From 74c963dc47686b0be0eac595647757083c71544a Mon Sep 17 00:00:00 2001
From: okatu-loli <CN_QianShi@hotmail.com>
Date: Fri, 29 Aug 2025 18:19:31 +0800
Subject: [PATCH] feat(session): Added device limits and eviction policies

- Added a device limit, controlling the maximum number of devices using the `MaxDevices` configuration option.
- If the number of devices exceeds the limit, the configured eviction policy is used.
- If the policy is `evict_oldest`, the oldest device is evicted.
- Otherwise, an error message indicating too many devices is returned.
---
 internal/device/session.go | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/internal/device/session.go b/internal/device/session.go
index 0b0de763..a5f1711b 100644
--- a/internal/device/session.go
+++ b/internal/device/session.go
@@ -71,6 +71,27 @@ func EnsureActiveOnLogin(userID uint, deviceKey, ua, ip string) error {
 
 	sess, err := db.GetSession(userID, deviceKey)
 	if err == nil {
+		if sess.Status == model.SessionInactive {
+			max := setting.GetInt(conf.MaxDevices, 0)
+			if max > 0 {
+				count, err := db.CountActiveSessionsByUser(userID)
+				if err != nil {
+					return err
+				}
+				if count >= int64(max) {
+					policy := setting.GetStr(conf.DeviceEvictPolicy, "deny")
+					if policy == "evict_oldest" {
+						if oldest, gerr := db.GetOldestSession(userID); gerr == nil {
+							if err := db.MarkInactive(oldest.DeviceKey); err != nil {
+								return err
+							}
+						}
+					} else {
+						return errors.WithStack(errs.TooManyDevices)
+					}
+				}
+			}
+		}
 		sess.Status = model.SessionActive
 		sess.LastActive = now
 		sess.UserAgent = ua