mirror of
https://github.com/AlistGo/alist.git
synced 2025-11-25 03:15:10 +08:00
c64f899a63
* feat(auth): Added device session management - Added the `handleSession` function to manage user device sessions and verify client identity - Updated `auth.go` to call `handleSession` for device handling when a user logs in - Added the `Session` model to database migrations - Added `device.go` and `session.go` files to handle device session logic - Updated `settings.go` to add device-related configuration items, such as the maximum number of devices, device eviction policy, and session TTL * feat(session): Adds session management features - Added `SessionInactive` error type in `device.go` - Added session-related APIs in `router.go` to support listing and evicting sessions - Added `ListSessionsByUser`, `ListSessions`, and `MarkInactive` methods in `session.go` - Returns an appropriate error when the session state is `SessionInactive` * feat(auth): Marks the device session as invalid. - Import the `session` package into the `auth` module to handle device session status. - Add a check in the login logic. If `device_key` is obtained, call `session.MarkInactive` to mark the device session as invalid. - Store the invalid status in the context variable `session_inactive` for subsequent middleware checks. - Add a check in the session refresh logic to abort the process if the current session has been marked invalid. * feat(auth, session): Added device information processing and session management changes - Updated device handling logic in `auth.go` to pass user agent and IP information - Adjusted database queries in `session.go` to optimize session query fields and add `user_agent` and `ip` fields - Modified the `Handle` method to add `ua` and `ip` parameters to store the user agent and IP address - Added the `SessionResp` structure to return a session response containing `user_agent` and `ip` - Updated the `/admin/user/create` and `/webdav` endpoints to pass the user agent and IP address to the device handler
68 lines
1.8 KiB
Go
68 lines
1.8 KiB
Go
package device
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/alist-org/alist/v3/internal/conf"
|
|
"github.com/alist-org/alist/v3/internal/db"
|
|
"github.com/alist-org/alist/v3/internal/errs"
|
|
"github.com/alist-org/alist/v3/internal/model"
|
|
"github.com/alist-org/alist/v3/internal/setting"
|
|
"github.com/alist-org/alist/v3/pkg/utils"
|
|
"github.com/pkg/errors"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
// Handle verifies device sessions for a user and upserts current session.
|
|
func Handle(userID uint, deviceKey, ua, ip string) error {
|
|
ttl := setting.GetInt(conf.DeviceSessionTTL, 86400)
|
|
if ttl > 0 {
|
|
_ = db.DeleteSessionsBefore(time.Now().Unix() - int64(ttl))
|
|
}
|
|
|
|
ip = utils.MaskIP(ip)
|
|
|
|
now := time.Now().Unix()
|
|
sess, err := db.GetSession(userID, deviceKey)
|
|
if err == nil {
|
|
if sess.Status == model.SessionInactive {
|
|
return errors.WithStack(errs.SessionInactive)
|
|
}
|
|
sess.LastActive = now
|
|
sess.Status = model.SessionActive
|
|
sess.UserAgent = ua
|
|
sess.IP = ip
|
|
return db.UpsertSession(sess)
|
|
}
|
|
if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
|
|
return err
|
|
}
|
|
|
|
max := setting.GetInt(conf.MaxDevices, 0)
|
|
if max > 0 {
|
|
count, err := db.CountSessionsByUser(userID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if count >= int64(max) {
|
|
policy := setting.GetStr(conf.DeviceEvictPolicy, "deny")
|
|
if policy == "evict_oldest" {
|
|
oldest, err := db.GetOldestSession(userID)
|
|
if err == nil {
|
|
_ = db.DeleteSession(userID, oldest.DeviceKey)
|
|
}
|
|
} else {
|
|
return errors.WithStack(errs.TooManyDevices)
|
|
}
|
|
}
|
|
}
|
|
|
|
s := &model.Session{UserID: userID, DeviceKey: deviceKey, UserAgent: ua, IP: ip, LastActive: now, Status: model.SessionActive}
|
|
return db.CreateSession(s)
|
|
}
|
|
|
|
// Refresh updates last_active for the session.
|
|
func Refresh(userID uint, deviceKey string) {
|
|
_ = db.UpdateSessionLastActive(userID, deviceKey, time.Now().Unix())
|
|
}
|