Merge pull request #1274 from nextcloud/enh/1272/session-deduplication

rework session deduplication

Containers/borgbackup/backupscript.sh

@@ -260,6 +260,7 @@ if [ "$BORG_MODE" = restore ]; then
     --exclude "nextcloud_aio_mastercontainer/session/"** \
     --exclude "nextcloud_aio_mastercontainer/certs/"** \
     --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
+    --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
     --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
     /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
         echo "Something failed while restoring from backup."

Containers/mastercontainer/session-deduplicator.sh

@@ -1,26 +1,22 @@
 #!/bin/bash
 
-while true; do
+deduplicate_sessions() {
-    while [ "$(find "/mnt/docker-aio-config/session/" -mindepth 1 -exec grep "aio_authenticated|[a-z]:1" {} \; | wc -l)" -gt 1 ]; do
-        # First delete all session files that are not authenticated
-        unset SESSION_FILES
-        SESSION_FILES="$(find "/mnt/docker-aio-config/session/" -mindepth 1)"
-        unset SESSION_FILES_ARRAY
-        mapfile -t SESSION_FILES_ARRAY <<< "$SESSION_FILES"
-        for SESSION_FILE in "${SESSION_FILES_ARRAY[@]}"; do
-            if [ -f "$SESSION_FILE" ] && ! grep -q "aio_authenticated|[a-z]:1" "$SESSION_FILE"; then
-                rm "$SESSION_FILE"
-            fi
-        done
-
-        # Second clean up all sessions that are authenticated
     echo "Deleting duplicate sessions"
-        unset OLDEST_FILE
+    find "/mnt/docker-aio-config/session/" -mindepth 1 -exec grep -qv "$NEW_SESSION_TIME" {} \; -delete
-        set -x
+}
-        # shellcheck disable=SC2012
+
-        OLDEST_FILE="$(ls -t "/mnt/docker-aio-config/session/" | tail -1)"
+compare_times() {
-        rm "/mnt/docker-aio-config/session/$OLDEST_FILE"
+    if [ -f "/mnt/docker-aio-config/data/session_date_file" ]; then
-        set +x
+        unset NEW_SESSION_TIME
-    done
+        NEW_SESSION_TIME="$(cat "/mnt/docker-aio-config/data/session_date_file")"
-    sleep 5
+        if [ -n "$NEW_SESSION_TIME" ] && [ -n "$OLD_SESSION_TIME" ] && [ "$NEW_SESSION_TIME" != "$OLD_SESSION_TIME" ]; then
+            deduplicate_sessions
+        fi
+        OLD_SESSION_TIME="$NEW_SESSION_TIME"
+    fi
+}
+
+while true; do
+    compare_times
+    sleep 2
 done

php/src/Auth/AuthManager.php

@@ -3,6 +3,8 @@
 namespace AIO\Auth;
 
 use AIO\Data\ConfigurationManager;
+use AIO\Data\DataConst;
+use \DateTime;
 
 class AuthManager {
     private const SESSION_KEY = 'aio_authenticated';
@@ -21,6 +23,14 @@ class AuthManager {
     }
 
     public function SetAuthState(bool $isLoggedIn) : void {
+
+        if (!$this->IsAuthenticated() && $isLoggedIn === true) {
+            $date = new DateTime();
+            $dateTime = $date->getTimestamp();
+            $_SESSION['date_time'] = $dateTime;
+            file_put_contents(DataConst::GetSessionDateFile(), (string)$dateTime);
+        }
+
         $_SESSION[self::SESSION_KEY] = $isLoggedIn;
     }
 

php/src/Controller/DockerController.php

@@ -101,7 +101,7 @@ class DockerController
     public function StartBackupContainerRestore(Request $request, Response $response, $args) : Response {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'restore';
-        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'];
+        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
         $this->configurationManager->WriteConfig($config);
 
         $id = self::TOP_CONTAINER;

php/src/Controller/LoginController.php

@@ -23,7 +23,7 @@ class LoginController
         if (!$this->dockerActionManager->isLoginAllowed()) {
             return $response->withHeader('Location', '/')->withStatus(302);
         }
-        $password = $request->getParsedBody()['password'];
+        $password = $request->getParsedBody()['password'] ?? '';
         if($this->authManager->CheckCredentials($password)) {
             $this->authManager->SetAuthState(true);
             return $response->withHeader('Location', '/')->withStatus(302);
@@ -33,7 +33,7 @@ class LoginController
     }
 
     public function GetTryLogin(Request $request, Response $response, $args) : Response {
-        $token = $request->getQueryParams()['token'];
+        $token = $request->getQueryParams()['token'] ?? '';
         if($this->authManager->CheckToken($token)) {
             $this->authManager->SetAuthState(true);
             return $response->withHeader('Location', '/')->withStatus(302);

php/src/Data/DataConst.php

@@ -46,4 +46,8 @@ class DataConst {
     public static function GetBackupArchivesList() : string {
         return self::GetDataDirectory() . '/backup_archives.list';
     }
+
+    public static function GetSessionDateFile() : string {
+        return self::GetDataDirectory() . '/session_date_file';
+    }
 }

php/src/Middleware/AuthMiddleware.php

@@ -28,10 +28,10 @@ class AuthMiddleware
 
         if(!in_array($request->getUri()->getPath(), $publicRoutes)) {
             if(!$this->authManager->IsAuthenticated()) {
-                $response = new Response();
+                $status = 302;
-                return $response
+                $headers = ['Location' => '/'];
-                    ->withHeader('Location', '/')
+                $response = new Response($status, $headers);
-                    ->withStatus(302);
+                return $response;
             }
         }