⚡ In memory auth context cache
This commit is contained in:
parent
4e4fbb8ba9
commit
8ae6292bf0
15
.idea/workspace.xml
generated
15
.idea/workspace.xml
generated
@ -4,7 +4,20 @@
|
||||
<option name="autoReloadType" value="ALL" />
|
||||
</component>
|
||||
<component name="ChangeListManager">
|
||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Permission check" />
|
||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Permission check">
|
||||
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/go.mod" beforeDir="false" afterPath="$PROJECT_DIR$/go.mod" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/go.sum" beforeDir="false" afterPath="$PROJECT_DIR$/go.sum" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/cmd/main.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/cmd/main.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/database/source.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/database/source.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/models/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/models/auth.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/server/accounts_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/accounts_api.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/server/ui/personalize.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/ui/personalize.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/services/accounts.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/accounts.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/services/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/auth.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/services/ticker_maintainer.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/ticker_maintainer.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/settings.toml" beforeDir="false" afterPath="$PROJECT_DIR$/settings.toml" afterDir="false" />
|
||||
</list>
|
||||
<option name="SHOW_DIALOG" value="false" />
|
||||
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
||||
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
|
||||
|
9
go.mod
9
go.mod
@ -9,15 +9,18 @@ require (
|
||||
github.com/gofiber/fiber/v2 v2.52.4
|
||||
github.com/gofiber/template/html/v2 v2.1.1
|
||||
github.com/golang-jwt/jwt/v5 v5.2.0
|
||||
github.com/gomarkdown/markdown v0.0.0-20240419095408-642f0ee99ae2
|
||||
github.com/google/uuid v1.6.0
|
||||
github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible
|
||||
github.com/json-iterator/go v1.1.12
|
||||
github.com/nicksnyder/go-i18n/v2 v2.4.0
|
||||
github.com/robfig/cron/v3 v3.0.1
|
||||
github.com/rs/zerolog v1.31.0
|
||||
github.com/samber/lo v1.39.0
|
||||
github.com/spf13/viper v1.18.1
|
||||
go.etcd.io/bbolt v1.3.9
|
||||
github.com/sujit-baniya/flash v0.1.8
|
||||
golang.org/x/crypto v0.21.0
|
||||
golang.org/x/text v0.14.0
|
||||
google.golang.org/api v0.153.0
|
||||
google.golang.org/grpc v1.59.0
|
||||
google.golang.org/protobuf v1.31.0
|
||||
@ -45,7 +48,6 @@ require (
|
||||
github.com/gofiber/utils v1.1.0 // indirect
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
||||
github.com/golang/protobuf v1.5.3 // indirect
|
||||
github.com/gomarkdown/markdown v0.0.0-20240419095408-642f0ee99ae2 // indirect
|
||||
github.com/google/s2a-go v0.1.7 // indirect
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
|
||||
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
|
||||
@ -65,7 +67,6 @@ require (
|
||||
github.com/mitchellh/mapstructure v1.5.0 // indirect
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
|
||||
github.com/modern-go/reflect2 v1.0.2 // indirect
|
||||
github.com/nicksnyder/go-i18n/v2 v2.4.0 // indirect
|
||||
github.com/pelletier/go-toml/v2 v2.1.1 // indirect
|
||||
github.com/philhofer/fwd v1.1.2 // indirect
|
||||
github.com/rivo/uniseg v0.4.7 // indirect
|
||||
@ -77,7 +78,6 @@ require (
|
||||
github.com/spf13/cast v1.6.0 // indirect
|
||||
github.com/spf13/pflag v1.0.5 // indirect
|
||||
github.com/subosito/gotenv v1.6.0 // indirect
|
||||
