letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Clear out last active IP on each sessions after 30 days (#5448)

Browse Source
This commit is contained in:
Quentin Gliech
2026-01-26 13:57:01 +01:00
committed by GitHub
parent 4806da8f2d 270236cb4a
commit 93a72203a7
15 changed files with 547 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
crates/storage-pg/.sqlx/query-535225206622b9190ccf42f7d66268818dc84c37b168ab45e582e0a727796a06.json generated Normal file
View File

@@ -0,0 +1,30 @@
{
"db_name": "PostgreSQL",
"query": "\n WITH to_update AS (\n SELECT user_session_id, last_active_at\n FROM user_sessions\n WHERE last_active_ip IS NOT NULL\n AND last_active_at IS NOT NULL\n AND ($1::timestamptz IS NULL OR last_active_at >= $1)\n AND last_active_at < $2\n ORDER BY last_active_at ASC\n LIMIT $3\n FOR UPDATE\n ),\n updated AS (\n UPDATE user_sessions\n SET last_active_ip = NULL\n FROM to_update\n WHERE user_sessions.user_session_id = to_update.user_session_id\n RETURNING user_sessions.last_active_at\n )\n SELECT COUNT(*) AS \"count!\", MAX(last_active_at) AS last_active_at FROM updated\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "count!",
"type_info": "Int8"
},
{
"ordinal": 1,
"name": "last_active_at",
"type_info": "Timestamptz"
}
],
"parameters": {
"Left": [
"Timestamptz",
"Timestamptz",
"Int8"
]
},
"nullable": [
null,
null
]
},
"hash": "535225206622b9190ccf42f7d66268818dc84c37b168ab45e582e0a727796a06"
}

30
crates/storage-pg/.sqlx/query-7b06e6f21c69056b526538f06f06268efd13d7af3cecb452168d514a379fec30.json generated Normal file
View File

@@ -0,0 +1,30 @@
{
"db_name": "PostgreSQL",
"query": "\n WITH to_update AS (\n SELECT oauth2_session_id, last_active_at\n FROM oauth2_sessions\n WHERE last_active_ip IS NOT NULL\n AND last_active_at IS NOT NULL\n AND ($1::timestamptz IS NULL OR last_active_at >= $1)\n AND last_active_at < $2\n ORDER BY last_active_at ASC\n LIMIT $3\n FOR UPDATE\n ),\n updated AS (\n UPDATE oauth2_sessions\n SET last_active_ip = NULL\n FROM to_update\n WHERE oauth2_sessions.oauth2_session_id = to_update.oauth2_session_id\n RETURNING oauth2_sessions.last_active_at\n )\n SELECT COUNT(*) AS \"count!\", MAX(last_active_at) AS last_active_at FROM updated\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "count!",
"type_info": "Int8"
},
{
"ordinal": 1,
"name": "last_active_at",
"type_info": "Timestamptz"
}
],
"parameters": {
"Left": [
"Timestamptz",
"Timestamptz",
"Int8"
]
},
"nullable": [
null,
null
]
},
"hash": "7b06e6f21c69056b526538f06f06268efd13d7af3cecb452168d514a379fec30"
}

30
crates/storage-pg/.sqlx/query-926cb81dc7931890a02c5a372aef79832e5d0748dad18ab44c6671f3196d6f60.json generated Normal file
View File

@@ -0,0 +1,30 @@
{
"db_name": "PostgreSQL",
"query": "\n WITH to_update AS (\n SELECT compat_session_id, last_active_at\n FROM compat_sessions\n WHERE last_active_ip IS NOT NULL\n AND last_active_at IS NOT NULL\n AND ($1::timestamptz IS NULL OR last_active_at >= $1)\n AND last_active_at < $2\n ORDER BY last_active_at ASC\n LIMIT $3\n FOR UPDATE\n ),\n updated AS (\n UPDATE compat_sessions\n SET last_active_ip = NULL\n FROM to_update\n WHERE compat_sessions.compat_session_id = to_update.compat_session_id\n RETURNING compat_sessions.last_active_at\n )\n SELECT COUNT(*) AS \"count!\", MAX(last_active_at) AS last_active_at FROM updated\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "count!",
"type_info": "Int8"
},
{
"ordinal": 1,
"name": "last_active_at",
"type_info": "Timestamptz"
}
],
"parameters": {
"Left": [
"Timestamptz",
"Timestamptz",
"Int8"
]
},
"nullable": [
null,
null
]
},
"hash": "926cb81dc7931890a02c5a372aef79832e5d0748dad18ab44c6671f3196d6f60"
}

10
crates/storage-pg/migrations/20260123090000_idx_oauth2_sessions_inactive_ips.sql Normal file
View File

@@ -0,0 +1,10 @@
-- no-transaction
-- Copyright 2026 Element Creations Ltd.
--
-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
-- Please see LICENSE files in the repository root for full details.
-- Partial index for cleaning up IP addresses from inactive OAuth2 sessions
CREATE INDEX CONCURRENTLY IF NOT EXISTS "oauth2_sessions_inactive_ips_idx"
ON "oauth2_sessions" ("last_active_at")
WHERE "last_active_ip" IS NOT NULL AND "last_active_at" IS NOT NULL;

10
crates/storage-pg/migrations/20260123090001_idx_compat_sessions_inactive_ips.sql Normal file
View File

@@ -0,0 +1,10 @@
-- no-transaction
-- Copyright 2026 Element Creations Ltd.
--
-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
-- Please see LICENSE files in the repository root for full details.
-- Partial index for cleaning up IP addresses from inactive compat sessions
CREATE INDEX CONCURRENTLY IF NOT EXISTS "compat_sessions_inactive_ips_idx"
ON "compat_sessions" ("last_active_at")
WHERE "last_active_ip" IS NOT NULL AND "last_active_at" IS NOT NULL;

