From 366ea63209c66ea81fd58b9a26f12d45f01a240c Mon Sep 17 00:00:00 2001 From: Geometrically <18202329+Geometrically@users.noreply.github.com> Date: Sat, 8 Jul 2023 22:07:11 -0700 Subject: [PATCH] Fix session del (#650) --- Cargo.lock | 1 + Cargo.toml | 2 +- sqlx-data.json | 60 ++++++++++++++++++++++---------------------- src/auth/validate.rs | 7 ++++-- src/queue/session.rs | 2 +- 5 files changed, 38 insertions(+), 34 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ce48f2a33..c8fcf8e4f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4245,6 +4245,7 @@ dependencies = [ "base32", "constant_time_eq 0.2.6", "hmac 0.12.1", + "rand", "sha1 0.10.5", "sha2 0.10.7", ] diff --git a/Cargo.toml b/Cargo.toml index de1db6703..0a34c14a9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -49,7 +49,7 @@ argon2 = { version = "0.5.0", features = ["std"] } bitflags = "1.3.2" hex = "0.4.3" zxcvbn = "2.2.2" -totp-rs = "5.0.2" +totp-rs = { version = "5.0.2", features = ["gen_secret"] } url = "2.4.0" urlencoding = "2.1.2" diff --git a/sqlx-data.json b/sqlx-data.json index a8255861c..798c3fa51 100644 --- a/sqlx-data.json +++ b/sqlx-data.json @@ -2665,36 +2665,6 @@ }, "query": "\n INSERT INTO team_members (\n id, team_id, user_id, role, permissions, accepted\n )\n VALUES (\n $1, $2, $3, $4, $5, $6\n )\n " }, - "7028615c2af313f48ce68addef860b6e15a9736117cd64ec96277487d54d5964": { - "describe": { - "columns": [ - { - "name": "id", - "ordinal": 0, - "type_info": "Int8" - }, - { - "name": "session", - "ordinal": 1, - "type_info": "Varchar" - }, - { - "name": "user_id", - "ordinal": 2, - "type_info": "Int8" - } - ], - "nullable": [ - false, - false, - false - ], - "parameters": { - "Left": [] - } - }, - "query": "\n SELECT id, session, user_id\n FROM sessions\n WHERE refresh_expires >= NOW()\n " - }, "70b510956a40583eef8c57dcced71c67f525eee455ae8b09e9b2403668068751": { "describe": { "columns": [], @@ -5180,6 +5150,36 @@ }, "query": "\n DELETE FROM team_members\n WHERE team_id = $1\n " }, + "d93ce03a186c03668d5eebab2bb4cbc4fc9dd002529e37575d94509b67908c8d": { + "describe": { + "columns": [ + { + "name": "id", + "ordinal": 0, + "type_info": "Int8" + }, + { + "name": "session", + "ordinal": 1, + "type_info": "Varchar" + }, + { + "name": "user_id", + "ordinal": 2, + "type_info": "Int8" + } + ], + "nullable": [ + false, + false, + false + ], + "parameters": { + "Left": [] + } + }, + "query": "\n SELECT id, session, user_id\n FROM sessions\n WHERE refresh_expires <= NOW()\n " + }, "dc6aa2e7bfd5d5004620ddd4cd6a47ecc56159e1489054e0652d56df802fb5e5": { "describe": { "columns": [], diff --git a/src/auth/validate.rs b/src/auth/validate.rs index b7e0785bb..ef02e9b0f 100644 --- a/src/auth/validate.rs +++ b/src/auth/validate.rs @@ -84,8 +84,11 @@ where let user = user_item::User::get_id(session.user_id, executor, redis).await?; - let metadata = get_session_metadata(req).await?; - session_queue.add(session.id, metadata).await; + let rate_limit_ignore = dotenvy::var("RATE_LIMIT_IGNORE_KEY")?; + if !req.headers().get("x-ratelimit-key").and_then(|x| x.to_str().ok()).map(|x| x == rate_limit_ignore).unwrap_or(false) { + let metadata = get_session_metadata(req).await?; + session_queue.add(session.id, metadata).await; + } user } diff --git a/src/queue/session.rs b/src/queue/session.rs index c18078a9a..dc71c22e6 100644 --- a/src/queue/session.rs +++ b/src/queue/session.rs @@ -65,7 +65,7 @@ impl SessionQueue { " SELECT id, session, user_id FROM sessions - WHERE refresh_expires >= NOW() + WHERE refresh_expires <= NOW() " ) .fetch_many(&mut *transaction)