grafana/pkg/services/auth/token_cleanup.go

package auth

import (
	"context"
	"time"

	"github.com/grafana/grafana/pkg/services/sqlstore"
)

func (srv *UserAuthTokenService) Run(ctx context.Context) error {
	var err error
	ticker := time.NewTicker(time.Hour)
	maxInactiveLifetime := srv.Cfg.LoginMaxInactiveLifetime
	maxLifetime := srv.Cfg.LoginMaxLifetime

	err = srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() {
		if _, err := srv.deleteExpiredTokens(ctx, maxInactiveLifetime, maxLifetime); err != nil {
			srv.log.Error("An error occurred while deleting expired tokens", "err", err)
		}
	})
	if err != nil {
		srv.log.Error("failed to lock and execute cleanup of expired auth token", "error", err)
	}

	for {
		select {
		case <-ticker.C:
			err = srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() {
				if _, err := srv.deleteExpiredTokens(ctx, maxInactiveLifetime, maxLifetime); err != nil {
					srv.log.Error("An error occurred while deleting expired tokens", "err", err)
				}
			})
			if err != nil {
				srv.log.Error("failed to lock and execute cleanup of expired auth token", "error", err)
			}

		case <-ctx.Done():
			return ctx.Err()
		}
	}
}

func (srv *UserAuthTokenService) deleteExpiredTokens(ctx context.Context, maxInactiveLifetime, maxLifetime time.Duration) (int64, error) {
	createdBefore := getTime().Add(-maxLifetime)
	rotatedBefore := getTime().Add(-maxInactiveLifetime)

	srv.log.Debug("starting cleanup of expired auth tokens", "createdBefore", createdBefore, "rotatedBefore", rotatedBefore)

	var affected int64
	err := srv.SQLStore.WithDbSession(ctx, func(dbSession *sqlstore.DBSession) error {
		sql := `DELETE from user_auth_token WHERE created_at <= ? OR rotated_at <= ?`
		res, err := dbSession.Exec(sql, createdBefore.Unix(), rotatedBefore.Unix())
		if err != nil {
			return err
		}

		affected, err = res.RowsAffected()
		if err != nil {
			srv.log.Error("failed to cleanup expired auth tokens", "error", err)
			return nil
		}

		srv.log.Debug("cleanup of expired auth tokens done", "count", affected)

		return nil
	})

	return affected, err
}
move authtoken package into auth package 2019-02-06 10:02:57 -06:00			`package auth`
adds cleanup job for old session tokens 2019-01-21 10:05:42 -06:00
			`import (`
			`"context"`
			`"time"`
Auth: Enable retries and transaction for some db calls for auth tokens (#16785) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it. 2019-04-30 07:42:01 -05:00
			`"github.com/grafana/grafana/pkg/services/sqlstore"`
adds cleanup job for old session tokens 2019-01-21 10:05:42 -06:00			`)`

move authtoken package into auth package 2019-02-06 10:02:57 -06:00			`func (srv *UserAuthTokenService) Run(ctx context.Context) error {`
Auth: Replace maximum inactive/lifetime settings of days to duration (#27150) Allows login_maximum_inactive_lifetime_duration and login_maximum_lifetime_duration to be configured using time.Duration-compatible values while retaining backward compatibility. Fixes #17554 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> 2020-09-14 08:57:38 -05:00			`var err error`
make hourly cleanup the default behavior 2019-02-07 03:51:35 -06:00			`ticker := time.NewTicker(time.Hour)`
Auth: Replace maximum inactive/lifetime settings of days to duration (#27150) Allows login_maximum_inactive_lifetime_duration and login_maximum_lifetime_duration to be configured using time.Duration-compatible values while retaining backward compatibility. Fixes #17554 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> 2020-09-14 08:57:38 -05:00			`maxInactiveLifetime := srv.Cfg.LoginMaxInactiveLifetime`
			`maxLifetime := srv.Cfg.LoginMaxLifetime`
adds cleanup job for old session tokens 2019-01-21 10:05:42 -06:00
Auth: Replace maximum inactive/lifetime settings of days to duration (#27150) Allows login_maximum_inactive_lifetime_duration and login_maximum_lifetime_duration to be configured using time.Duration-compatible values while retaining backward compatibility. Fixes #17554 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> 2020-09-14 08:57:38 -05:00			`err = srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() {`
pkg/services: Check errors (#19712) * pkg/services: Check errors * pkg/services: Don't treat context.Canceled\|context.DeadlineExceeded as error 2019-10-22 07:08:18 -05:00			`if _, err := srv.deleteExpiredTokens(ctx, maxInactiveLifetime, maxLifetime); err != nil {`
			`srv.log.Error("An error occurred while deleting expired tokens", "err", err)`
			`}`
run token cleanup job when grafana starts, then each hour 2019-02-06 15:27:08 -06:00			`})`
			`if err != nil {`
Auth: Enable retries and transaction for some db calls for auth tokens (#16785) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it. 2019-04-30 07:42:01 -05:00			`srv.log.Error("failed to lock and execute cleanup of expired auth token", "error", err)`
run token cleanup job when grafana starts, then each hour 2019-02-06 15:27:08 -06:00			`}`