10
crates/storage-pg/migrations/20260123090002_idx_user_sessions_inactive_ips.sql Normal file
View File

@@ -0,0 +1,10 @@
-- no-transaction
-- Copyright 2026 Element Creations Ltd.
--
-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
-- Please see LICENSE files in the repository root for full details.
-- Partial index for cleaning up IP addresses from inactive user sessions
CREATE INDEX CONCURRENTLY IF NOT EXISTS "user_sessions_inactive_ips_idx"
ON "user_sessions" ("last_active_at")
WHERE "last_active_ip" IS NOT NULL AND "last_active_at" IS NOT NULL;

53
crates/storage-pg/src/compat/session.rs
View File

@@ -758,4 +758,57 @@ impl CompatSessionRepository for PgCompatSessionRepository<'_> {
res.last_finished_at,
))
}
#[tracing::instrument(
name = "db.compat_session.cleanup_inactive_ips",
skip_all,
fields(
db.query.text,
since = since.map(tracing::field::display),
threshold = %threshold,
limit = limit,
),
err,
)]
async fn cleanup_inactive_ips(
&mut self,
since: Option<DateTime<Utc>>,
threshold: DateTime<Utc>,
limit: usize,
) -> Result<(usize, Option<DateTime<Utc>>), Self::Error> {
let res = sqlx::query!(
r#"
WITH to_update AS (
SELECT compat_session_id, last_active_at
FROM compat_sessions
WHERE last_active_ip IS NOT NULL
AND last_active_at IS NOT NULL
AND ($1::timestamptz IS NULL OR last_active_at >= $1)
AND last_active_at < $2
ORDER BY last_active_at ASC
LIMIT $3
FOR UPDATE
),
updated AS (
UPDATE compat_sessions
SET last_active_ip = NULL
FROM to_update
WHERE compat_sessions.compat_session_id = to_update.compat_session_id
RETURNING compat_sessions.last_active_at
)
SELECT COUNT(*) AS "count!", MAX(last_active_at) AS last_active_at FROM updated
"#,
since,
threshold,
i64::try_from(limit).unwrap_or(i64::MAX),
)
.traced()
.fetch_one(&mut *self.conn)
.await?;
Ok((
res.count.try_into().unwrap_or(usize::MAX),
res.last_active_at,
))
}
}

53
crates/storage-pg/src/oauth2/session.rs
View File

@@ -652,4 +652,57 @@ impl OAuth2SessionRepository for PgOAuth2SessionRepository<'_> {
res.last_finished_at,
))
}
#[tracing::instrument(
name = "db.oauth2_session.cleanup_inactive_ips",
skip_all,
fields(
db.query.text,
since = since.map(tracing::field::display),
threshold = %threshold,
limit = limit,
),
err,
)]
async fn cleanup_inactive_ips(
&mut self,
since: Option<DateTime<Utc>>,
threshold: DateTime<Utc>,
limit: usize,
) -> Result<(usize, Option<DateTime<Utc>>), Self::Error> {
let res = sqlx::query!(
r#"
WITH to_update AS (
SELECT oauth2_session_id, last_active_at
FROM oauth2_sessions
WHERE last_active_ip IS NOT NULL
AND last_active_at IS NOT NULL
AND ($1::timestamptz IS NULL OR last_active_at >= $1)
AND last_active_at < $2
ORDER BY last_active_at ASC
LIMIT $3
FOR UPDATE
),
updated AS (
UPDATE oauth2_sessions
SET last_active_ip = NULL
FROM to_update
WHERE oauth2_sessions.oauth2_session_id = to_update.oauth2_session_id
RETURNING oauth2_sessions.last_active_at
)
SELECT COUNT(*) AS "count!", MAX(last_active_at) AS last_active_at FROM updated
"#,
since,
threshold,
i64::try_from(limit).unwrap_or(i64::MAX),
)
.traced()
.fetch_one(&mut *self.conn)
.await?;
Ok((
res.count.try_into().unwrap_or(usize::MAX),
res.last_active_at,
))
}
}

53
crates/storage-pg/src/user/session.rs
View File

@@ -695,4 +695,57 @@ impl BrowserSessionRepository for PgBrowserSessionRepository<'_> {
res.last_finished_at,
))
}
#[tracing::instrument(
name = "db.browser_session.cleanup_inactive_ips",
skip_all,
fields(
db.query.text,
since = since.map(tracing::field::display),
threshold = %threshold,
limit = limit,
),
err,
)]
async fn cleanup_inactive_ips(
&mut self,
since: Option<DateTime<Utc>>,
threshold: DateTime<Utc>,
limit: usize,
) -> Result<(usize, Option<DateTime<Utc>>), Self::Error> {
let res = sqlx::query!(
r#"
WITH to_update AS (
SELECT user_session_id, last_active_at
FROM user_sessions
WHERE last_active_ip IS NOT NULL
AND last_active_at IS NOT NULL
AND ($1::timestamptz IS NULL OR last_active_at >= $1)
AND last_active_at < $2
ORDER BY last_active_at ASC
LIMIT $3
FOR UPDATE
),
updated AS (
UPDATE user_sessions
SET last_active_ip = NULL
FROM to_update
WHERE user_sessions.user_session_id = to_update.user_session_id
RETURNING user_sessions.last_active_at
)
SELECT COUNT(*) AS "count!", MAX(last_active_at) AS last_active_at FROM updated
"#,
since,
threshold,
i64::try_from(limit).unwrap_or(i64::MAX),
)
.traced()
.fetch_one(&mut *self.conn)
.await?;
Ok((
res.count.try_into().unwrap_or(usize::MAX),
res.last_active_at,
))
}
}