8000 fix(api): delete corrupted sessions (#4964) · ovh/cds@53cb881 · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Commit 53cb881

Browse files
fsaminfsamin
authored
fix(api): delete corrupted sessions (#4964)
1 parent 091e083 commit 53cb881

File tree

3 files changed

+50
-0
lines changed

3 files changed

+50
-0
lines changed

engine/api/authentication/dao_session.go

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,30 @@ import (
1111
"github.com/ovh/cds/sdk/log"
1212
)
1313

14+
// UnsafeLoadCorruptedSessions should not be used
15+
func UnsafeLoadCorruptedSessions(ctx context.Context, db gorp.SqlExecutor) ([]sdk.AuthSession, error) {
16+
ss := []authSession{}
17+
q := gorpmapping.NewQuery(`SELECT *
18+
FROM auth_session
19+
ORDER BY created ASC`)
20+
if err := gorpmapping.GetAll(ctx, db, q, &ss); err != nil {
< 10000 /td>21+
return nil, sdk.WrapError(err, "cannot get auth sessions")
22+
}
23+
24+
// Check signature of data, to get only invalid signatures
25+
corruptedSessions := make([]sdk.AuthSession, 0, len(ss))
26+
for i := range ss {
27+
isValid, _ := gorpmapping.CheckSignature(ss[i], ss[i].Signature)
28+
// If the signature is valid, to not consider the session as corrupted
29+
if isValid || ss[i].ID == "" {
30+
continue
31+
}
32+
corruptedSessions = append(corruptedSessions, ss[i].AuthSession)
33+
}
34+
log.Info(ctx, "authentication.UnsafeLoadCorruptedSessions> %d corrupted sessions", len(corruptedSessions))
35+
return corruptedSessions, nil
36+
}
37+
1438
func getSessions(ctx context.Context, db gorp.SqlExecutor, q gorpmapping.Query, opts ...LoadSessionOptionFunc) ([]sdk.AuthSession, error) {
1539
ss := []authSession{}
1640

engine/api/authentication/dao_session_test.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -126,3 +126,14 @@ func TestDeleteSession(t *testing.T) {
126126
res, err = authentication.LoadSessionByID(context.TODO(), db, s.ID)
127127
test.Error(t, err)
128128
}
129+
130+
func Test_GetAndDeleteCorruptedSessions(t *testing.T) {
131+
db, _, end := test.SetupPG(t)
132+
defer end()
133+
sessions, err := authentication.UnsafeLoadCorruptedSessions(context.TODO(), db)
134+
require.NoError(t, err)
135+
for _, s := range sessions {
136+
err := authentication.DeleteSessionByID(db, s.ID)
137+
require.NoError(t, err)
138+
}
139+
}

engine/api/authentication/session.go

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,9 @@ func SessionCleaner(ctx context.Context, dbFunc func() *gorp.DbMap) {
7474
log.Info(ctx, "Initializing session cleaner...")
7575
db := dbFunc()
7676
tick := time.NewTicker(10 * time.Second)
77+
tickCorruped := time.NewTicker(12 * time.Hour)
78+
defer tick.Stop()
79+
defer tickCorruped.Stop()
7780

7881
for {
7982
select {
@@ -93,6 +96,18 @@ func SessionCleaner(ctx context.Context, dbFunc func() *gorp.DbMap) {
9396
}
9497
log.Debug("SessionCleaner> expired session %s deleted", s.ID)
9598
}
99+
case <-tickCorruped.C:
100+
// This part of the goroutine should be remove in a next release
101+
sessions, err := UnsafeLoadCorruptedSessions(ctx, db)
102+
if err != nil {
103+
log.Error(ctx, "SessionCleaner> unable to load corrupted sessions %v", err)
104+
}
105+
for _, s := range sessions {
106+
if err := DeleteSessionByID(db, s.ID); err != nil {
107+
log.Error(ctx, "SessionCleaner> unable to delete session %s: %v", s.ID, err)
108+
}
109+
log.Debug("SessionCleaner> corrupted session %s deleted", s.ID)
110+
}
96111
}
97112
}
98113
}

0 commit comments

Comments
 (0)
0