This repository has been archived by the owner on Dec 14, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 19
/
api_session_enforcer.go
113 lines (90 loc) · 3.48 KB
/
api_session_enforcer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
/*
Copyright NetFoundry, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package policy
import (
"fmt"
"github.com/michaelquigley/pfxlog"
"github.com/openziti/edge/controller/env"
"github.com/openziti/edge/controller/model"
"github.com/openziti/edge/runner"
"github.com/sirupsen/logrus"
"time"
)
const (
maxIterations = 1000
maxDeletePerIteration = 500
ApiSessionEnforcerRun = "api.session.enforcer.run"
ApiSessionEnforcerDelete = "api.session.enforcer.delete"
)
type ApiSessionEnforcer struct {
appEnv model.Env
sessionTimeout time.Duration
*runner.BaseOperation
}
func NewSessionEnforcer(appEnv *env.AppEnv, frequency time.Duration, sessionTimeout time.Duration) *ApiSessionEnforcer {
if sessionTimeout < 60*time.Second {
pfxlog.Logger().Panic("sessionTimeout can not be less than 60 seconds")
}
pfxlog.Logger().
WithField("sessionTimeout", sessionTimeout.String()).
WithField("frequency", frequency.String()).
Info("session enforcer configured")
return &ApiSessionEnforcer{
appEnv: appEnv,
sessionTimeout: sessionTimeout,
BaseOperation: runner.NewBaseOperation("ApiSessionEnforcer", frequency),
}
}
func (s *ApiSessionEnforcer) Run() error {
startTime := time.Now()
defer func() {
s.appEnv.GetMetricsRegistry().Timer(ApiSessionEnforcerRun).UpdateSince(startTime)
}()
oldest := time.Now().Add(s.sessionTimeout * -1)
query := fmt.Sprintf("lastActivityAt < datetime(%s) limit %d", oldest.UTC().Format(time.RFC3339), maxDeletePerIteration)
log := pfxlog.Logger()
for i := 0; i < maxIterations; i++ {
ids := make([]string, 0, maxDeletePerIteration)
//iterate over API Sessions that do not have a recent enough lastAccessedAt
err := s.appEnv.GetHandlers().ApiSession.StreamIds(query, func(id string, err error) error {
if lastActivityAt, ok := s.appEnv.GetHandlers().ApiSession.HeartbeatCollector.LastAccessedAt(id); ok && lastActivityAt != nil {
log.Tracef("during API session enforcement lastAccessedAt check, API Session [%s] was found in the cache with time [%s]", id, lastActivityAt.String())
if lastActivityAt.Before(oldest) {
ids = append(ids, id)
}
} else {
log.Tracef("during API session enforcement lastAccessedAt check, API Session [%s] was not in the cache, using lastAccessedAt from db", id)
ids = append(ids, id)
}
return nil
})
if err != nil {
pfxlog.Logger().Errorf("encountered error querying for API sessions to remove: %v", err)
break
}
if len(ids) == 0 {
break
}
logrus.Debugf("found %v expired api-sessions to remove", len(ids))
if err = s.appEnv.GetHandlers().ApiSession.DeleteBatch(ids); err != nil {
logrus.WithError(err).Error("failure while batch deleting expired api sessions")
for _, id := range ids {
if err = s.appEnv.GetHandlers().ApiSession.Delete(id); err != nil {
logrus.WithError(err).Errorf("failure while deleting expired api session: %v", id)
}
}
s.appEnv.GetMetricsRegistry().Meter(ApiSessionEnforcerDelete).Mark(int64(len(ids)))
}
}
return nil
}