jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add cron job to cleanup exired oidc objects

Browse Source
This commit is contained in:
Johannes Zellner
2025-03-05 11:29:13 +01:00
parent b8a539a67a
commit b7b738c92b
2 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/cron.js
+8
View File
@@ -36,6 +36,7 @@ const appHealthMonitor = require('./apphealthmonitor.js'),
janitor = require('./janitor.js'), janitor = require('./janitor.js'),
mail = require('./mail.js'), mail = require('./mail.js'),
network = require('./network.js'), network = require('./network.js'),
oidc = require('./oidc.js'),
paths = require('./paths.js'), paths = require('./paths.js'),
reverseProxy = require('./reverseproxy.js'), reverseProxy = require('./reverseproxy.js'),
safe = require('safetydance'), safe = require('safetydance'),
@@ -56,6 +57,7 @@ const gJobs = {
cleanupBackups: null, cleanupBackups: null,
cleanupEventlog: null, cleanupEventlog: null,
cleanupTokens: null, cleanupTokens: null,
cleanupOidc: null,
dockerVolumeCleaner: null, dockerVolumeCleaner: null,
dynamicDns: null, dynamicDns: null,
schedulerSync: null, schedulerSync: null,
@@ -138,6 +140,12 @@ async function startJobs() {
start: true start: true
}); });
gJobs.cleanupOidc = CronJob.from({
cronTime: '00 10 * * * *', // every hour ten minutes past
onTick: async () => await safe(oidc.cleanupExpired(), { debug }),
start: true
});
gJobs.cleanupBackups = CronJob.from({ gJobs.cleanupBackups = CronJob.from({
cronTime: DEFAULT_CLEANUP_BACKUPS_PATTERN, cronTime: DEFAULT_CLEANUP_BACKUPS_PATTERN,
onTick: async () => await safe(backups.startCleanupTask(AuditSource.CRON), { debug }), onTick: async () => await safe(backups.startCleanupTask(AuditSource.CRON), { debug }),
src/oidc.js
+22 -2
View File
@@ -11,7 +11,9 @@ exports = module.exports = {
getClient, getClient,
delClient, delClient,
updateClient, updateClient,
listClients listClients,
cleanupExpired,
}; };
const assert = require('assert'), const assert = require('assert'),
@@ -217,6 +219,22 @@ async function getUserByAuthCode(authCode) {
return await users.get(authData.payload.accountId); return await users.get(authData.payload.accountId);
} }
// This exposed to run on a cron job
async function cleanupExpired() {
debug('cleanupExpired');
const types = [ 'AuthorizationCode', 'AccessToken', 'Grant', 'Interaction', 'RefreshToken', 'Session' ];
for (const type of types) {
load(type);
for (const key in DATA_STORE[type]) {
if (!DATA_STORE[type][key].expiresAt || DATA_STORE[type][key].expiresAt < Date.now()) delete DATA_STORE[type][key];
}
save(type);
}
}
// ----------------------------- // -----------------------------
// Generic oidc node module data store model // Generic oidc node module data store model
// ----------------------------- // -----------------------------
@@ -259,6 +277,8 @@ class CloudronAdapter {
async upsert(id, payload, expiresIn) { async upsert(id, payload, expiresIn) {
debug(`[${this.name}] upsert: ${id}`); debug(`[${this.name}] upsert: ${id}`);
const expiresAt = expiresIn ? new Date(Date.now() + (expiresIn * 1000)) : 0;
if (this.name === 'Client') { if (this.name === 'Client') {
debug('upsert: this should not happen as it is stored in our db'); debug('upsert: this should not happen as it is stored in our db');
} else if (this.name === 'AccessToken' && (payload.clientId === tokens.ID_WEBADMIN || payload.clientId === tokens.ID_DEVELOPMENT)) { } else if (this.name === 'AccessToken' && (payload.clientId === tokens.ID_WEBADMIN || payload.clientId === tokens.ID_DEVELOPMENT)) {
@@ -273,7 +293,7 @@ class CloudronAdapter {
throw error; throw error;
} }
} else { } else {
DATA_STORE[this.name][id] = { id, expiresIn, payload, consumed: false }; DATA_STORE[this.name][id] = { id, expiresAt, payload, consumed: false };
save(this.name); save(this.name);
} }
} }