internal/db/session.go

package db

import (
	"github.com/alist-org/alist/v3/internal/model"
	"github.com/pkg/errors"
	"gorm.io/gorm/clause"
)

func GetSession(userID uint, deviceKey string) (*model.Session, error) {
	s := model.Session{UserID: userID, DeviceKey: deviceKey}
	if err := db.Select("user_id, device_key, last_active, status, user_agent, ip").Where(&s).First(&s).Error; err != nil {
		return nil, errors.Wrap(err, "failed find session")
	}
	return &s, nil
}

func CreateSession(s *model.Session) error {
	return errors.WithStack(db.Create(s).Error)
}

func UpsertSession(s *model.Session) error {
	return errors.WithStack(db.Clauses(clause.OnConflict{UpdateAll: true}).Create(s).Error)
}

func DeleteSession(userID uint, deviceKey string) error {
	return errors.WithStack(db.Where("user_id = ? AND device_key = ?", userID, deviceKey).Delete(&model.Session{}).Error)
}

func CountSessionsByUser(userID uint) (int64, error) {
	var count int64
	err := db.Model(&model.Session{}).Where("user_id = ?", userID).Count(&count).Error
	return count, errors.WithStack(err)
}

func DeleteSessionsBefore(ts int64) error {
	return errors.WithStack(db.Where("last_active < ?", ts).Delete(&model.Session{}).Error)
}

func GetOldestSession(userID uint) (*model.Session, error) {
	var s model.Session
	if err := db.Where("user_id = ?", userID).Order("last_active ASC").First(&s).Error; err != nil {
		return nil, errors.Wrap(err, "failed get oldest session")
	}
	return &s, nil
}

func UpdateSessionLastActive(userID uint, deviceKey string, lastActive int64) error {
	return errors.WithStack(db.Model(&model.Session{}).Where("user_id = ? AND device_key = ?", userID, deviceKey).Update("last_active", lastActive).Error)
}

func ListSessionsByUser(userID uint) ([]model.Session, error) {
	var sessions []model.Session
	err := db.Select("user_id, device_key, last_active, status, user_agent, ip").Where("user_id = ? AND status = ?", userID, model.SessionActive).Find(&sessions).Error
	return sessions, errors.WithStack(err)
}

func ListSessions() ([]model.Session, error) {
	var sessions []model.Session
	err := db.Select("user_id, device_key, last_active, status, user_agent, ip").Where("status = ?", model.SessionActive).Find(&sessions).Error
	return sessions, errors.WithStack(err)
}

func MarkInactive(sessionID string) error {
	return errors.WithStack(db.Model(&model.Session{}).Where("device_key = ?", sessionID).Update("status", model.SessionInactive).Error)
}
feat: implement session management (#9286) * feat(auth): Added device session management - Added the `handleSession` function to manage user device sessions and verify client identity - Updated `auth.go` to call `handleSession` for device handling when a user logs in - Added the `Session` model to database migrations - Added `device.go` and `session.go` files to handle device session logic - Updated `settings.go` to add device-related configuration items, such as the maximum number of devices, device eviction policy, and session TTL * feat(session): Adds session management features - Added `SessionInactive` error type in `device.go` - Added session-related APIs in `router.go` to support listing and evicting sessions - Added `ListSessionsByUser`, `ListSessions`, and `MarkInactive` methods in `session.go` - Returns an appropriate error when the session state is `SessionInactive` * feat(auth): Marks the device session as invalid. - Import the `session` package into the `auth` module to handle device session status. - Add a check in the login logic. If `device_key` is obtained, call `session.MarkInactive` to mark the device session as invalid. - Store the invalid status in the context variable `session_inactive` for subsequent middleware checks. - Add a check in the session refresh logic to abort the process if the current session has been marked invalid. * feat(auth, session): Added device information processing and session management changes - Updated device handling logic in `auth.go` to pass user agent and IP information - Adjusted database queries in `session.go` to optimize session query fields and add `user_agent` and `ip` fields - Modified the `Handle` method to add `ua` and `ip` parameters to store the user agent and IP address - Added the `SessionResp` structure to return a session response containing `user_agent` and `ip` - Updated the `/admin/user/create` and `/webdav` endpoints to pass the user agent and IP address to the device handler 2025-08-25 19:46:38 +08:00			`package db`

			`import (`
			`"github.com/alist-org/alist/v3/internal/model"`
			`"github.com/pkg/errors"`
			`"gorm.io/gorm/clause"`
			`)`

			`func GetSession(userID uint, deviceKey string) (*model.Session, error) {`
			`s := model.Session{UserID: userID, DeviceKey: deviceKey}`
			`if err := db.Select("user_id, device_key, last_active, status, user_agent, ip").Where(&s).First(&s).Error; err != nil {`
			`return nil, errors.Wrap(err, "failed find session")`
			`}`
			`return &s, nil`
			`}`

			`func CreateSession(s *model.Session) error {`
			`return errors.WithStack(db.Create(s).Error)`
			`}`

			`func UpsertSession(s *model.Session) error {`
			`return errors.WithStack(db.Clauses(clause.OnConflict{UpdateAll: true}).Create(s).Error)`
			`}`

			`func DeleteSession(userID uint, deviceKey string) error {`
			`return errors.WithStack(db.Where("user_id = ? AND device_key = ?", userID, deviceKey).Delete(&model.Session{}).Error)`
			`}`

			`func CountSessionsByUser(userID uint) (int64, error) {`
			`var count int64`
			`err := db.Model(&model.Session{}).Where("user_id = ?", userID).Count(&count).Error`
			`return count, errors.WithStack(err)`
			`}`

			`func DeleteSessionsBefore(ts int64) error {`
			`return errors.WithStack(db.Where("last_active < ?", ts).Delete(&model.Session{}).Error)`
			`}`

			`func GetOldestSession(userID uint) (*model.Session, error) {`
			`var s model.Session`
			`if err := db.Where("user_id = ?", userID).Order("last_active ASC").First(&s).Error; err != nil {`
			`return nil, errors.Wrap(err, "failed get oldest session")`
			`}`
			`return &s, nil`
			`}`

			`func UpdateSessionLastActive(userID uint, deviceKey string, lastActive int64) error {`
			`return errors.WithStack(db.Model(&model.Session{}).Where("user_id = ? AND device_key = ?", userID, deviceKey).Update("last_active", lastActive).Error)`
			`}`

			`func ListSessionsByUser(userID uint) ([]model.Session, error) {`
			`var sessions []model.Session`
			`err := db.Select("user_id, device_key, last_active, status, user_agent, ip").Where("user_id = ? AND status = ?", userID, model.SessionActive).Find(&sessions).Error`
			`return sessions, errors.WithStack(err)`
			`}`

			`func ListSessions() ([]model.Session, error) {`
			`var sessions []model.Session`
			`err := db.Select("user_id, device_key, last_active, status, user_agent, ip").Where("status = ?", model.SessionActive).Find(&sessions).Error`
			`return sessions, errors.WithStack(err)`
			`}`

			`func MarkInactive(sessionID string) error {`
			`return errors.WithStack(db.Model(&model.Session{}).Where("device_key = ?", sessionID).Update("status", model.SessionInactive).Error)`
			`}`