grafana/pkg/services/auth/token_cleanup.go

package auth

import (
	"context"
	"time"

	"github.com/grafana/grafana/pkg/services/sqlstore"
)

func (s *UserAuthTokenService) Run(ctx context.Context) error {
	ticker := time.NewTicker(time.Hour)
	maxInactiveLifetime := s.Cfg.LoginMaxInactiveLifetime
	maxLifetime := s.Cfg.LoginMaxLifetime

	err := s.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func(context.Context) {
		if _, err := s.deleteExpiredTokens(ctx, maxInactiveLifetime, maxLifetime); err != nil {
			s.log.Error("An error occurred while deleting expired tokens", "err", err)
		}
	})
	if err != nil {
		s.log.Error("failed to lock and execute cleanup of expired auth token", "error", err)
	}

	for {
		select {
		case <-ticker.C:
			err = s.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func(context.Context) {
				if _, err := s.deleteExpiredTokens(ctx, maxInactiveLifetime, maxLifetime); err != nil {
					s.log.Error("An error occurred while deleting expired tokens", "err", err)
				}
			})
			if err != nil {
				s.log.Error("failed to lock and execute cleanup of expired auth token", "error", err)
			}

		case <-ctx.Done():
			return ctx.Err()
		}
	}
}

func (s *UserAuthTokenService) deleteExpiredTokens(ctx context.Context, maxInactiveLifetime, maxLifetime time.Duration) (int64, error) {
	createdBefore := getTime().Add(-maxLifetime)
	rotatedBefore := getTime().Add(-maxInactiveLifetime)

	s.log.Debug("starting cleanup of expired auth tokens", "createdBefore", createdBefore, "rotatedBefore", rotatedBefore)

	var affected int64
	err := s.SQLStore.WithDbSession(ctx, func(dbSession *sqlstore.DBSession) error {
		sql := `DELETE from user_auth_token WHERE created_at <= ? OR rotated_at <= ?`
		res, err := dbSession.Exec(sql, createdBefore.Unix(), rotatedBefore.Unix())
		if err != nil {
			return err
		}

		affected, err = res.RowsAffected()
		if err != nil {
			s.log.Error("failed to cleanup expired auth tokens", "error", err)
			return nil
		}

		s.log.Debug("cleanup of expired auth tokens done", "count", affected)

		return nil
	})

	return affected, err
}
move authtoken package into auth package 2019-02-06 17:02:57 +01:00			`package auth`
adds cleanup job for old session tokens 2019-01-21 17:05:42 +01:00
			`import (`
			`"context"`
			`"time"`
Auth: Enable retries and transaction for some db calls for auth tokens (#16785) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it. 2019-04-30 14:42:01 +02:00
			`"github.com/grafana/grafana/pkg/services/sqlstore"`
adds cleanup job for old session tokens 2019-01-21 17:05:42 +01:00			`)`

Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2020-11-05 15:37:11 +01:00			`func (s *UserAuthTokenService) Run(ctx context.Context) error {`
make hourly cleanup the default behavior 2019-02-07 10:51:35 +01:00			`ticker := time.NewTicker(time.Hour)`
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2020-11-05 15:37:11 +01:00			`maxInactiveLifetime := s.Cfg.LoginMaxInactiveLifetime`
			`maxLifetime := s.Cfg.LoginMaxLifetime`
adds cleanup job for old session tokens 2019-01-21 17:05:42 +01:00
Chore: Add context to user (#39649) * Add context to user * Add context for enterprise * Add context for UpdateUserLastSeenAtCommand * Remove xorm 2021-10-04 15:46:09 +02:00			`err := s.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func(context.Context) {`
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2020-11-05 15:37:11 +01:00			`if _, err := s.deleteExpiredTokens(ctx, maxInactiveLifetime, maxLifetime); err != nil {`
			`s.log.Error("An error occurred while deleting expired tokens", "err", err)`
pkg/services: Check errors (#19712) * pkg/services: Check errors * pkg/services: Don't treat context.Canceled\|context.DeadlineExceeded as error 2019-10-22 14:08:18 +02:00			`}`
run token cleanup job when grafana starts, then each hour 2019-02-06 22:27:08 +01:00			`})`
			`if err != nil {`
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2020-11-05 15:37:11 +01:00			`s.log.Error("failed to lock and execute cleanup of expired auth token", "error", err)`
run token cleanup job when grafana starts, then each hour 2019-02-06 22:27:08 +01:00			`}`

