mirror of https://github.com/Xhofe/alist
eb4c35db75
* feat(auth): Improved device session management logic - Replaced the `userID` parameter with the `user` object to support operations with more user attributes. - Introduced `SessionTTL` and `MaxDevices` properties in the `Handle` and `EnsureActiveOnLogin` functions to support user-defined settings. - Adjusted the session creation and verification logic in `session.go` to support user-defined device count and session duration. - Added help documentation in `setting.go` to explain the configuration purposes of `MaxDevices` and `DeviceSessionTTL`. - Added optional `MaxDevices` and `SessionTTL` properties to the user entity in `user.go` and persisted these settings across user updates. - Modified the device handling logic in `webdav.go` to adapt to the new user object parameters. * feat(session): Added session cleanup functionality - Added the `/clean` route to the route for session cleanup - Added the `DeleteInactiveSessions` method to support deleting inactive sessions by user ID - Added the `DeleteSessionByID` method to delete a specific session by session ID - Defined the `CleanSessionsReq` request structure to support passing a user ID or session ID - Implemented the `CleanSessions` interface logic to perform corresponding session cleanup operations based on the request parameters * feat(session): Added session list functionality with usernames - Added the `SessionWithUser` structure, which includes `Session` and `Username` fields. - Added the `ListSessionsWithUser` function, which queries and returns a list of sessions with usernames. - Used a `JOIN` operation to join the session and user tables to retrieve the username associated with each session. - Changed `ListSessions` to `ListSessionsWithUser` to ensure that the username is retrieved. * feat(webdav): Enhanced WebDAV authentication logic - Added logic for generating device keys based on the Client-Id, prioritizing those obtained from the request header. - If the Client-Id is missing, attempts to obtain it from the cookie. If that still doesn't exist, generates a random suffix for the client IP address as an identifier. - Stores the generated Client-Id in a cookie to ensure consistency across subsequent requests. - Use the device.EnsureActiveOnLogin method instead of the original Handle method to reactivate inactive sessions. |
||
|---|---|---|
| .. | ||
| archive.go | ||
| auth.go | ||
| const.go | ||
| down.go | ||
| driver.go | ||
| fsbatch.go | ||
| fsmanage.go | ||
| fsread.go | ||
| fsup.go | ||
| helper.go | ||
| index.go | ||
| label.go | ||
| label_file_binding.go | ||
| ldap_login.go | ||
| meta.go | ||
| offline_download.go | ||
| role.go | ||
| search.go | ||
| session.go | ||
| setting.go | ||
| sshkey.go | ||
| ssologin.go | ||
| storage.go | ||
| task.go | ||
| user.go | ||
| webauthn.go | ||