alist

千石 eb4c35db75 feat(device/session): per-user max devices & TTL, WebDAV reactivation, admin clean/list APIs (#9315 )

* feat(auth): Improved device session management logic

- Replaced the `userID` parameter with the `user` object to support operations with more user attributes.
- Introduced `SessionTTL` and `MaxDevices` properties in the `Handle` and `EnsureActiveOnLogin` functions to support user-defined settings.
- Adjusted the session creation and verification logic in `session.go` to support user-defined device count and session duration.
- Added help documentation in `setting.go` to explain the configuration purposes of `MaxDevices` and `DeviceSessionTTL`.
- Added optional `MaxDevices` and `SessionTTL` properties to the user entity in `user.go` and persisted these settings across user updates.
- Modified the device handling logic in `webdav.go` to adapt to the new user object parameters.

* feat(session): Added session cleanup functionality

- Added the `/clean` route to the route for session cleanup
- Added the `DeleteInactiveSessions` method to support deleting inactive sessions by user ID
- Added the `DeleteSessionByID` method to delete a specific session by session ID
- Defined the `CleanSessionsReq` request structure to support passing a user ID or session ID
- Implemented the `CleanSessions` interface logic to perform corresponding session cleanup operations based on the request parameters

* feat(session): Added session list functionality with usernames

- Added the `SessionWithUser` structure, which includes `Session` and `Username` fields.
- Added the `ListSessionsWithUser` function, which queries and returns a list of sessions with usernames.
- Used a `JOIN` operation to join the session and user tables to retrieve the username associated with each session.
- Changed `ListSessions` to `ListSessionsWithUser` to ensure that the username is retrieved.

* feat(webdav): Enhanced WebDAV authentication logic

- Added logic for generating device keys based on the Client-Id, prioritizing those obtained from the request header.
- If the Client-Id is missing, attempts to obtain it from the cookie. If that still doesn't exist, generates a random suffix for the client IP address as an identifier.
- Stores the generated Client-Id in a cookie to ensure consistency across subsequent requests.
- Use the device.EnsureActiveOnLogin method instead of the original Handle method to reactivate inactive sessions.

2025-09-11 11:27:07 +08:00