adds cleanup job for old session tokens 2019-01-21 17:05:42 +01:00			`for {`
			`select {`
			`case <-ticker.C:`
Chore: Add context to user (#39649) * Add context to user * Add context for enterprise * Add context for UpdateUserLastSeenAtCommand * Remove xorm 2021-10-04 15:46:09 +02:00			`err = s.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func(context.Context) {`
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2020-11-05 15:37:11 +01:00			`if _, err := s.deleteExpiredTokens(ctx, maxInactiveLifetime, maxLifetime); err != nil {`
			`s.log.Error("An error occurred while deleting expired tokens", "err", err)`
pkg/services: Check errors (#19712) * pkg/services: Check errors * pkg/services: Don't treat context.Canceled\|context.DeadlineExceeded as error 2019-10-22 14:08:18 +02:00			`}`
adds cleanup job for old session tokens 2019-01-21 17:05:42 +01:00			`})`
run token cleanup job when grafana starts, then each hour 2019-02-06 22:27:08 +01:00			`if err != nil {`
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2020-11-05 15:37:11 +01:00			`s.log.Error("failed to lock and execute cleanup of expired auth token", "error", err)`
run token cleanup job when grafana starts, then each hour 2019-02-06 22:27:08 +01:00			`}`

adds cleanup job for old session tokens 2019-01-21 17:05:42 +01:00			`case <-ctx.Done():`
			`return ctx.Err()`
			`}`
			`}`
			`}`

Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2020-11-05 15:37:11 +01:00			`func (s *UserAuthTokenService) deleteExpiredTokens(ctx context.Context, maxInactiveLifetime, maxLifetime time.Duration) (int64, error) {`
auth token clean up job now runs on schedule and deletes all expired tokens delete tokens having created_at <= LoginMaxLifetimeDays or rotated_at <= LoginMaxInactiveLifetimeDays 2019-02-05 21:20:11 +01:00			`createdBefore := getTime().Add(-maxLifetime)`
			`rotatedBefore := getTime().Add(-maxInactiveLifetime)`
adds cleanup job for old session tokens 2019-01-21 17:05:42 +01:00
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2020-11-05 15:37:11 +01:00			`s.log.Debug("starting cleanup of expired auth tokens", "createdBefore", createdBefore, "rotatedBefore", rotatedBefore)`
auth token clean up job now runs on schedule and deletes all expired tokens delete tokens having created_at <= LoginMaxLifetimeDays or rotated_at <= LoginMaxInactiveLifetimeDays 2019-02-05 21:20:11 +01:00
Auth: Enable retries and transaction for some db calls for auth tokens (#16785) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it. 2019-04-30 14:42:01 +02:00			`var affected int64`
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2020-11-05 15:37:11 +01:00			`err := s.SQLStore.WithDbSession(ctx, func(dbSession *sqlstore.DBSession) error {`
Auth: Enable retries and transaction for some db calls for auth tokens (#16785) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it. 2019-04-30 14:42:01 +02:00			sql := `DELETE from user_auth_token WHERE created_at <= ? OR rotated_at <= ?`
			`res, err := dbSession.Exec(sql, createdBefore.Unix(), rotatedBefore.Unix())`
			`if err != nil {`
			`return err`
			`}`
adds cleanup job for old session tokens 2019-01-21 17:05:42 +01:00
Auth: Enable retries and transaction for some db calls for auth tokens (#16785) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it. 2019-04-30 14:42:01 +02:00			`affected, err = res.RowsAffected()`
			`if err != nil {`
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2020-11-05 15:37:11 +01:00			`s.log.Error("failed to cleanup expired auth tokens", "error", err)`
Auth: Enable retries and transaction for some db calls for auth tokens (#16785) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it. 2019-04-30 14:42:01 +02:00			`return nil`
			`}`

Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2020-11-05 15:37:11 +01:00			`s.log.Debug("cleanup of expired auth tokens done", "count", affected)`
Auth: Enable retries and transaction for some db calls for auth tokens (#16785) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it. 2019-04-30 14:42:01 +02:00
			`return nil`
			`})`
adds cleanup job for old session tokens 2019-01-21 17:05:42 +01:00
			`return affected, err`
			`}`