Fix session del (#650)

2023-07-08 22:07:11 -07:00 · 2023-07-08 22:07:11 -07:00 · 366ea63209
commit 366ea63209
parent 6c0ad7fe1a
5 changed files with 38 additions and 34 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -4245,6 +4245,7 @@ dependencies = [
 "base32",
 "constant_time_eq 0.2.6",
 "hmac 0.12.1",
+ "rand",
 "sha1 0.10.5",
 "sha2 0.10.7",
 ]
--- a/Cargo.toml
+++ b/Cargo.toml
@ -49,7 +49,7 @@ argon2 = { version = "0.5.0", features = ["std"] }
 bitflags = "1.3.2"
 hex = "0.4.3"
 zxcvbn = "2.2.2"
-totp-rs = "5.0.2"
+totp-rs = { version = "5.0.2", features = ["gen_secret"] }

 url = "2.4.0"
 urlencoding = "2.1.2"
--- a/sqlx-data.json
+++ b/sqlx-data.json
@ -2665,36 +2665,6 @@
    },
    "query": "\n            INSERT INTO team_members (\n                id, team_id, user_id, role, permissions, accepted\n            )\n            VALUES (\n                $1, $2, $3, $4, $5, $6\n            )\n            "
  },
-  "7028615c2af313f48ce68addef860b6e15a9736117cd64ec96277487d54d5964": {
-    "describe": {
-      "columns": [
-        {
-          "name": "id",
-          "ordinal": 0,
-          "type_info": "Int8"
-        },
-        {
-          "name": "session",
-          "ordinal": 1,
-          "type_info": "Varchar"
-        },
-        {
-          "name": "user_id",
-          "ordinal": 2,
-          "type_info": "Int8"
-        }
-      ],
-      "nullable": [
-        false,
-        false,
-        false
-      ],
-      "parameters": {
-        "Left": []
-      }
-    },
-    "query": "\n                SELECT id, session, user_id\n                FROM sessions\n                WHERE refresh_expires >= NOW()\n                "
-  },
  "70b510956a40583eef8c57dcced71c67f525eee455ae8b09e9b2403668068751": {
    "describe": {
      "columns": [],
@ -5180,6 +5150,36 @@
    },
    "query": "\n                DELETE FROM team_members\n                WHERE team_id = $1\n                "
  },
+  "d93ce03a186c03668d5eebab2bb4cbc4fc9dd002529e37575d94509b67908c8d": {
+    "describe": {
+      "columns": [
+        {
+          "name": "id",
+          "ordinal": 0,
+          "type_info": "Int8"
+        },
+        {
+          "name": "session",
+          "ordinal": 1,
+          "type_info": "Varchar"
+        },
+        {
+          "name": "user_id",
+          "ordinal": 2,
+          "type_info": "Int8"
+        }
+      ],
+      "nullable": [
+        false,
+        false,
+        false
+      ],
+      "parameters": {
+        "Left": []
+      }
+    },
+    "query": "\n                SELECT id, session, user_id\n                FROM sessions\n                WHERE refresh_expires <= NOW()\n                "
+  },
  "dc6aa2e7bfd5d5004620ddd4cd6a47ecc56159e1489054e0652d56df802fb5e5": {
    "describe": {
      "columns": [],
--- a/src/auth/validate.rs
+++ b/src/auth/validate.rs
@ -84,8 +84,11 @@ where

            let user = user_item::User::get_id(session.user_id, executor, redis).await?;

-            let metadata = get_session_metadata(req).await?;
-            session_queue.add(session.id, metadata).await;
+            let rate_limit_ignore = dotenvy::var("RATE_LIMIT_IGNORE_KEY")?;
+            if !req.headers().get("x-ratelimit-key").and_then(|x| x.to_str().ok()).map(|x| x == rate_limit_ignore).unwrap_or(false) {
+                let metadata = get_session_metadata(req).await?;
+                session_queue.add(session.id, metadata).await;
+            }

            user
        }
--- a/src/queue/session.rs
+++ b/src/queue/session.rs
@ -65,7 +65,7 @@ impl SessionQueue {
                "
                SELECT id, session, user_id
                FROM sessions
-                WHERE refresh_expires >= NOW()
+                WHERE refresh_expires <= NOW()
                "
            )
            .fetch_many(&mut *transaction)