github.com/sujit-baniya/flash v0.1.8 // indirect
|
||||
github.com/tinylib/msgp v1.1.8 // indirect
|
||||
github.com/valyala/bytebufferpool v1.0.0 // indirect
|
||||
github.com/valyala/fasthttp v1.52.0 // indirect
|
||||
@ -89,7 +89,6 @@ require (
|
||||
golang.org/x/oauth2 v0.15.0 // indirect
|
||||
golang.org/x/sync v0.5.0 // indirect
|
||||
golang.org/x/sys v0.19.0 // indirect
|
||||
golang.org/x/text v0.14.0 // indirect
|
||||
golang.org/x/time v0.5.0 // indirect
|
||||
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
|
10
go.sum
10
go.sum
@ -16,6 +16,8 @@ cloud.google.com/go/storage v1.35.1/go.mod h1:M6M/3V/D3KpzMTJyPOR/HU6n2Si5QdaXYE
|
||||
firebase.google.com/go v3.13.0+incompatible h1:3TdYC3DDi6aHn20qoRkxwGqNgdjtblwVAyRLQwGn/+4=
|
||||
firebase.google.com/go v3.13.0+incompatible/go.mod h1:xlah6XbEyW6tbfSklcfe5FHJIwjt8toICdV5Wh9ptHs=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
|
||||
github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
|
||||
github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
|
||||
github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
|
||||
github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
|
||||
@ -129,8 +131,6 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
|
||||
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
|
||||
github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
|
||||
github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
|
||||
github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg=
|
||||
github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
|
||||
github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
|
||||
github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
|
||||
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
|
||||
@ -224,8 +224,6 @@ github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHY
|
||||
github.com/valyala/tcplisten v1.0.0 h1:rBHj/Xf+E1tRGZyWIWwJDiRY0zc1Js+CV5DqwacVSA8=
|
||||
github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
|
||||
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
|
||||
go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI=
|
||||
go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE=
|
||||
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
|
||||
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
|
||||
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
|
||||
@ -284,8 +282,6 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
|
||||
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
|
||||
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
|
||||
golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
@ -353,6 +349,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN
|
||||
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
|
||||
gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
|
||||
gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
|
||||
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
|
||||
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
|
@ -44,9 +44,6 @@ func main() {
|
||||
} else if err := database.RunMigration(database.C); err != nil {
|
||||
log.Fatal().Err(err).Msg("An error occurred when running database auto migration.")
|
||||
}
|
||||
if err := database.NewBolt(); err != nil {
|
||||
log.Fatal().Err(err).Msg("An error occurred when init bolt db.")
|
||||
}
|
||||
|
||||
// External
|
||||
// All the things are optional so when error occurred the server won't crash
|
||||
@ -70,8 +67,8 @@ func main() {
|
||||
// Configure timed tasks
|
||||
quartz := cron.New(cron.WithLogger(cron.VerbosePrintfLogger(&log.Logger)))
|
||||
quartz.AddFunc("@every 60m", services.DoAutoSignoff)
|
||||
quartz.AddFunc("@every 60m", services.DoAutoAuthCleanup)
|
||||
quartz.AddFunc("@every 60m", services.DoAutoDatabaseCleanup)
|
||||
quartz.AddFunc("@every 60s", services.RecycleAuthContext)
|
||||
quartz.AddFunc("@every 5m", services.KexCleanup)
|
||||
quartz.Start()
|
||||
|
||||
@ -85,6 +82,4 @@ func main() {
|
||||
