feat: distinction between duration and lifetime

This commit is contained in:
əlemi 2023-03-10 00:30:58 +01:00
parent c09f67ec55
commit 2c3cc97317
Signed by: alemi
GPG key ID: A4895B84D311642C
3 changed files with 8 additions and 4 deletions

View file

@ -31,8 +31,12 @@ struct ConfigArgs {
#[arg(short, long, default_value = "127.0.0.1:26656")] #[arg(short, long, default_value = "127.0.0.1:26656")]
bind_addr: String, bind_addr: String,
/// Access tokens lifetime, in seconds /// How long an access token stays valid, in seconds
#[arg(long, default_value_t = 3600)] #[arg(long, default_value_t = 3600)]
token_duration: u32,
/// How long an access token is refreshable, in hours
#[arg(long, default_value_t = 168)]
token_lifetime: u32, token_lifetime: u32,
/// Valid time for join requests, in seconds /// Valid time for join requests, in seconds
@ -76,7 +80,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
let db = Database::connect(cfg.database.clone()).await?; let db = Database::connect(cfg.database.clone()).await?;
purge_expired_tokens(&db, Duration::seconds(cfg.token_lifetime.into())).await?; purge_expired_tokens(&db, Duration::hours(cfg.token_lifetime.into())).await?;
let secret = load_secret(&db).await?; let secret = load_secret(&db).await?;

View file

@ -14,7 +14,7 @@ pub async fn validate(State(state): State<AppState>, Json(payload): Json<proto::
).one(&state.db).await.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?; ).one(&state.db).await.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
if let Some(t) = token { if let Some(t) = token {
if Utc::now() - t.created_at > Duration::seconds(state.cfg.token_lifetime as i64) { if Utc::now() - t.created_at > Duration::seconds(state.cfg.token_duration as i64) {
warn!(target: "AUTH", "[VALIDATE] expired token!"); warn!(target: "AUTH", "[VALIDATE] expired token!");
return Err(StatusCode::UNAUTHORIZED); return Err(StatusCode::UNAUTHORIZED);
} }

View file

@ -24,7 +24,7 @@ pub async fn join(State(state): State<AppState>, Json(payload): Json<proto::Join
if tokens.iter().any(|x| { if tokens.iter().any(|x| {
x.access_token == payload.accessToken x.access_token == payload.accessToken
&& Utc::now() - x.created_at < Duration::seconds(state.cfg.token_lifetime as i64) && Utc::now() - x.created_at < Duration::seconds(state.cfg.token_duration as i64)
}) { }) {
state.store.lock().await.insert(payload.selectedProfile, JoinAttempt::new(payload.serverId.clone())); state.store.lock().await.insert(payload.selectedProfile, JoinAttempt::new(payload.serverId.clone()));
info!(target: "SESSION", "[JOIN] user {} has joined server {}", payload.selectedProfile, payload.serverId); info!(target: "SESSION", "[JOIN] user {} has joined server {}", payload.selectedProfile, payload.serverId);