adjust session GC interval (#569)

* keep at least 4 history passwords

* adjust gc time for session
This commit is contained in:
yubo 2021-02-01 23:29:38 +08:00 committed by GitHub
parent 914aaa0a96
commit c724896ecd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 23 deletions

View File

@ -20,6 +20,7 @@ import (
const (
ChangePasswordURL = "/change-password"
loginModeFifo = true
pwdHistorySize = 4
)
type Authenticator struct {
@ -132,14 +133,13 @@ func (p *Authenticator) ChangePassword(user *models.User, password string) (err
return nil
}
if !p.extraMode {
return changePassword()
}
// precheck
cf := cache.AuthConfig()
if err = checkPassword(cf, password); err != nil {
return
if p.extraMode {
if err = checkPassword(cf, password); err != nil {
return
}
}
if err = changePassword(); err != nil {
@ -157,15 +157,22 @@ func (p *Authenticator) ChangePassword(user *models.User, password string) (err
return
}
for _, v := range passwords {
if user.Password == v {
err = _e("The password is the same as the old password")
return
if p.extraMode {
for _, v := range passwords {
if user.Password == v {
err = _e("The password is the same as the old password")
return
}
}
}
passwords = append(passwords, user.Password)
if n := len(passwords) - cf.PwdHistorySize; n > 0 {
historySize := pwdHistorySize
if cf.PwdHistorySize > historySize {
historySize = cf.PwdHistorySize
}
if n := len(passwords) - historySize; n > 0 {
passwords = passwords[n:]
}
@ -301,7 +308,9 @@ func (p *Authenticator) PrepareUser(user *models.User) {
}
cf := cache.AuthConfig()
user.PwdExpiresAt = user.PwdUpdatedAt + cf.PwdExpiresIn*86400*30
if cf.PwdExpiresIn > 0 {
user.PwdExpiresAt = user.PwdUpdatedAt + cf.PwdExpiresIn*86400*30
}
}
// cleanup rdb.session & sso.token
@ -426,7 +435,7 @@ func lockedUserAccess(cf *models.AuthConfig, user *models.User, loginErr error)
user.UpdatedAt = now
return nil
}
return _e("User is locked, unlock at %dm later", math.Ceil(float64(user.LockedAt+cf.LockTime-now))/60.0)
return _e("User is locked, unlock at %dm later", int(math.Ceil(float64(user.LockedAt+cf.LockTime*60-now))/60.0))
}
func frozenUserAccess(cf *models.AuthConfig, user *models.User, loginErr error) error {

View File

@ -13,15 +13,23 @@ func newDbStorage(cf *config.SessionSection, opts *options) (storage, error) {
lifeTime := config.Config.HTTP.Session.CookieLifetime
if lifeTime == 0 {
if config.Config.Auth.ExtraMode.Enable {
// cleanup by idle time worker
lifeTime = 86400 * 10
} else {
lifeTime = 86400
lifeTime = 86400
}
cleanup := func() {
now := time.Now().Unix()
err := models.SessionCleanupByUpdatedAt(now - lifeTime)
if err != nil {
logger.Errorf("session gc err %s", err)
}
n, err := models.DB["rdb"].Where("username='' and created_at < ?", now-lifeTime).Delete(new(models.Session))
logger.Debugf("delete session %d lt created_at %d err %v", n, now-lifeTime, err)
}
go func() {
cleanup()
t := time.NewTicker(time.Second * time.Duration(cf.GcInterval))
defer t.Stop()
for {
@ -29,11 +37,7 @@ func newDbStorage(cf *config.SessionSection, opts *options) (storage, error) {
case <-opts.ctx.Done():
return
case <-t.C:
err := models.SessionCleanupByUpdatedAt(time.Now().Unix() - lifeTime)
if err != nil {
logger.Errorf("session gc err %s", err)
}
cleanup()
}
}
}()