adds cleanup job for old session tokens 2019-01-21 10:05:42 -06:00			`for {`
			`select {`
			`case <-ticker.C:`
Auth: Replace maximum inactive/lifetime settings of days to duration (#27150) Allows login_maximum_inactive_lifetime_duration and login_maximum_lifetime_duration to be configured using time.Duration-compatible values while retaining backward compatibility. Fixes #17554 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> 2020-09-14 08:57:38 -05:00			`err = srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() {`
pkg/services: Check errors (#19712) * pkg/services: Check errors * pkg/services: Don't treat context.Canceled\|context.DeadlineExceeded as error 2019-10-22 07:08:18 -05:00			`if _, err := srv.deleteExpiredTokens(ctx, maxInactiveLifetime, maxLifetime); err != nil {`
			`srv.log.Error("An error occurred while deleting expired tokens", "err", err)`
			`}`
adds cleanup job for old session tokens 2019-01-21 10:05:42 -06:00			`})`
run token cleanup job when grafana starts, then each hour 2019-02-06 15:27:08 -06:00			`if err != nil {`
Auth: Enable retries and transaction for some db calls for auth tokens (#16785) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it. 2019-04-30 07:42:01 -05:00			`srv.log.Error("failed to lock and execute cleanup of expired auth token", "error", err)`
run token cleanup job when grafana starts, then each hour 2019-02-06 15:27:08 -06:00			`}`

adds cleanup job for old session tokens 2019-01-21 10:05:42 -06:00			`case <-ctx.Done():`
			`return ctx.Err()`
			`}`
			`}`
			`}`

Auth: Enable retries and transaction for some db calls for auth tokens (#16785) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it. 2019-04-30 07:42:01 -05:00			`func (srv *UserAuthTokenService) deleteExpiredTokens(ctx context.Context, maxInactiveLifetime, maxLifetime time.Duration) (int64, error) {`
auth token clean up job now runs on schedule and deletes all expired tokens delete tokens having created_at <= LoginMaxLifetimeDays or rotated_at <= LoginMaxInactiveLifetimeDays 2019-02-05 14:20:11 -06:00			`createdBefore := getTime().Add(-maxLifetime)`
			`rotatedBefore := getTime().Add(-maxInactiveLifetime)`
adds cleanup job for old session tokens 2019-01-21 10:05:42 -06:00
auth token clean up job now runs on schedule and deletes all expired tokens delete tokens having created_at <= LoginMaxLifetimeDays or rotated_at <= LoginMaxInactiveLifetimeDays 2019-02-05 14:20:11 -06:00			`srv.log.Debug("starting cleanup of expired auth tokens", "createdBefore", createdBefore, "rotatedBefore", rotatedBefore)`

Auth: Enable retries and transaction for some db calls for auth tokens (#16785) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it. 2019-04-30 07:42:01 -05:00			`var affected int64`
			`err := srv.SQLStore.WithDbSession(ctx, func(dbSession *sqlstore.DBSession) error {`
			sql := `DELETE from user_auth_token WHERE created_at <= ? OR rotated_at <= ?`
			`res, err := dbSession.Exec(sql, createdBefore.Unix(), rotatedBefore.Unix())`
			`if err != nil {`
			`return err`
			`}`
adds cleanup job for old session tokens 2019-01-21 10:05:42 -06:00
Auth: Enable retries and transaction for some db calls for auth tokens (#16785) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it. 2019-04-30 07:42:01 -05:00			`affected, err = res.RowsAffected()`
			`if err != nil {`
			`srv.log.Error("failed to cleanup expired auth tokens", "error", err)`
			`return nil`
			`}`

			`srv.log.Debug("cleanup of expired auth tokens done", "count", affected)`

			`return nil`
			`})`
adds cleanup job for old session tokens 2019-01-21 10:05:42 -06:00
			`return affected, err`
			`}`