log.Info().Msgf("Passport v%s is quitting...", pkg.AppVersion)
|
||||
|
||||
quartz.Stop()
|
||||
|
||||
database.B.Close()
|
||||
}
|
||||
|
@ -4,7 +4,6 @@ import (
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/samber/lo"
|
||||
"github.com/spf13/viper"
|
||||
"go.etcd.io/bbolt"
|
||||
"gorm.io/driver/postgres"
|
||||
"gorm.io/gorm"
|
||||
"gorm.io/gorm/logger"
|
||||
@ -27,14 +26,3 @@ func NewGorm() error {
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
var B *bbolt.DB
|
||||
|
||||
func NewBolt() error {
|
||||
var err error
|
||||
|
||||
dsn := viper.GetString("database.bolt")
|
||||
B, err = bbolt.Open(dsn, 0600, nil)
|
||||
|
||||
return err
|
||||
}
|
||||
|
@ -58,7 +58,7 @@ func (v AuthTicket) IsAvailable() error {
|
||||
}
|
||||
|
||||
type AuthContext struct {
|
||||
Ticket AuthTicket `json:"ticket"`
|
||||
Account Account `json:"account"`
|
||||
ExpiredAt time.Time `json:"expired_at"`
|
||||
Ticket AuthTicket `json:"ticket"`
|
||||
Account Account `json:"account"`
|
||||
LastUsedAt time.Time `json:"last_used_at"`
|
||||
}
|
||||
|
@ -108,6 +108,8 @@ func editUserinfo(c *fiber.Ctx) error {
|
||||
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
||||
}
|
||||
|
||||
services.InvalidAuthCacheWithUser(account.ID)
|
||||
|
||||
return c.SendStatus(fiber.StatusOK)
|
||||
}
|
||||
|
||||
|
@ -4,6 +4,7 @@ import (
|
||||
"fmt"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/database"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/models"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/services"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/utils"
|
||||
"github.com/gofiber/fiber/v2"
|
||||
"github.com/nicksnyder/go-i18n/v2/i18n"
|
||||
@ -92,6 +93,8 @@ func personalizeAction(c *fiber.Ctx) error {
|
||||
}).Redirect("/users/me/personalize")
|
||||
}
|
||||
|
||||
services.InvalidAuthCacheWithUser(account.ID)
|
||||
|
||||
return flash.WithInfo(c, fiber.Map{
|
||||
"message": "your account has been personalized",
|
||||
}).Redirect("/users/me")
|
||||
|
@ -116,6 +116,8 @@ func ConfirmAccount(code string) error {
|
||||
return err
|
||||
}
|
||||
|
||||
InvalidAuthCacheWithUser(user.ID)
|
||||
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
@ -4,15 +4,12 @@ import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/database"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/models"
|
||||
"github.com/gofiber/fiber/v2"
|
||||
jsoniter "github.com/json-iterator/go"
|
||||
"github.com/rs/zerolog/log"
|
||||
"go.etcd.io/bbolt"
|
||||
)
|
||||
|
||||
const authContextBucket = "AuthContext"
|
||||
var authContextCache = make(map[string]models.AuthContext)
|
||||
|
||||
func Authenticate(access, refresh string, depth int) (user models.Account, perms map[string]any, newAccess, newRefresh string, err error) {
|
||||
var claims PayloadClaims
|
||||
@ -44,7 +41,7 @@ func Authenticate(access, refresh string, depth int) (user models.Account, perms
|
||||
|
||||
ctx, err = GrantAuthContext(claims.ID)
|
||||
if err == nil {
|
||||
log.Debug().Str("jti", claims.ID).Err(lookupErr).Msg("Missed auth context cache once!")
|
||||
|
||||
perms = FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
|
||||
user = ctx.Account
|
||||
return
|
||||
@ -58,26 +55,14 @@ func GetAuthContext(jti string) (models.AuthContext, error) {
|
||||
var err error
|
||||
var ctx models.AuthContext
|
||||
|
||||
err = database.B.View(func(tx *bbolt.Tx) error {
|
||||
bucket := tx.Bucket([]byte(authContextBucket))
|
||||
if bucket == nil {
|
||||
return fmt.Errorf("unable to find auth context bucket")
|
||||
}
|
||||
|
||||
raw := bucket.Get([]byte(jti))
|
||||
if raw == nil {
|
||||
return fmt.Errorf("unable to find auth context")
|
||||
} else if err := jsoniter.Unmarshal(raw, &ctx); err != nil {
|
||||
return fmt.Errorf("unable to unmarshal auth context: %v", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
|
||||
if err == nil && time.Now().Unix() >= ctx.ExpiredAt.Unix() {
|
||||
_ = RevokeAuthContext(jti)
|
||||
|
||||
return ctx, fmt.Errorf("auth context has been expired")
