Expire expired tokens.

We now remove a token a week after it has expired.

Expire expired tokens.
We now remove a token a week after it has expired.
adf273f9 · Juliusz Chroboczek · e93642f9 · adf273f9 · adf273f9 · adf273f9
Commit adf273f9 authored Apr 04, 2023 by Juliusz Chroboczek
Hide whitespace changes
Inline Side-by-side

Showing with 128 additions and 16 deletions

galene.go galene.go +4 -1

static/galene.js static/galene.js +23 -15

token/stateful.go token/stateful.go +33 -0

token/stateful_test.go token/stateful_test.go +68 -0

No files found.
--- a/galene.go
+++ b/galene.go
@@ -149,7 +149,10 @@ func main() {
 	for {
 		select {
 		case <-ticker.C:
-			go group.Update()
+			go func() {
+				group.Update()
+				token.Expire()
+			}()
 		case <-slowTicker.C:
 			go relayTest()
 		case <-terminate:

--- a/static/galene.js
+++ b/static/galene.js
@@ -2130,7 +2130,7 @@ function userMenu(elt) {
        if(serverConnection.version !== "1" &&
           serverConnection.permissions.indexOf('token') >= 0) {
            items.push({label: 'Invite user', onClick: () => {
-                serverConnection.groupAction('maketoken', units.d);
+                makeToken(null);
            }});
        }
        if(serverConnection.permissions.indexOf('present') >= 0 && canFile())
@@ -3079,26 +3079,34 @@ function editTokenPredicate() {
         "You don't have permission to edit or list tokens" : null);
 }
+/**
+ * @param {string} username
+ * @param {number|string} [expires]
+ */
+function makeToken(username, expires) {
+    let v = {
+        group: group,
+    };
+    if(username)
+        v.username = username;
+    if(expires)
+        v.expires = expires;
+    else
+        v.expires = units.d;
+    if(serverConnection.permissions.indexOf('present') >= 0)
+        v.permissions = ['present'];
+    else
+        v.permissions = [];
+    serverConnection.groupAction('maketoken', v);
+}
 commands.invite = {
    predicate: makeTokenPredicate,
    description: "create an invitation link",
    parameters: "[username] [expiration]",
    f: (c, r) => {
        let p = parseCommand(r);
-        let v = {
+        makeToken(p[0], parseExpiration(p[1]));
-            group: group,
-        };
-        if(p[0])
-            v.username = p[0];
-        if(p[1])
-            v.expires = parseExpiration(p[1]);
-        else
-            v.expires = units.d;
-        if(serverConnection.permissions.indexOf('present') >= 0)
-            v.permissions = ['present'];
-        else
-            v.permissions = [];
-        serverConnection.groupAction('maketoken', v);
    }
 }

--- a/token/stateful.go
+++ b/token/stateful.go
@@ -355,3 +355,36 @@ func (state *state) List(group string) ([]*Stateful, error) {
 func List(group string) ([]*Stateful, error) {
 	return tokens.List(group)
 }
+func (state *state) Expire() error {
+	state.mu.Lock()
+	defer state.mu.Unlock()
+	err := state.load()
+	if err != nil {
+		return err
+	}
+	now := time.Now()
+	cutoff := now.Add(-time.Hour * 24 * 7)
+	modified := false
+	for k, t := range state.tokens {
+		if t.Expires.Before(cutoff) {
+			delete(state.tokens, k)
+			modified = true
+		}
+	}
+	if modified {
+		err := state.rewrite()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+func Expire() error {
+	return tokens.Expire()
+}
--- a/token/stateful_test.go
+++ b/token/stateful_test.go
@@ -292,3 +292,71 @@ func TestTokenStorage(t *testing.T) {
 		t.Errorf("existence check: %v", err)
 	}
 }
+func TestExpire(t *testing.T) {
+	d := t.TempDir()
+	s := state{
+		filename: filepath.Join(d, "test.jsonl"),
+	}
+	now := time.Now()
+	future := now.Add(time.Hour)
+	past := now.Add(-time.Hour * 24 * 6)
+	longPast := now.Add(-time.Hour * 24 * 8)
+	user := "user"
+	tokens := []*Stateful{
+		&Stateful{
+			Token:       "tok1",
+			Group:       "test",
+			Username:    &user,
+			Permissions: []string{"present"},
+			Expires:     &now,
+		},
+		&Stateful{
+			Token:       "tok2",
+			Group:       "test",
+			Username:    &user,
+			Permissions: []string{"present"},
+			Expires:     &future,
+		},
+		&Stateful{
+			Token:       "tok3",
+			Group:       "test",
+			Username:    &user,
+			Permissions: []string{"present"},
+			Expires:     &now,
+		},
+		&Stateful{
+			Token:       "tok4",
+			Group:       "test",
+			Username:    &user,
+			Permissions: []string{"present"},
+			Expires:     &past,
+		},
+		&Stateful{
+			Token:       "tok5",
+			Group:       "test",
+			Username:    &user,
+			Permissions: []string{"present"},
+			Expires:     &longPast,
+		},
+	}
+	for _, token := range tokens {
+		_, err := s.Add(token)
+		if err != nil {
+			t.Errorf("Add: %v", err)
+		}
+	}
+	expectTokens(t, s.tokens, tokens)
+	expectTokenFile(t, s.filename, tokens)
+	err := s.Expire()
+	if err != nil {
+		t.Errorf("Expire: %v", err)
+	}
+	expectTokens(t, s.tokens, tokens[:len(tokens)-1])
+	expectTokenFile(t, s.filename, tokens[:len(tokens)-1])
+}