2022-09-28 09:01:17 +02:00
|
|
|
package entity
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
gc "github.com/patrickmn/go-cache"
|
|
|
|
|
2022-10-03 22:59:29 +02:00
|
|
|
"github.com/photoprism/photoprism/internal/event"
|
2022-09-28 09:01:17 +02:00
|
|
|
"github.com/photoprism/photoprism/pkg/clean"
|
|
|
|
"github.com/photoprism/photoprism/pkg/rnd"
|
|
|
|
)
|
|
|
|
|
2022-10-03 23:46:20 +02:00
|
|
|
// Create a new session cache with an expiration time of 15 minutes.
|
2022-09-28 09:01:17 +02:00
|
|
|
var sessionCacheExpiration = 15 * time.Minute
|
|
|
|
var sessionCache = gc.New(sessionCacheExpiration, 5*time.Minute)
|
|
|
|
|
2024-01-06 17:35:19 +01:00
|
|
|
// FindSessionByAuthToken finds a session based on the auth token string or returns nil if it does not exist.
|
|
|
|
func FindSessionByAuthToken(token string) (*Session, error) {
|
|
|
|
return FindSession(rnd.SessionID(token))
|
|
|
|
}
|
|
|
|
|
|
|
|
// FindSession finds a session based on the id string or returns nil if it does not exist.
|
2022-10-03 23:39:36 +02:00
|
|
|
func FindSession(id string) (*Session, error) {
|
|
|
|
found := &Session{}
|
2022-09-28 09:01:17 +02:00
|
|
|
|
|
|
|
if !rnd.IsSessionID(id) {
|
2024-01-06 17:35:19 +01:00
|
|
|
return found, fmt.Errorf("invalid session id")
|
2022-09-28 09:01:17 +02:00
|
|
|
}
|
|
|
|
|
2022-10-03 23:39:36 +02:00
|
|
|
// Find the session in the cache with a fallback to the database.
|
|
|
|
if cacheData, ok := sessionCache.Get(id); ok && cacheData != nil {
|
|
|
|
if cached := cacheData.(*Session); !cached.Expired() {
|
|
|
|
cached.LastActive = UnixTime()
|
|
|
|
return cached, nil
|
|
|
|
} else if err := cached.Delete(); err != nil {
|
|
|
|
event.AuditErr([]string{cached.IP(), "session %s", "failed to delete after expiration", "%s"}, cached.RefID, err)
|
2022-10-03 22:59:29 +02:00
|
|
|
}
|
2022-10-03 23:39:36 +02:00
|
|
|
} else if res := Db().First(&found, "id = ?", id); res.RecordNotFound() {
|
2024-01-10 16:54:13 +01:00
|
|
|
return found, fmt.Errorf("invalid session")
|
2022-10-03 23:39:36 +02:00
|
|
|
} else if res.Error != nil {
|
|
|
|
return found, res.Error
|
|
|
|
} else if !rnd.IsSessionID(found.ID) {
|
2024-01-10 16:54:13 +01:00
|
|
|
return found, fmt.Errorf("invalid session id %s", clean.LogQuote(found.ID))
|
2022-10-03 23:39:36 +02:00
|
|
|
} else if !found.Expired() {
|
|
|
|
found.UpdateLastActive()
|
2022-10-13 22:11:02 +02:00
|
|
|
CacheSession(found, sessionCacheExpiration)
|
2022-10-03 23:39:36 +02:00
|
|
|
return found, nil
|
|
|
|
} else if err := found.Delete(); err != nil {
|
|
|
|
event.AuditErr([]string{found.IP(), "session %s", "failed to delete after expiration", "%s"}, found.RefID, err)
|
2022-09-28 09:01:17 +02:00
|
|
|
}
|
|
|
|
|
2024-01-10 16:54:13 +01:00
|
|
|
return found, fmt.Errorf("session expired")
|
2022-09-28 09:01:17 +02:00
|
|
|
}
|
2022-10-03 23:46:20 +02:00
|
|
|
|
|
|
|
// FlushSessionCache resets the session cache.
|
|
|
|
func FlushSessionCache() {
|
|
|
|
sessionCache.Flush()
|
|
|
|
}
|
|
|
|
|
2022-10-13 22:11:02 +02:00
|
|
|
// CacheSession adds a session to the cache if its ID is valid.
|
|
|
|
func CacheSession(s *Session, d time.Duration) {
|
|
|
|
if s == nil {
|
|
|
|
return
|
|
|
|
} else if !rnd.IsSessionID(s.ID) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if d == 0 {
|
|
|
|
d = sessionCacheExpiration
|
|
|
|
}
|
|
|
|
|
|
|
|
if s.PreviewToken != "" {
|
|
|
|
PreviewToken.Set(s.PreviewToken, s.ID)
|
|
|
|
}
|
|
|
|
|
|
|
|
if s.DownloadToken != "" {
|
|
|
|
DownloadToken.Set(s.DownloadToken, s.ID)
|
|
|
|
}
|
|
|
|
|
|
|
|
sessionCache.Set(s.ID, s, d)
|
|
|
|
}
|
|
|
|
|
|
|
|
// DeleteSession permanently deletes a session.
|
|
|
|
func DeleteSession(s *Session) error {
|
|
|
|
if s == nil {
|
|
|
|
return nil
|
|
|
|
} else if !rnd.IsSessionID(s.ID) {
|
|
|
|
return fmt.Errorf("invalid session id")
|
|
|
|
}
|
|
|
|
|
|
|
|
DeleteFromSessionCache(s.ID)
|
|
|
|
|
|
|
|
if s.PreviewToken != "" {
|
|
|
|
PreviewToken.Set(s.PreviewToken, s.ID)
|
|
|
|
}
|
|
|
|
|
|
|
|
if s.DownloadToken != "" {
|
|
|
|
DownloadToken.Set(s.DownloadToken, s.ID)
|
|
|
|
}
|
|
|
|
|
|
|
|
return UnscopedDb().Delete(s).Error
|
|
|
|
}
|
|
|
|
|
2022-10-03 23:46:20 +02:00
|
|
|
// DeleteFromSessionCache deletes a session from the cache.
|
|
|
|
func DeleteFromSessionCache(id string) {
|
|
|
|
if id == "" {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
sessionCache.Delete(id)
|
|
|
|
}
|