run token cleanup job when grafana starts, then each hour

7 years ago · 1a140ee199
parent 836501186f
commit 1a140ee199
6 changed files with 29 additions and 25 deletions
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@ -256,8 +256,8 @@ login_maximum_lifetime_days = 30
 # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
 token_rotation_interval_minutes = 10

-# How often should expired auth tokens be deleted from the database. The default is 7 days.
-expired_tokens_cleanup_interval_days = 7
+# How often should expired auth tokens be deleted from the database. The default is each hour.
+expired_tokens_cleanup_interval_hours = 1

 # Set to true to disable (hide) the login form, useful if you use OAuth
 disable_login_form = false
--- a/conf/sample.ini
+++ b/conf/sample.ini
@ -236,8 +236,8 @@ log_queries =
 # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
 ;token_rotation_interval_minutes = 10

-# How often should expired auth tokens be deleted from the database. The default is 7 days.
-;expired_tokens_cleanup_interval_days = 7
+# How often should expired auth tokens be deleted from the database. The default is each hour.
+;expired_tokens_cleanup_interval_hours = 1

 # Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
 ;disable_login_form = false
--- a/docs/sources/auth/overview.md
+++ b/docs/sources/auth/overview.md
@ -64,8 +64,8 @@ login_maximum_lifetime_days = 30
 # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
 token_rotation_interval_minutes = 10

-# How often should expired auth tokens be deleted from the database. The default is 7 days.
-expired_tokens_cleanup_interval_days = 7
+# How often should expired auth tokens be deleted from the database. The default is each hour.
+expired_tokens_cleanup_interval_hours = 1
 ```

 ### Anonymous authentication
--- a/pkg/services/auth/auth_token_test.go
+++ b/pkg/services/auth/auth_token_test.go
@ -423,10 +423,10 @@ func createTestContext(t *testing.T) *testContext {
 	tokenService := &UserAuthTokenService{
 		SQLStore: sqlstore,
 		Cfg: &setting.Cfg{
-			LoginMaxInactiveLifetimeDays:     7,
-			LoginMaxLifetimeDays:             30,
-			TokenRotationIntervalMinutes:     10,
-			ExpiredTokensCleanupIntervalDays: 1,
+			LoginMaxInactiveLifetimeDays:      7,
+			LoginMaxLifetimeDays:              30,
+			TokenRotationIntervalMinutes:      10,
+			ExpiredTokensCleanupIntervalHours: 1,
 		},
 		log: log.New("test-logger"),
 	}
--- a/pkg/services/auth/token_cleanup.go
+++ b/pkg/services/auth/token_cleanup.go
@ -6,25 +6,29 @@ import (
 )

 func (srv *UserAuthTokenService) Run(ctx context.Context) error {
-	if srv.Cfg.ExpiredTokensCleanupIntervalDays <= 0 {
-		srv.log.Debug("cleanup of expired auth tokens are disabled")
-		return nil
-	}
-
-	jobInterval := time.Duration(srv.Cfg.ExpiredTokensCleanupIntervalDays) * 24 * time.Hour
-	srv.log.Debug("cleanup of expired auth tokens are enabled", "intervalDays", srv.Cfg.ExpiredTokensCleanupIntervalDays)
-
+	jobInterval := time.Duration(srv.Cfg.ExpiredTokensCleanupIntervalHours) * time.Hour
 	ticker := time.NewTicker(jobInterval)
 	maxInactiveLifetime := time.Duration(srv.Cfg.LoginMaxInactiveLifetimeDays) * 24 * time.Hour
 	maxLifetime := time.Duration(srv.Cfg.LoginMaxLifetimeDays) * 24 * time.Hour

+	err := srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() {
+		srv.deleteExpiredTokens(maxInactiveLifetime, maxLifetime)
+	})
+	if err != nil {
+		srv.log.Error("failed to lock and execite cleanup of expired auth token", "erro", err)
+	}
+
 	for {
 		select {
 		case <-ticker.C:
-			srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() {
+			err := srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() {
 				srv.deleteExpiredTokens(maxInactiveLifetime, maxLifetime)
 			})

+			if err != nil {
+				srv.log.Error("failed to lock and execite cleanup of expired auth token", "erro", err)
+			}
+
 		case <-ctx.Done():
 			return ctx.Err()
 		}
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@ -233,11 +233,11 @@ type Cfg struct {
 	EnterpriseLicensePath            string

 	// Auth
-	LoginCookieName                  string
-	LoginMaxInactiveLifetimeDays     int
-	LoginMaxLifetimeDays             int
-	TokenRotationIntervalMinutes     int
-	ExpiredTokensCleanupIntervalDays int
+	LoginCookieName                   string
+	LoginMaxInactiveLifetimeDays      int
+	LoginMaxLifetimeDays              int
+	TokenRotationIntervalMinutes      int
+	ExpiredTokensCleanupIntervalHours int
 }

 type CommandLineArgs struct {
@ -673,7 +673,7 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
 	if cfg.TokenRotationIntervalMinutes < 2 {
 		cfg.TokenRotationIntervalMinutes = 2
 	}
-	cfg.ExpiredTokensCleanupIntervalDays = auth.Key("expired_tokens_cleanup_interval_days").MustInt(7)
+	cfg.ExpiredTokensCleanupIntervalHours = auth.Key("expired_tokens_cleanup_interval_hours").MustInt(1)

 	DisableLoginForm = auth.Key("disable_login_form").MustBool(false)
 	DisableSignoutMenu = auth.Key("disable_signout_menu").MustBool(false)