From 1f70280503d78362d49d5c25f2bf0ea88eb1e64b Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Mon, 18 Mar 2024 12:43:13 +0800
Subject: [PATCH] =?UTF-8?q?=E6=8F=90=E5=8D=87=E7=99=BB=E5=BD=95SESSION?=
 =?UTF-8?q?=E5=AE=89=E5=85=A8=E6=80=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/db/models/login_session_dao.go | 32 ++++---------------------
 internal/setup/sql_upgrade.go           | 13 ++++++++++
 internal/setup/sql_upgrade_ext_test.go  | 23 ++++++++++++++++++
 3 files changed, 40 insertions(+), 28 deletions(-)

diff --git a/internal/db/models/login_session_dao.go b/internal/db/models/login_session_dao.go
index 98b3df46..3e469d1e 100644
--- a/internal/db/models/login_session_dao.go
+++ b/internal/db/models/login_session_dao.go
@@ -135,40 +135,16 @@ func (this *LoginSessionDAO) WriteSessionValue(tx *dbs.Tx, sid string, key strin
 		sessionOp.UserId = userId
 
 		if isNewSession {
-			// 删除此用户之前创建的SESSION，防止单个用户SESSION过多
-			// TODO 将来改成按照活跃时间排序
-			const maxSessionsPerUser = 10
-			oldOnes, err := this.Query(tx).
+			// 删除此用户之前创建的SESSION，不再保存以往的SESSION，避免安全问题
+			err = this.Query(tx).
 				ResultPk().
 				Attr("adminId", adminId).
 				Attr("userId", userId).
-				Asc("createdAt").
-				FindAll()
+				Neq("sid", sid).
+				DeleteQuickly()
 			if err != nil {
 				return err
 			}
-			var countOldOnes = len(oldOnes)
-			if countOldOnes > maxSessionsPerUser {
-				var countDeleted int
-				for _, oldOne := range oldOnes {
-					var oldSessionId = int64(oldOne.(*LoginSession).Id)
-					if oldSessionId == sessionId {
-						continue
-					}
-
-					if countDeleted < countOldOnes-maxSessionsPerUser {
-						err = this.Query(tx).
-							Pk(oldSessionId).
-							DeleteQuickly()
-						if err != nil {
-							return err
-						}
-						countDeleted++
-					} else {
-						break
-					}
-				}
-			}
 		}
 	}
 
diff --git a/internal/setup/sql_upgrade.go b/internal/setup/sql_upgrade.go
index d15773d0..5d9e9721 100644
--- a/internal/setup/sql_upgrade.go
+++ b/internal/setup/sql_upgrade.go
@@ -106,6 +106,9 @@ var upgradeFuncs = []*upgradeVersion{
 	{
 		"1.3.2", upgradeV1_3_2,
 	},
+	{
+		"1.3.4", upgradeV1_3_4,
+	},
 }
 
 // UpgradeSQLData 升级SQL数据
@@ -1230,3 +1233,13 @@ func upgradeV1_3_2(db *dbs.DB) error {
 
 	return nil
 }
+
+// 1.3.4
+func upgradeV1_3_4(db *dbs.DB) error {
+	_, err := db.Exec("DELETE FROM edgeLoginSessions WHERE adminId>0")
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/internal/setup/sql_upgrade_ext_test.go b/internal/setup/sql_upgrade_ext_test.go
index 1d846199..15e3a77b 100644
--- a/internal/setup/sql_upgrade_ext_test.go
+++ b/internal/setup/sql_upgrade_ext_test.go
@@ -27,3 +27,26 @@ func TestUpgradeSQLData_v0_5_6(t *testing.T) {
 	}
 	t.Log("ok")
 }
+
+
+func TestUpgradeSQLData_v1_3_4(t *testing.T) {
+	db, err := dbs.NewInstanceFromConfig(&dbs.DBConfig{
+		Driver: "mysql",
+		Dsn:    "root:123456@tcp(127.0.0.1:3306)/db_edge?charset=utf8mb4&timeout=30s",
+		Prefix: "edge",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		_ = db.Close()
+	}()
+
+	err = upgradeV1_3_4(db)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Log("ok")
+}
+
+