TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-11-06 18:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

增加清理老登录SESSION API

Browse Source
This commit is contained in:
刘祥超
2024-05-03 12:09:54 +08:00
parent 8ee7130ce9
commit 7ecdb0fc5c
2 changed files with 76 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
internal/db/models/login_session_dao.go
View File

@@ -84,7 +84,6 @@ func (this *LoginSessionDAO) WriteSessionValue(tx *dbs.Tx, sid string, key strin
return err return err
} }
var sessionId int64 var sessionId int64
var isNewSession = false
var valueMap = maps.Map{} var valueMap = maps.Map{}
if sessionOne != nil { if sessionOne != nil {
var session = sessionOne.(*LoginSession) var session = sessionOne.(*LoginSession)
@@ -113,7 +112,6 @@ func (this *LoginSessionDAO) WriteSessionValue(tx *dbs.Tx, sid string, key strin
if err != nil { if err != nil {
return err return err
} }
isNewSession = true
} }
var sessionOp = NewLoginSessionOperator() var sessionOp = NewLoginSessionOperator()
@@ -133,24 +131,17 @@ func (this *LoginSessionDAO) WriteSessionValue(tx *dbs.Tx, sid string, key strin
if adminId > 0 || userId > 0 { if adminId > 0 || userId > 0 {
sessionOp.AdminId = adminId sessionOp.AdminId = adminId
sessionOp.UserId = userId sessionOp.UserId = userId
if isNewSession {
// 删除此用户之前创建的SESSION不再保存以往的SESSION避免安全问题
err = this.Query(tx).
ResultPk().
Attr("adminId", adminId).
Attr("userId", userId).
Neq("sid", sid).
DeleteQuickly()
if err != nil {
return err
}
}
} }
// 写入数据 // 写入数据
valueMap[key] = value valueMap[key] = value
sessionOp.Values = valueMap.AsJSON() sessionOp.Values = valueMap.AsJSON()
// IP
if key == "@ip" {
sessionOp.Ip = value
}
return this.Save(tx, sessionOp) return this.Save(tx, sessionOp)
} }
@@ -182,3 +173,45 @@ func (this *LoginSessionDAO) FindSession(tx *dbs.Tx, sid string) (*LoginSession,
} }
return session, nil return session, nil
} }
func (this *LoginSessionDAO) ClearOldSessions(tx *dbs.Tx, adminId int64, userId int64, sid string, ip string) error {
// 删除此用户之前创建的SESSION
err := this.Query(tx).
Attr("adminId", adminId).
Attr("userId", userId).
Neq("sid", sid).
Neq("ip", ip). // 同一个IP允许多个SID因为有人可能会同时使用手机端和PC端
DeleteQuickly()
if err != nil {
return err
}
// 删除过多的SESSION
oldOnes, queryErr := this.Query(tx).
ResultPk().
Attr("adminId", adminId).
Attr("userId", userId).
Neq("sid", sid).
AscPk().
FindAll()
if queryErr != nil {
return queryErr
}
var oldCount = len(oldOnes)
if oldCount > 3 {
for _, oldOne := range oldOnes[:oldCount-3] {
var oldId = oldOne.(*LoginSession).Id
if oldOne.(*LoginSession).Sid == sid {
continue
}
err = this.Query(tx).
Pk(oldId).
DeleteQuickly()
if err != nil {
return err
}
}
}
return nil
}

28
internal/rpc/services/service_login_session.go
View File

@@ -84,3 +84,31 @@ func (this *LoginSessionService) FindLoginSession(ctx context.Context, req *pb.F
}, },
}, nil }, nil
} }
// ClearOldLoginSessions 清理老的SESSION
func (this *LoginSessionService) ClearOldLoginSessions(ctx context.Context, req *pb.ClearOldLoginSessionsRequest) (*pb.RPCSuccess, error) {
_, _, err := this.ValidateAdminAndUser(ctx, false)
if err != nil {
return nil, err
}
if len(req.Sid) == 0 {
return nil, errors.New("'token' should not be empty")
}
var tx = this.NullTx()
session, err := models.SharedLoginSessionDAO.FindSession(tx, req.Sid)
if err != nil {
return nil, err
}
if session == nil || !session.IsAvailable() {
return nil, errors.New("invalid sid")
}
err = models.SharedLoginSessionDAO.ClearOldSessions(tx, int64(session.AdminId), int64(session.UserId), req.Sid, req.Ip)
if err != nil {
return nil, err
}
return this.Success()
}