mirror of
https://github.com/AlistGo/alist.git
synced 2025-11-25 03:15:10 +08:00
c64f899a63
* feat(auth): Added device session management - Added the `handleSession` function to manage user device sessions and verify client identity - Updated `auth.go` to call `handleSession` for device handling when a user logs in - Added the `Session` model to database migrations - Added `device.go` and `session.go` files to handle device session logic - Updated `settings.go` to add device-related configuration items, such as the maximum number of devices, device eviction policy, and session TTL * feat(session): Adds session management features - Added `SessionInactive` error type in `device.go` - Added session-related APIs in `router.go` to support listing and evicting sessions - Added `ListSessionsByUser`, `ListSessions`, and `MarkInactive` methods in `session.go` - Returns an appropriate error when the session state is `SessionInactive` * feat(auth): Marks the device session as invalid. - Import the `session` package into the `auth` module to handle device session status. - Add a check in the login logic. If `device_key` is obtained, call `session.MarkInactive` to mark the device session as invalid. - Store the invalid status in the context variable `session_inactive` for subsequent middleware checks. - Add a check in the session refresh logic to abort the process if the current session has been marked invalid. * feat(auth, session): Added device information processing and session management changes - Updated device handling logic in `auth.go` to pass user agent and IP information - Adjusted database queries in `session.go` to optimize session query fields and add `user_agent` and `ip` fields - Modified the `Handle` method to add `ua` and `ip` parameters to store the user agent and IP address - Added the `SessionResp` structure to return a session response containing `user_agent` and `ip` - Updated the `/admin/user/create` and `/webdav` endpoints to pass the user agent and IP address to the device handler
93 lines
2.1 KiB
Go
93 lines
2.1 KiB
Go
package handles
|
|
|
|
import (
|
|
"github.com/alist-org/alist/v3/internal/db"
|
|
"github.com/alist-org/alist/v3/internal/model"
|
|
"github.com/alist-org/alist/v3/server/common"
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
type SessionResp struct {
|
|
SessionID string `json:"session_id"`
|
|
UserID uint `json:"user_id,omitempty"`
|
|
LastActive int64 `json:"last_active"`
|
|
Status int `json:"status"`
|
|
UA string `json:"ua"`
|
|
IP string `json:"ip"`
|
|
}
|
|
|
|
func ListMySessions(c *gin.Context) {
|
|
user := c.MustGet("user").(*model.User)
|
|
sessions, err := db.ListSessionsByUser(user.ID)
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 500)
|
|
return
|
|
}
|
|
resp := make([]SessionResp, len(sessions))
|
|
for i, s := range sessions {
|
|
resp[i] = SessionResp{
|
|
SessionID: s.DeviceKey,
|
|
LastActive: s.LastActive,
|
|
Status: s.Status,
|
|
UA: s.UserAgent,
|
|
IP: s.IP,
|
|
}
|
|
}
|
|
common.SuccessResp(c, resp)
|
|
}
|
|
|
|
type EvictSessionReq struct {
|
|
SessionID string `json:"session_id"`
|
|
}
|
|
|
|
func EvictMySession(c *gin.Context) {
|
|
var req EvictSessionReq
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
common.ErrorResp(c, err, 400)
|
|
return
|
|
}
|
|
user := c.MustGet("user").(*model.User)
|
|
if _, err := db.GetSession(user.ID, req.SessionID); err != nil {
|
|
common.ErrorResp(c, err, 400)
|
|
return
|
|
}
|
|
if err := db.MarkInactive(req.SessionID); err != nil {
|
|
common.ErrorResp(c, err, 500)
|
|
return
|
|
}
|
|
common.SuccessResp(c)
|
|
}
|
|
|
|
func ListSessions(c *gin.Context) {
|
|
sessions, err := db.ListSessions()
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 500)
|
|
return
|
|
}
|
|
resp := make([]SessionResp, len(sessions))
|
|
for i, s := range sessions {
|
|
resp[i] = SessionResp{
|
|
SessionID: s.DeviceKey,
|
|
UserID: s.UserID,
|
|
LastActive: s.LastActive,
|
|
Status: s.Status,
|
|
UA: s.UserAgent,
|
|
IP: s.IP,
|
|
}
|
|
}
|
|
common.SuccessResp(c, resp)
|
|
}
|
|
|
|
func EvictSession(c *gin.Context) {
|
|
var req EvictSessionReq
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
common.ErrorResp(c, err, 400)
|
|
return
|
|
}
|
|
if err := db.MarkInactive(req.SessionID); err != nil {
|
|
common.ErrorResp(c, err, 500)
|
|
return
|
|
}
|
|
common.SuccessResp(c)
|
|
}
|