil {
+			logger.Errorf("session gc err %s", err)
+		}
+
+		n, err := models.DB["rdb"].Where("username='' and created_at < ?", now-lifeTime).Delete(new(models.Session))
+		logger.Debugf("delete session %d lt created_at %d err %v", n, now-lifeTime, err)
 	}

 	go func() {
+		cleanup()
+
 		t := time.NewTicker(time.Second * time.Duration(cf.GcInterval))
 		defer t.Stop()
 		for {
@ -29,11 +37,7 @@ func newDbStorage(cf *config.SessionSection, opts *options) (storage, error) {
 			case <-opts.ctx.Done():
 				return
 			case <-t.C:
-				err := models.SessionCleanupByUpdatedAt(time.Now().Unix() - lifeTime)
-				if err != nil {
-					logger.Errorf("session gc err %s", err)
-				}
-
+				cleanup()
 			}
 		}
 	}()