~migadu/alps-devel

session: force a session to be terminated after 30 days v1 PROPOSED

Silvan Jegen: 1
 session: force a session to be terminated after 30 days

 1 files changed, 13 insertions(+), 2 deletions(-)
Simon Ser <contact@emersion.fr> wrote:
Next
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.sr.ht/~migadu/alps-devel/patches/56620/mbox | git am -3
Learn more about email & git

[PATCH] session: force a session to be terminated after 30 days Export this patch

We don't want to keep a session alive forever just because someone has
their browser tab with an connection to an alps instance open.

This resolves https://todo.sr.ht/~migadu/alps/146

Signed-off-by: Silvan Jegen <s.jegen@gmail.com>
---
 session.go | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/session.go b/session.go
index a85bff6..2de5620 100644
--- a/session.go
+++ b/session.go
@@ -19,8 +19,15 @@ import (
)

// TODO: make this configurable
const sessionDuration = 30 * time.Minute
const maxAttachmentSize = 32 << 20 // 32 MiB
const (
	sessionDuration   = 30 * time.Minute
	maxAttachmentSize = 32 << 20 // 32 MiB

	// mandatoryLogoutAfter indicates the amount of time that a
	// session can be active before it is terminated and the user has
	// to login again.
	mandatoryLogoutAfter = 30 * 24 * time.Hour
)

func generateToken() (string, error) {
	b := make([]byte, 32)
@@ -306,6 +313,7 @@ func (sm *SessionManager) Put(username, password string) (*Session, error) {

	go func() {
		timer := time.NewTimer(sessionDuration)
		mandatoryLogout := time.NewTimer(mandatoryLogoutAfter)

		alive := true
		for alive {
@@ -319,10 +327,13 @@ func (sm *SessionManager) Put(username, password string) (*Session, error) {
				alive = false
			case <-s.closed:
				alive = false
			case <-mandatoryLogout.C:
				alive = false
			}
		}

		timer.Stop()
		mandatoryLogout.Stop()

		s.imapLocker.Lock()
		if s.imapConn != nil {
-- 
2.47.1
Thanks for sending a patch! Not sure this is really something desirable
though. I've added a comment on the issue.