alist/internal
千石 4b288a08ef
fix: session invalid issue (#9301)
* feat(auth): Enhanced device login session management

- Upon login, obtain and verify `Client-Id` to ensure unique device sessions.
- If there are too many device sessions, clean up old ones according to the configured policy or return an error.
- If a device session is invalid, deregister the old token and return a 401 error.
- Added `EnsureActiveOnLogin` function to handle the creation and refresh of device sessions during login.

* feat(session): Modified session deletion logic to mark sessions as inactive.

- Changed session deletion logic to mark sessions as inactive using the `MarkInactive` method.
- Adjusted error handling to ensure an error is returned if marking fails.

* feat(session): Added device limits and eviction policies

- Added a device limit, controlling the maximum number of devices using the `MaxDevices` configuration option.
- If the number of devices exceeds the limit, the configured eviction policy is used.
- If the policy is `evict_oldest`, the oldest device is evicted.
- Otherwise, an error message indicating too many devices is returned.

* refactor(session): Filter for the user's oldest active session

- Renamed `GetOldestSession` to `GetOldestActiveSession` to more accurately reflect its functionality
- Updated the SQL query to add the `status = SessionActive` condition to retrieve only active sessions
- Replaced all callpoints and unified the new function name to ensure logical consistency
2025-08-29 21:20:29 +08:00
..
archive perf: optimize IO read/write usage (#8243) 2025-04-12 16:55:31 +08:00
authn fix(authn): subfolder api is considered as a wrong origin(closes #6294 in #6301) 2024-04-03 14:33:19 +08:00
bootstrap feat: implement session management (#9286) 2025-08-25 19:46:38 +08:00
conf feat: implement session management (#9286) 2025-08-25 19:46:38 +08:00
db fix: session invalid issue (#9301) 2025-08-29 21:20:29 +08:00
device fix: session invalid issue (#9301) 2025-08-29 21:20:29 +08:00
driver feat(archive): support multipart archives (#8184 close #8015) 2025-03-27 23:20:44 +08:00
errs feat: implement session management (#9286) 2025-08-25 19:46:38 +08:00
fs feat: enhance permission control and label management (#9215) 2025-07-26 09:51:59 +08:00
fuse chore: add fuse package 2022-07-20 00:39:20 +08:00
message chore: change message type 2022-08-14 03:05:30 +08:00
model feat: implement session management (#9286) 2025-08-25 19:46:38 +08:00
net fix(net): unexpected write (#8291 close #8281) 2025-04-12 17:01:52 +08:00
offline_download feat(alias): support writing to non-ambiguous paths (#8216) 2025-03-27 23:17:45 +08:00
op fix: ensure DefaultRole stores role ID while exposing role name in APIs (#9279) 2025-08-19 15:01:32 +08:00
search fix(index): fix the issue where ignored paths are not updated (#7907) 2025-02-09 18:31:43 +08:00
session feat: implement session management (#9286) 2025-08-25 19:46:38 +08:00
setting refactor: split the db package hook and cache to the op package (#2747) 2022-12-18 19:51:20 +08:00
sign fix(archive): use another sign for extraction (#7982) 2025-03-01 18:34:33 +08:00
stream perf: optimize IO read/write usage (#8243) 2025-04-12 16:55:31 +08:00
task feat(task): allow retry canceled (#7852) 2025-01-27 20:18:10 +08:00