feat: purge expired tokens on startup

This commit is contained in:
əlemi 2023-03-07 16:29:55 +01:00
parent b40775c165
commit c09f67ec55
Signed by: alemi
GPG key ID: A4895B84D311642C
2 changed files with 14 additions and 4 deletions

View file

@ -5,7 +5,7 @@ mod persistence;
use std::{collections::HashMap, sync::Arc}; use std::{collections::HashMap, sync::Arc};
use chrono::{DateTime, Utc}; use chrono::{DateTime, Utc, Duration};
use clap::Parser; use clap::Parser;
use axum::{Router, routing::{get, post}, response::IntoResponse, Json, http::StatusCode}; use axum::{Router, routing::{get, post}, response::IntoResponse, Json, http::StatusCode};
use sea_orm::{DatabaseConnection, Database}; use sea_orm::{DatabaseConnection, Database};
@ -18,7 +18,7 @@ use tracing::{info, metadata::LevelFilter};
use crate::{routes::{ use crate::{routes::{
auth::{authenticate, validate, refresh}, auth::{authenticate, validate, refresh},
session::{join, has_joined_wrapper, profile}, register::register_unmigrated, session::{join, has_joined_wrapper, profile}, register::register_unmigrated,
}, persistence::load_secret}; }, persistence::{load_secret, purge_expired_tokens}};
/// Reimplementation of legacy auth server for minecraft /// Reimplementation of legacy auth server for minecraft
#[derive(Parser, Debug, Clone)] #[derive(Parser, Debug, Clone)]
@ -76,6 +76,8 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
let db = Database::connect(cfg.database.clone()).await?; let db = Database::connect(cfg.database.clone()).await?;
purge_expired_tokens(&db, Duration::seconds(cfg.token_lifetime.into())).await?;
let secret = load_secret(&db).await?; let secret = load_secret(&db).await?;
let store = Arc::new(Mutex::new(HashMap::new())); // TODO do this as an Actor let store = Arc::new(Mutex::new(HashMap::new())); // TODO do this as an Actor

View file

@ -1,8 +1,8 @@
use chrono::Utc; use chrono::{Utc, Duration};
use hmac::{Hmac, Mac}; use hmac::{Hmac, Mac};
use jwt::SignWithKey; use jwt::SignWithKey;
use rand::{rngs::OsRng, Rng, distributions::Alphanumeric}; use rand::{rngs::OsRng, Rng, distributions::Alphanumeric};
use sea_orm::{EntityTrait, DatabaseConnection, ActiveValue::NotSet, Set, DbErr}; use sea_orm::{EntityTrait, DatabaseConnection, ActiveValue::NotSet, Set, DbErr, QueryFilter, DeleteResult, ColumnTrait};
use sha2::Sha384; use sha2::Sha384;
use tracing::info; use tracing::info;
use std::collections::BTreeMap; use std::collections::BTreeMap;
@ -22,6 +22,14 @@ pub fn new_auth_token(secret: &[u8], fields: Vec<(&str, &str)>) -> Result<String
Ok(token) Ok(token)
} }
pub async fn purge_expired_tokens(db: &DatabaseConnection, lifetime: Duration) -> Result<u64, DbErr> {
let res = entities::token::Entity::delete_many().filter(
entities::token::Column::CreatedAt.lt(Utc::now() - lifetime)
).exec(db).await?;
Ok(res.rows_affected)
}
pub async fn load_secret(db: &DatabaseConnection) -> Result<String, DbErr> { pub async fn load_secret(db: &DatabaseConnection) -> Result<String, DbErr> {
let secret; let secret;