|
||||
if val, ok := authContextCache[jti]; ok {
|
||||
ctx = val
|
||||
ctx.LastUsedAt = time.Now()
|
||||
authContextCache[jti] = ctx
|
||||
log.Debug().Str("jti", jti).Msg("Used an auth context cache")
|
||||
} else {
|
||||
ctx, err = GrantAuthContext(jti)
|
||||
log.Debug().Str("jti", jti).Msg("Created a new auth context cache")
|
||||
}
|
||||
|
||||
return ctx, err
|
||||
@ -99,37 +84,37 @@ func GrantAuthContext(jti string) (models.AuthContext, error) {
|
||||
return ctx, fmt.Errorf("invalid account: %v", err)
|
||||
}
|
||||
|
||||
// Every context should expire in some while
|
||||
// Once user update their account info, this will have delay to update
|
||||
ctx = models.AuthContext{
|
||||
Ticket: ticket,
|
||||
Account: user,
|
||||
ExpiredAt: time.Now().Add(5 * time.Minute),
|
||||
Ticket: ticket,
|
||||
Account: user,
|
||||
LastUsedAt: time.Now(),
|
||||
}
|
||||
|
||||
// Save data into KV cache
|
||||
return ctx, database.B.Update(func(tx *bbolt.Tx) error {
|
||||
bucket, err := tx.CreateBucketIfNotExists([]byte(authContextBucket))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// Put the data into memory for cache
|
||||
authContextCache[jti] = ctx
|
||||
|
||||
raw, err := jsoniter.Marshal(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return bucket.Put([]byte(jti), raw)
|
||||
})
|
||||
return ctx, nil
|
||||
}
|
||||
|
||||
func RevokeAuthContext(jti string) error {
|
||||
return database.B.Update(func(tx *bbolt.Tx) error {
|
||||
bucket, err := tx.CreateBucketIfNotExists([]byte(authContextBucket))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
func RecycleAuthContext() {
|
||||
if len(authContextCache) == 0 {
|
||||
return
|
||||
}
|
||||
|
||||
return bucket.Delete([]byte(jti))
|
||||
})
|
||||
affected := 0
|
||||
for key, val := range authContextCache {
|
||||
if val.LastUsedAt.Add(60*time.Second).Unix() < time.Now().Unix() {
|
||||
affected++
|
||||
delete(authContextCache, key)
|
||||
}
|
||||
}
|
||||
log.Debug().Int("affected", affected).Msg("Recycled auth context...")
|
||||
}
|
||||
|
||||
func InvalidAuthCacheWithUser(userId uint) {
|
||||
for key, val := range authContextCache {
|
||||
if val.Account.ID == userId {
|
||||
delete(authContextCache, key)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -3,10 +3,8 @@ package services
|
||||
import (
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/database"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/models"
|
||||
jsoniter "github.com/json-iterator/go"
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/spf13/viper"
|
||||
"go.etcd.io/bbolt"
|
||||
"time"
|
||||
)
|
||||
|
||||
@ -24,36 +22,3 @@ func DoAutoSignoff() {
|
||||
log.Debug().Int64("affected", tx.RowsAffected).Msg("Auto sign off accomplished.")
|
||||
}
|
||||
}
|
||||
|
||||
func DoAutoAuthCleanup() {
|
||||
log.Debug().Msg("Now cleaning up cached auth context...")
|
||||
|
||||
count := 0
|
||||
err := database.B.Batch(func(tx *bbolt.Tx) error {
|
||||
bucket := tx.Bucket([]byte(authContextBucket))
|
||||
if bucket == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
cursor := bucket.Cursor()
|
||||
|
||||
var ctx models.AuthContext
|
||||
for key, val := cursor.First(); key != nil; key, val = cursor.Next() {
|
||||
if err := jsoniter.Unmarshal(val, &ctx); err != nil {
|
||||
bucket.Delete(key)
|
||||
count++
|
||||
} else if time.Now().Unix() >= ctx.ExpiredAt.Unix() {
|
||||
bucket.Delete(key)
|
||||
count++
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("An error occurred when running auth context cleanup...")
|
||||
} else {
|
||||
log.Debug().Int("affected", count).Msg("Clean up auth context accomplished.")
|
||||
}
|
||||
}
|
||||
|
@ -34,7 +34,6 @@ refresh_token_duration = 2592000
|
||||
[database]
|
||||
dsn = "host=localhost dbname=hy_passport port=5432 sslmode=disable"
|
||||
prefix = "passport_"
|
||||
bolt = "uploads/bolt.db"
|
||||
|
||||
[permissions.default]
|
||||
CreatePaperclipAttachments = 1048576
|
||||
|
Loading…
Reference in New Issue
Block a user