Skip to content

N
nexpie-grafana-theme
Commit 1a140ee1 by Marcus Efraimsson
Options

run token cleanup job when grafana starts, then each hour

parent 83650118
Showing with 29 additions and 25 deletions
conf/defaults.ini
...@@ -256,8 +256,8 @@ login_maximum_lifetime_days = 30 ...@@ -256,8 +256,8 @@ login_maximum_lifetime_days = 30
# How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes. # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
token_rotation_interval_minutes = 10 token_rotation_interval_minutes = 10
# How often should expired auth tokens be deleted from the database. The default is 7 days. # How often should expired auth tokens be deleted from the database. The default is each hour.
expired_tokens_cleanup_interval_days = 7 expired_tokens_cleanup_interval_hours = 1
# Set to true to disable (hide) the login form, useful if you use OAuth # Set to true to disable (hide) the login form, useful if you use OAuth
disable_login_form = false disable_login_form = false
......
conf/sample.ini
...@@ -236,8 +236,8 @@ log_queries = ...@@ -236,8 +236,8 @@ log_queries =
# How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes. # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
;token_rotation_interval_minutes = 10 ;token_rotation_interval_minutes = 10
# How often should expired auth tokens be deleted from the database. The default is 7 days. # How often should expired auth tokens be deleted from the database. The default is each hour.
;expired_tokens_cleanup_interval_days = 7 ;expired_tokens_cleanup_interval_hours = 1
# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false # Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
;disable_login_form = false ;disable_login_form = false
......
docs/sources/auth/overview.md
...@@ -64,8 +64,8 @@ login_maximum_lifetime_days = 30 ...@@ -64,8 +64,8 @@ login_maximum_lifetime_days = 30
# How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes. # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
token_rotation_interval_minutes = 10 token_rotation_interval_minutes = 10
# How often should expired auth tokens be deleted from the database. The default is 7 days. # How often should expired auth tokens be deleted from the database. The default is each hour.
expired_tokens_cleanup_interval_days = 7 expired_tokens_cleanup_interval_hours = 1
``` ```
### Anonymous authentication ### Anonymous authentication
......
pkg/services/auth/auth_token_test.go
...@@ -423,10 +423,10 @@ func createTestContext(t *testing.T) *testContext { ...@@ -423,10 +423,10 @@ func createTestContext(t *testing.T) *testContext {
tokenService := &UserAuthTokenService{ tokenService := &UserAuthTokenService{
SQLStore: sqlstore, SQLStore: sqlstore,
Cfg: &setting.Cfg{ Cfg: &setting.Cfg{
LoginMaxInactiveLifetimeDays: 7, LoginMaxInactiveLifetimeDays: 7,
LoginMaxLifetimeDays: 30, LoginMaxLifetimeDays: 30,
TokenRotationIntervalMinutes: 10, TokenRotationIntervalMinutes: 10,
ExpiredTokensCleanupIntervalDays: 1, ExpiredTokensCleanupIntervalHours: 1,
}, },
log: log.New("test-logger"), log: log.New("test-logger"),
} }
......
pkg/services/auth/token_cleanup.go
...@@ -6,25 +6,29 @@ import ( ...@@ -6,25 +6,29 @@ import (
) )
func (srv *UserAuthTokenService) Run(ctx context.Context) error { func (srv *UserAuthTokenService) Run(ctx context.Context) error {
if srv.Cfg.ExpiredTokensCleanupIntervalDays <= 0 { jobInterval := time.Duration(srv.Cfg.ExpiredTokensCleanupIntervalHours) * time.Hour
srv.log.Debug("cleanup of expired auth tokens are disabled")
return nil
}
jobInterval := time.Duration(srv.Cfg.ExpiredTokensCleanupIntervalDays) * 24 * time.Hour
srv.log.Debug("cleanup of expired auth tokens are enabled", "intervalDays", srv.Cfg.ExpiredTokensCleanupIntervalDays)
ticker := time.NewTicker(jobInterval) ticker := time.NewTicker(jobInterval)
maxInactiveLifetime := time.Duration(srv.Cfg.LoginMaxInactiveLifetimeDays) * 24 * time.Hour maxInactiveLifetime := time.Duration(srv.Cfg.LoginMaxInactiveLifetimeDays) * 24 * time.Hour
maxLifetime := time.Duration(srv.Cfg.LoginMaxLifetimeDays) * 24 * time.Hour maxLifetime := time.Duration(srv.Cfg.LoginMaxLifetimeDays) * 24 * time.Hour
err := srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() {
srv.deleteExpiredTokens(maxInactiveLifetime, maxLifetime)
})
if err != nil {
srv.log.Error("failed to lock and execite cleanup of expired auth token", "erro", err)
}
for { for {
select { select {
case <-ticker.C: case <-ticker.C:
srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() { err := srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() {
srv.deleteExpiredTokens(maxInactiveLifetime, maxLifetime) srv.deleteExpiredTokens(maxInactiveLifetime, maxLifetime)
}) })
if err != nil {
srv.log.Error("failed to lock and execite cleanup of expired auth token", "erro", err)
}
case <-ctx.Done(): case <-ctx.Done():
return ctx.Err() return ctx.Err()
} }
......
pkg/setting/setting.go
...@@ -233,11 +233,11 @@ type Cfg struct { ...@@ -233,11 +233,11 @@ type Cfg struct {
EnterpriseLicensePath string EnterpriseLicensePath string
// Auth // Auth
LoginCookieName string LoginCookieName string
LoginMaxInactiveLifetimeDays int LoginMaxInactiveLifetimeDays int
LoginMaxLifetimeDays int LoginMaxLifetimeDays int
TokenRotationIntervalMinutes int TokenRotationIntervalMinutes int
ExpiredTokensCleanupIntervalDays int ExpiredTokensCleanupIntervalHours int
} }
type CommandLineArgs struct { type CommandLineArgs struct {
...@@ -673,7 +673,7 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error { ...@@ -673,7 +673,7 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
if cfg.TokenRotationIntervalMinutes < 2 { if cfg.TokenRotationIntervalMinutes < 2 {
cfg.TokenRotationIntervalMinutes = 2 cfg.TokenRotationIntervalMinutes = 2
} }
cfg.ExpiredTokensCleanupIntervalDays = auth.Key("expired_tokens_cleanup_interval_days").MustInt(7) cfg.ExpiredTokensCleanupIntervalHours = auth.Key("expired_tokens_cleanup_interval_hours").MustInt(1)
DisableLoginForm = auth.Key("disable_login_form").MustBool(false) DisableLoginForm = auth.Key("disable_login_form").MustBool(false)
DisableSignoutMenu = auth.Key("disable_signout_menu").MustBool(false) DisableSignoutMenu = auth.Key("disable_signout_menu").MustBool(false)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment