From 3118ecf385798549c5e65f305381ed9e1d8134fe Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sun, 16 Oct 2022 17:37:13 +0200
Subject: [PATCH] rework session deduplication

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh         |  1 +
 .../mastercontainer/session-deduplicator.sh   | 40 +++++++++----------
 php/src/Auth/AuthManager.php                  | 10 +++++
 php/src/Controller/DockerController.php       |  2 +-
 php/src/Controller/LoginController.php        |  4 +-
 php/src/Data/DataConst.php                    |  4 ++
 php/src/Middleware/AuthMiddleware.php         |  8 ++--
 7 files changed, 40 insertions(+), 29 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index d2f61999..4b70d6d4 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -246,6 +246,7 @@ if [ "$BORG_MODE" = restore ]; then
     --exclude "nextcloud_aio_mastercontainer/session/"** \
     --exclude "nextcloud_aio_mastercontainer/certs/"** \
     --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
+    --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
     --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
     /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
         echo "Something failed while restoring from backup."
diff --git a/Containers/mastercontainer/session-deduplicator.sh b/Containers/mastercontainer/session-deduplicator.sh
index 796ccb54..08ec0f9c 100644
--- a/Containers/mastercontainer/session-deduplicator.sh
+++ b/Containers/mastercontainer/session-deduplicator.sh
@@ -1,26 +1,22 @@
 #!/bin/bash
 
-while true; do
-    while [ "$(find "/mnt/docker-aio-config/session/" -mindepth 1 -exec grep "aio_authenticated|[a-z]:1" {} \; | wc -l)" -gt 1 ]; do
-        # First delete all session files that are not authenticated
-        unset SESSION_FILES
-        SESSION_FILES="$(find "/mnt/docker-aio-config/session/" -mindepth 1)"
-        unset SESSION_FILES_ARRAY
-        mapfile -t SESSION_FILES_ARRAY <<< "$SESSION_FILES"
-        for SESSION_FILE in "${SESSION_FILES_ARRAY[@]}"; do
-            if [ -f "$SESSION_FILE" ] && ! grep -q "aio_authenticated|[a-z]:1" "$SESSION_FILE"; then
-                rm "$SESSION_FILE"
-            fi
-        done
+deduplicate_sessions() {
+    echo "Deleting duplicate sessions"
+    find "/mnt/docker-aio-config/session/" -mindepth 1 -exec grep -qv "$NEW_SESSION_TIME" {} \; -delete
+}
 
-        # Second clean up all sessions that are authenticated
-        echo "Deleting duplicate sessions"
-        unset OLDEST_FILE
-        set -x
-        # shellcheck disable=SC2012
-        OLDEST_FILE="$(ls -t "/mnt/docker-aio-config/session/" | tail -1)"
-        rm "/mnt/docker-aio-config/session/$OLDEST_FILE"
-        set +x
-    done
-    sleep 5
+compare_times() {
+    if [ -f "/mnt/docker-aio-config/data/session_date_file" ]; then
+        unset NEW_SESSION_TIME
+        NEW_SESSION_TIME="$(cat "/mnt/docker-aio-config/data/session_date_file")"
+        if [ -n "$NEW_SESSION_TIME" ] && [ -n "$OLD_SESSION_TIME" ] && [ "$NEW_SESSION_TIME" != "$OLD_SESSION_TIME" ]; then
+            deduplicate_sessions
+        fi
+        OLD_SESSION_TIME="$NEW_SESSION_TIME"
+    fi
+}
+
+while true; do
+    compare_times
+    sleep 2
 done
diff --git a/php/src/Auth/AuthManager.php b/php/src/Auth/AuthManager.php
index f18f1a7b..5ee6c267 100644
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@@ -3,6 +3,8 @@
 namespace AIO\Auth;
 
 use AIO\Data\ConfigurationManager;
+use AIO\Data\DataConst;
+use \DateTime;
 
 class AuthManager {
     private const SESSION_KEY = 'aio_authenticated';
@@ -21,6 +23,14 @@ class AuthManager {
     }
 
     public function SetAuthState(bool $isLoggedIn) : void {
+
+        if (!$this->IsAuthenticated() && $isLoggedIn === true) {
+            $date = new DateTime();
+            $dateTime = $date->getTimestamp();
+            $_SESSION['date_time'] = $dateTime;
+            file_put_contents(DataConst::GetSessionDateFile(), (string)$dateTime);
+        }
+
         $_SESSION[self::SESSION_KEY] = $isLoggedIn;
     }
 
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index c1f44312..7cf15226 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -101,7 +101,7 @@ class DockerController
     public function StartBackupContainerRestore(Request $request, Response $response, $args) : Response {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'restore';
-        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'];
+        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
         $this->configurationManager->WriteConfig($config);
 
         $id = self::TOP_CONTAINER;
diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index aaab2952..bd7cb0b5 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -23,7 +23,7 @@ class LoginController
         if (!$this->dockerActionManager->isLoginAllowed()) {
             return $response->withHeader('Location', '/')->withStatus(302);
         }
-        $password = $request->getParsedBody()['password'];
+        $password = $request->getParsedBody()['password'] ?? '';
         if($this->authManager->CheckCredentials($password)) {
             $this->authManager->SetAuthState(true);
             return $response->withHeader('Location', '/')->withStatus(302);
@@ -33,7 +33,7 @@ class LoginController
     }
 
     public function GetTryLogin(Request $request, Response $response, $args) : Response {
-        $token = $request->getQueryParams()['token'];
+        $token = $request->getQueryParams()['token'] ?? '';
         if($this->authManager->CheckToken($token)) {
             $this->authManager->SetAuthState(true);
             return $response->withHeader('Location', '/')->withStatus(302);
diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php
index 5e671c11..7ac3527e 100644
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -46,4 +46,8 @@ class DataConst {
     public static function GetBackupArchivesList() : string {
         return self::GetDataDirectory() . '/backup_archives.list';
     }
+
+    public static function GetSessionDateFile() : string {
+        return self::GetDataDirectory() . '/session_date_file';
+    }
 }
diff --git a/php/src/Middleware/AuthMiddleware.php b/php/src/Middleware/AuthMiddleware.php
index 98e4f7d4..c0c814b8 100644
--- a/php/src/Middleware/AuthMiddleware.php
+++ b/php/src/Middleware/AuthMiddleware.php
@@ -28,10 +28,10 @@ class AuthMiddleware
 
         if(!in_array($request->getUri()->getPath(), $publicRoutes)) {
             if(!$this->authManager->IsAuthenticated()) {
-                $response = new Response();
-                return $response
-                    ->withHeader('Location', '/')
-                    ->withStatus(302);
+                $status = 302;
+                $headers = ['Location' => '/'];
+                $response = new Response($status, $headers);
+                return $response;
             }
         }