IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

avoid calling now() multiple times

Browse Source
This commit is contained in:
bergquist 2019-01-21 15:30:08 +01:00
parent dd8476d81a
commit 92620af75f
1 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
pkg/services/auth/auth_token.go
View File

@ -22,7 +22,7 @@ func init() {
} }
var ( var (
now = time.Now getTime = time.Now
RotateTime = 30 * time.Second RotateTime = 30 * time.Second
UrgentRotateTime = 10 * time.Second UrgentRotateTime = 10 * time.Second
oneYearInSeconds = 31557600 //used as default maxage for session cookies. We validate/rotate them more often. oneYearInSeconds = 31557600 //used as default maxage for session cookies. We validate/rotate them more often.
@ -118,15 +118,17 @@ func (s *UserAuthTokenService) CreateToken(userId int64, clientIP, userAgent str
hashedToken := hashToken(token) hashedToken := hashToken(token)
now := getTime().Unix()
userToken := models.UserAuthToken{ userToken := models.UserAuthToken{
UserId: userId, UserId: userId,
AuthToken: hashedToken, AuthToken: hashedToken,
PrevAuthToken: hashedToken, PrevAuthToken: hashedToken,
ClientIp: clientIP, ClientIp: clientIP,
UserAgent: userAgent, UserAgent: userAgent,
RotatedAt: now().Unix(), RotatedAt: now,
CreatedAt: now().Unix(), CreatedAt: now,
UpdatedAt: now().Unix(), UpdatedAt: now,
SeenAt: 0, SeenAt: 0,
AuthTokenSeen: false, AuthTokenSeen: false,
} }
@ -142,7 +144,7 @@ func (s *UserAuthTokenService) CreateToken(userId int64, clientIP, userAgent str
func (s *UserAuthTokenService) LookupToken(unhashedToken string) (*models.UserAuthToken, error) { func (s *UserAuthTokenService) LookupToken(unhashedToken string) (*models.UserAuthToken, error) {
hashedToken := hashToken(unhashedToken) hashedToken := hashToken(unhashedToken)
expireBefore := now().Add(time.Duration(-86400*setting.LogInRememberDays) * time.Second).Unix() expireBefore := getTime().Add(time.Duration(-86400*setting.LogInRememberDays) * time.Second).Unix()
var userToken models.UserAuthToken var userToken models.UserAuthToken
exists, err := s.SQLStore.NewSession().Where("(auth_token = ? OR prev_auth_token = ?) AND created_at > ?", hashedToken, hashedToken, expireBefore).Get(&userToken) exists, err := s.SQLStore.NewSession().Where("(auth_token = ? OR prev_auth_token = ?) AND created_at > ?", hashedToken, hashedToken, expireBefore).Get(&userToken)
@ -157,7 +159,7 @@ func (s *UserAuthTokenService) LookupToken(unhashedToken string) (*models.UserAu
if userToken.AuthToken != hashedToken && userToken.PrevAuthToken == hashedToken && userToken.AuthTokenSeen { if userToken.AuthToken != hashedToken && userToken.PrevAuthToken == hashedToken && userToken.AuthTokenSeen {
userTokenCopy := userToken userTokenCopy := userToken
userTokenCopy.AuthTokenSeen = false userTokenCopy.AuthTokenSeen = false
expireBefore := now().Add(-UrgentRotateTime).Unix() expireBefore := getTime().Add(-UrgentRotateTime).Unix()
affectedRows, err := s.SQLStore.NewSession().Where("id = ? AND prev_auth_token = ? AND rotated_at < ?", userTokenCopy.Id, userTokenCopy.PrevAuthToken, expireBefore).AllCols().Update(&userTokenCopy) affectedRows, err := s.SQLStore.NewSession().Where("id = ? AND prev_auth_token = ? AND rotated_at < ?", userTokenCopy.Id, userTokenCopy.PrevAuthToken, expireBefore).AllCols().Update(&userTokenCopy)
if err != nil { if err != nil {
return nil, err return nil, err
@ -173,7 +175,7 @@ func (s *UserAuthTokenService) LookupToken(unhashedToken string) (*models.UserAu
if !userToken.AuthTokenSeen && userToken.AuthToken == hashedToken { if !userToken.AuthTokenSeen && userToken.AuthToken == hashedToken {
userTokenCopy := userToken userTokenCopy := userToken
userTokenCopy.AuthTokenSeen = true userTokenCopy.AuthTokenSeen = true
userTokenCopy.SeenAt = now().Unix() userTokenCopy.SeenAt = getTime().Unix()
affectedRows, err := s.SQLStore.NewSession().Where("id = ? AND auth_token = ?", userTokenCopy.Id, userTokenCopy.AuthToken).AllCols().Update(&userTokenCopy) affectedRows, err := s.SQLStore.NewSession().Where("id = ? AND auth_token = ?", userTokenCopy.Id, userTokenCopy.AuthToken).AllCols().Update(&userTokenCopy)
if err != nil { if err != nil {
return nil, err return nil, err
@ -200,19 +202,22 @@ func (s *UserAuthTokenService) RefreshToken(token *models.UserAuthToken, clientI
return false, nil return false, nil
} }
now := getTime()
needsRotation := false needsRotation := false
rotatedAt := time.Unix(token.RotatedAt, 0) rotatedAt := time.Unix(token.RotatedAt, 0)
if token.AuthTokenSeen { if token.AuthTokenSeen {
needsRotation = rotatedAt.Before(now().Add(-RotateTime)) needsRotation = rotatedAt.Before(now.Add(-RotateTime))
} else { } else {
needsRotation = rotatedAt.Before(now().Add(-UrgentRotateTime)) needsRotation = rotatedAt.Before(now.Add(-UrgentRotateTime))
} }
s.log.Debug("refresh token", "needs rotation?", needsRotation, "auth_token_seen", token.AuthTokenSeen, "rotated_at", rotatedAt, "token.Id", token.Id)
if !needsRotation { if !needsRotation {
return false, nil return false, nil
} }
s.log.Debug("refresh token needs rotation?", "auth_token_seen", token.AuthTokenSeen, "rotated_at", rotatedAt, "token.Id", token.Id)
clientIP = util.ParseIPAddress(clientIP) clientIP = util.ParseIPAddress(clientIP)
newToken, _ := util.RandomHex(16) newToken, _ := util.RandomHex(16)
hashedToken := hashToken(newToken) hashedToken := hashToken(newToken)
@ -229,7 +234,7 @@ func (s *UserAuthTokenService) RefreshToken(token *models.UserAuthToken, clientI
rotated_at = ? rotated_at = ?
WHERE id = ? AND (auth_token_seen or rotated_at < ?)` WHERE id = ? AND (auth_token_seen or rotated_at < ?)`
res, err := s.SQLStore.NewSession().Exec(sql, userAgent, clientIP, hashedToken, now().Unix(), token.Id, now().Add(-UrgentRotateTime)) res, err := s.SQLStore.NewSession().Exec(sql, userAgent, clientIP, hashedToken, now.Unix(), token.Id, now.Add(-UrgentRotateTime))
if err != nil { if err != nil {
return false, err return false, err
} }