forked from grafana/grafana
-
Notifications
You must be signed in to change notification settings - Fork 0
/
token_cleanup.go
68 lines (55 loc) · 2.05 KB
/
token_cleanup.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
package authimpl
import (
"context"
"time"
"github.com/grafana/grafana/pkg/infra/db"
)
func (s *UserAuthTokenService) Run(ctx context.Context) error {
ticker := time.NewTicker(time.Hour)
maxInactiveLifetime := s.cfg.LoginMaxInactiveLifetime
maxLifetime := s.cfg.LoginMaxLifetime
err := s.serverLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func(context.Context) {
if _, err := s.deleteExpiredTokens(ctx, maxInactiveLifetime, maxLifetime); err != nil {
s.log.Error("An error occurred while deleting expired tokens", "err", err)
}
})
if err != nil {
s.log.Error("failed to lock and execute cleanup of expired auth token", "error", err)
}
for {
select {
case <-ticker.C:
err = s.serverLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func(context.Context) {
if _, err := s.deleteExpiredTokens(ctx, maxInactiveLifetime, maxLifetime); err != nil {
s.log.Error("An error occurred while deleting expired tokens", "err", err)
}
})
if err != nil {
s.log.Error("failed to lock and execute cleanup of expired auth token", "error", err)
}
case <-ctx.Done():
return ctx.Err()
}
}
}
func (s *UserAuthTokenService) deleteExpiredTokens(ctx context.Context, maxInactiveLifetime, maxLifetime time.Duration) (int64, error) {
createdBefore := getTime().Add(-maxLifetime)
rotatedBefore := getTime().Add(-maxInactiveLifetime)
s.log.Debug("starting cleanup of expired auth tokens", "createdBefore", createdBefore, "rotatedBefore", rotatedBefore)
var affected int64
err := s.sqlStore.WithDbSession(ctx, func(dbSession *db.Session) error {
sql := `DELETE from user_auth_token WHERE created_at <= ? OR rotated_at <= ?`
res, err := dbSession.Exec(sql, createdBefore.Unix(), rotatedBefore.Unix())
if err != nil {
return err
}
affected, err = res.RowsAffected()
if err != nil {
s.log.Error("failed to cleanup expired auth tokens", "error", err)
return nil
}
s.log.Debug("cleanup of expired auth tokens done", "count", affected)
return nil
})
return affected, err
}