feat: Portal, Email Inbound, Discuss + module improvements
- Portal: /my/* routes, signup, password reset, portal user support - Email Inbound: IMAP polling (go-imap/v2), thread matching - Discuss: mail.channel, long-polling bus, DM, unread count - Cron: ir.cron runner (goroutine scheduler) - Bank Import, CSV/Excel Import - Automation (ir.actions.server) - Fetchmail service - HR Payroll model - Various fixes across account, sale, stock, purchase, crm, hr, project Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marc
@@ -13,12 +13,14 @@ import (
|
||||
|
||||
// Session represents an authenticated user session.
|
||||
type Session struct {
|
||||
ID string
|
||||
UID int64
|
||||
CompanyID int64
|
||||
Login string
|
||||
CreatedAt time.Time
|
||||
LastActivity time.Time
|
||||
ID string
|
||||
UID int64
|
||||
CompanyID int64
|
||||
AllowedCompanyIDs []int64
|
||||
Login string
|
||||
CSRFToken string
|
||||
CreatedAt time.Time
|
||||
LastActivity time.Time
|
||||
}
|
||||
|
||||
// SessionStore is a session store with an in-memory cache backed by PostgreSQL.
|
||||
@@ -47,10 +49,15 @@ func InitSessionTable(ctx context.Context, pool *pgxpool.Pool) error {
|
||||
uid INT8 NOT NULL,
|
||||
company_id INT8 NOT NULL,
|
||||
login VARCHAR(255),
|
||||
csrf_token VARCHAR(64) DEFAULT '',
|
||||
created_at TIMESTAMP DEFAULT NOW(),
|
||||
last_seen TIMESTAMP DEFAULT NOW()
|
||||
)
|
||||
`)
|
||||
if err == nil {
|
||||
// Add csrf_token column if table already exists without it
|
||||
pool.Exec(ctx, `ALTER TABLE sessions ADD COLUMN IF NOT EXISTS csrf_token VARCHAR(64) DEFAULT ''`)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -67,6 +74,7 @@ func (s *SessionStore) New(uid, companyID int64, login string) *Session {
|
||||
UID: uid,
|
||||
CompanyID: companyID,
|
||||
Login: login,
|
||||
CSRFToken: generateToken(),
|
||||
CreatedAt: now,
|
||||
LastActivity: now,
|
||||
}
|
||||
@@ -81,10 +89,10 @@ func (s *SessionStore) New(uid, companyID int64, login string) *Session {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
|
||||
defer cancel()
|
||||
_, err := s.pool.Exec(ctx,
|
||||
`INSERT INTO sessions (id, uid, company_id, login, created_at, last_seen)
|
||||
VALUES ($1, $2, $3, $4, $5, $6)
|
||||
`INSERT INTO sessions (id, uid, company_id, login, csrf_token, created_at, last_seen)
|
||||
VALUES ($1, $2, $3, $4, $5, $6, $7)
|
||||
ON CONFLICT (id) DO NOTHING`,
|
||||
token, uid, companyID, login, now, now)
|
||||
token, uid, companyID, login, sess.CSRFToken, now, now)
|
||||
if err != nil {
|
||||
log.Printf("session: failed to persist session to DB: %v", err)
|
||||
}
|
||||
@@ -106,20 +114,23 @@ func (s *SessionStore) Get(id string) *Session {
|
||||
s.Delete(id)
|
||||
return nil
|
||||
}
|
||||
// Update last activity
|
||||
|
||||
now := time.Now()
|
||||
needsDBUpdate := time.Since(sess.LastActivity) > 30*time.Second
|
||||
|
||||
// Update last activity in memory
|
||||
s.mu.Lock()
|
||||
sess.LastActivity = now
|
||||
s.mu.Unlock()
|
||||
|
||||
// Update last_seen in DB asynchronously
|
||||
if s.pool != nil {
|
||||
go func() {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
|
||||
defer cancel()
|
||||
s.pool.Exec(ctx,
|
||||
`UPDATE sessions SET last_seen = $1 WHERE id = $2`, now, id)
|
||||
}()
|
||||
// Throttle DB writes: only persist every 30s to avoid per-request overhead
|
||||
if needsDBUpdate && s.pool != nil {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
|
||||
defer cancel()
|
||||
if _, err := s.pool.Exec(ctx,
|
||||
`UPDATE sessions SET last_seen = $1 WHERE id = $2`, now, id); err != nil {
|
||||
log.Printf("session: failed to update last_seen in DB: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
return sess
|
||||
@@ -134,14 +145,20 @@ func (s *SessionStore) Get(id string) *Session {
|
||||
defer cancel()
|
||||
|
||||
sess = &Session{}
|
||||
var csrfToken string
|
||||
err := s.pool.QueryRow(ctx,
|
||||
`SELECT id, uid, company_id, login, created_at, last_seen
|
||||
`SELECT id, uid, company_id, login, COALESCE(csrf_token, ''), created_at, last_seen
|
||||
FROM sessions WHERE id = $1`, id).Scan(
|
||||
&sess.ID, &sess.UID, &sess.CompanyID, &sess.Login,
|
||||
&sess.ID, &sess.UID, &sess.CompanyID, &sess.Login, &csrfToken,
|
||||
&sess.CreatedAt, &sess.LastActivity)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
if csrfToken != "" {
|
||||
sess.CSRFToken = csrfToken
|
||||
} else {
|
||||
sess.CSRFToken = generateToken()
|
||||
}
|
||||
|
||||
// Check TTL
|
||||
if time.Since(sess.LastActivity) > s.ttl {
|
||||
@@ -149,18 +166,18 @@ func (s *SessionStore) Get(id string) *Session {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Update last activity
|
||||
// Update last activity and add to memory cache
|
||||
now := time.Now()
|
||||
sess.LastActivity = now
|
||||
|
||||
// Add to memory cache
|
||||
s.mu.Lock()
|
||||
sess.LastActivity = now
|
||||
s.sessions[id] = sess
|
||||
s.mu.Unlock()
|
||||
|
||||
// Update last_seen in DB
|
||||
s.pool.Exec(ctx,
|
||||
`UPDATE sessions SET last_seen = $1 WHERE id = $2`, now, id)
|
||||
if _, err := s.pool.Exec(ctx,
|
||||
`UPDATE sessions SET last_seen = $1 WHERE id = $2`, now, id); err != nil {
|
||||
log.Printf("session: failed to update last_seen in DB: %v", err)
|
||||
}
|
||||
|
||||
return sess
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user