add unverified account and session expiry

This commit is contained in:
Elijah R 2024-05-04 19:55:33 -04:00
parent 130baa8863
commit c7f3cb3441
4 changed files with 75 additions and 2 deletions

View file

@ -0,0 +1,58 @@
using Timer = System.Timers.Timer;
namespace Computernewb.CollabVMAuthServer;
public static class Cron
{
private static Timer timer = new Timer();
public static async Task Start()
{
#if DEBUG
timer.Interval = 1000 * 60; // 60 seconds
#else
timer.Interval = 1000 * 60 * 10; // 10 minutes
#endif
timer.Elapsed += async (sender, e) => await RunAll();
await RunAll();
timer.Start();
}
public static void Stop()
{
timer.Stop();
timer.Interval = 1000 * 60 * 10;
}
public static async Task RunAll()
{
Utilities.Log(LogLevel.INFO, "Running all cron jobs");
var t = new List<Task>();
t.Add(PurgeOldSessions());
if (Program.Config.Registration.EmailVerificationRequired) t.Add(ExpireAccounts());
await Task.WhenAll(t);
Utilities.Log(LogLevel.INFO, "Finished running all cron jobs");
}
// Expire unverified accounts after 2 days. Don't purge if the code is null
public static async Task ExpireAccounts()
{
Utilities.Log(LogLevel.INFO, "Purging unverified accounts");
var minDate = DateTime.UtcNow - TimeSpan.FromDays(2);
int a = await Program.Database.ExecuteNonQuery("DELETE FROM users WHERE email_verified = 0 AND created < @minDate AND email_verification_code IS NOT NULL",
[
new KeyValuePair<string, object>("minDate", minDate)
]);
Utilities.Log(LogLevel.INFO, $"Purged {a} unverified accounts");
}
public static async Task PurgeOldSessions()
{
Utilities.Log(LogLevel.INFO, "Purging old sessions");
var expiryDate = DateTime.UtcNow - TimeSpan.FromDays(Program.Config.Accounts.SessionExpiryDays);
int a = await Program.Database.ExecuteNonQuery("DELETE FROM sessions WHERE last_used < @expiryDate",
[
new KeyValuePair<string, object>("expiryDate", expiryDate)
]);
Utilities.Log(LogLevel.INFO, $"Purged {a} old sessions");
}
}

View file

@ -518,13 +518,17 @@ public class Database
await cmd.ExecuteNonQueryAsync(); await cmd.ExecuteNonQueryAsync();
} }
public async Task ExecuteNonQuery(string query) public async Task<int> ExecuteNonQuery(string query, KeyValuePair<string, object>[]? parameters = null)
{ {
await using var db = new MySqlConnection(connectionString); await using var db = new MySqlConnection(connectionString);
await db.OpenAsync(); await db.OpenAsync();
await using var cmd = db.CreateCommand(); await using var cmd = db.CreateCommand();
cmd.CommandText = query; cmd.CommandText = query;
await cmd.ExecuteNonQueryAsync(); if (parameters != null) foreach (KeyValuePair<string, object> param in parameters)
{
cmd.Parameters.AddWithValue(param.Key, param.Value);
}
return await cmd.ExecuteNonQueryAsync();
} }
public async Task SetBanned(string username, bool banned, string? reason) public async Task SetBanned(string username, bool banned, string? reason)

View file

@ -25,6 +25,15 @@ public static class Routes
private static async Task<IResult> HandleSendReset(HttpContext context) private static async Task<IResult> HandleSendReset(HttpContext context)
{ {
if (!Program.Config.SMTP.Enabled)
{
context.Response.StatusCode = 400;
return Results.Json(new SendResetEmailResponse
{
success = false,
error = "Password reset is not supported by this server. Please contact an administrator."
}, Utilities.JsonSerializerOptions);
}
// Check payload // Check payload
if (context.Request.ContentType != "application/json") if (context.Request.ContentType != "application/json")
{ {

View file

@ -55,6 +55,8 @@ public class Program
var uc = await Database.CountUsers(); var uc = await Database.CountUsers();
Utilities.Log(LogLevel.INFO, $"{uc} users in database"); Utilities.Log(LogLevel.INFO, $"{uc} users in database");
if (uc == 0) Utilities.Log(LogLevel.WARN, "No users in database, first user will be promoted to admin"); if (uc == 0) Utilities.Log(LogLevel.WARN, "No users in database, first user will be promoted to admin");
// Init cron
await Cron.Start();
// Create mailer // Create mailer
if (!Config.SMTP.Enabled && Config.Registration.EmailVerificationRequired) if (!Config.SMTP.Enabled && Config.Registration.EmailVerificationRequired)
{ {