AuthN: Add last seen sync hooks for user and api keys (#61571)

* AUthN: Add last seen sync hooks for user / service account and move api
key last seen to own hook

* ContextHandler: only run sync for last seen if auth.Service is not
enabled

pkg/services/authn/authnimpl/service.go

@@ -108,6 +108,8 @@ func ProvideService(
 	orgUserSyncService := sync.ProvideOrgSync(userService, orgService, accessControlService)
 	s.RegisterPostAuthHook(userSyncService.SyncUser)
 	s.RegisterPostAuthHook(orgUserSyncService.SyncOrgUser)
+	s.RegisterPostAuthHook(sync.ProvideUserLastSeenSync(userService).SyncLastSeen)
+	s.RegisterPostAuthHook(sync.ProvideAPIKeyLastSeenSync(apikeyService).SyncLastSeen)
 
 	return s
 }

pkg/services/authn/authnimpl/usersync/apikey_last_seen_sync.go

@@ -0,0 +1,38 @@
+package usersync
+
+import (
+	"context"
+
+	"github.com/grafana/grafana/pkg/infra/log"
+	"github.com/grafana/grafana/pkg/services/apikey"
+	"github.com/grafana/grafana/pkg/services/authn"
+)
+
+func ProvideAPIKeyLastSeenSync(service apikey.Service) *APIKeyLastSeenSync {
+	return &APIKeyLastSeenSync{log.New("apikeylastseen.sync"), service}
+}
+
+type APIKeyLastSeenSync struct {
+	log     log.Logger
+	service apikey.Service
+}
+
+func (s *APIKeyLastSeenSync) SyncLastSeen(ctx context.Context, identity *authn.Identity, _ *authn.Request) error {
+	namespace, id := identity.NamespacedID()
+	if namespace != authn.NamespaceAPIKey {
+		return nil
+	}
+
+	go func(apikeyID int64) {
+		defer func() {
+			if err := recover(); err != nil {
+				s.log.Error("panic during user last seen sync", "err", err)
+			}
+		}()
+		if err := s.service.UpdateAPIKeyLastUsedDate(context.Background(), apikeyID); err != nil {
+			s.log.Warn("failed to update last use date for api key", "id", apikeyID)
+		}
+	}(id)
+
+	return nil
+}

pkg/services/authn/authnimpl/usersync/user_last_seen_sync.go

@@ -0,0 +1,50 @@
+package usersync
+
+import (
+	"context"
+	"time"
+
+	"github.com/grafana/grafana/pkg/infra/log"
+	"github.com/grafana/grafana/pkg/services/authn"
+	"github.com/grafana/grafana/pkg/services/user"
+)
+
+func ProvideUserLastSeenSync(service user.Service) *UserLastSeenSync {
+	return &UserLastSeenSync{log.New("userlastseen.sync"), service}
+}
+
+type UserLastSeenSync struct {
+	log     log.Logger
+	service user.Service
+}
+
+func (s *UserLastSeenSync) SyncLastSeen(ctx context.Context, identity *authn.Identity, _ *authn.Request) error {
+	namespace, id := identity.NamespacedID()
+
+	if namespace != authn.NamespaceUser && namespace != authn.NamespaceServiceAccount {
+		// skip sync
+		return nil
+	}
+
+	if !shouldUpdateLastSeen(identity.LastSeenAt) {
+		return nil
+	}
+
+	go func(userID int64) {
+		defer func() {
+			if err := recover(); err != nil {
+				s.log.Error("panic during user last seen sync", "err", err)
+			}
+		}()
+
+		if err := s.service.UpdateLastSeenAt(context.Background(), &user.UpdateUserLastSeenAtCommand{UserID: userID}); err != nil {
+			s.log.Error("failed to update last_seen_at", "err", err, "userId", userID)
+		}
+	}(id)
+
+	return nil
+}
+
+func shouldUpdateLastSeen(t time.Time) bool {
+	return time.Since(t) > time.Minute*5
+}