-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
/
auth_session_cache.go
84 lines (69 loc) Β· 2.57 KB
/
auth_session_cache.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
package entity
import (
"fmt"
"time"
gc "github.com/patrickmn/go-cache"
"github.com/photoprism/photoprism/internal/event"
"github.com/photoprism/photoprism/pkg/clean"
"github.com/photoprism/photoprism/pkg/rnd"
)
// SessionCacheDuration specifies how long sessions are cached.
var SessionCacheDuration = 15 * time.Minute
var sessionCache = gc.New(SessionCacheDuration, time.Minute)
// FindSessionByAuthToken finds a session based on the auth token string or returns nil if it does not exist.
func FindSessionByAuthToken(token string) (*Session, error) {
return FindSession(rnd.SessionID(token))
}
// FindSession finds a session based on the id string or returns nil if it does not exist.
func FindSession(id string) (*Session, error) {
found := &Session{}
if !rnd.IsSessionID(id) {
return found, fmt.Errorf("invalid session id")
}
// Find the session in the cache with a fallback to the database.
if cacheData, ok := sessionCache.Get(id); ok && cacheData != nil {
if cached := cacheData.(*Session); !cached.Expired() {
// Set session activity timestamp, also update the last_active column in the sessions table if it is new.
cached.UpdateLastActive(cached.LastActive <= 0)
return cached, nil
} else if err := cached.Delete(); err != nil {
event.AuditErr([]string{cached.IP(), "session %s", "failed to delete after expiration", "%s"}, cached.RefID, err)
}
} else if res := Db().First(&found, "id = ?", id); res.RecordNotFound() {
return found, fmt.Errorf("invalid session")
} else if res.Error != nil {
return found, res.Error
} else if !rnd.IsSessionID(found.ID) {
return found, fmt.Errorf("invalid session id %s", clean.LogQuote(found.ID))
} else if !found.Expired() {
// Set session activity timestamp and update the last_active column in the sessions table.
found.UpdateLastActive(true)
CacheSession(found, SessionCacheDuration)
return found, nil
} else if err := found.Delete(); err != nil {
event.AuditErr([]string{found.IP(), "session %s", "failed to delete after expiration", "%s"}, found.RefID, err)
}
return found, fmt.Errorf("session expired")
}
// FlushSessionCache resets the session cache.
func FlushSessionCache() {
sessionCache.Flush()
}
// CacheSession adds a session to the cache if its ID is valid.
func CacheSession(s *Session, d time.Duration) {
if s == nil {
return
} else if !rnd.IsSessionID(s.ID) {
return
}
if d == 0 {
d = SessionCacheDuration
}
if s.PreviewToken != "" {
PreviewToken.Set(s.PreviewToken, s.ID)
}
if s.DownloadToken != "" {
DownloadToken.Set(s.DownloadToken, s.ID)
}
sessionCache.Set(s.ID, s, d)
}