From db011fa74da434974069fdc256797f7b1e3520b1 Mon Sep 17 00:00:00 2001 From: "joel@joellee.org" Date: Mon, 15 May 2023 14:27:13 +0800 Subject: [PATCH 1/3] feat: add mfa cleanup --- internal/models/cleanup.go | 2 ++ migrations/20230508135423_add_cleanup_indexes.up.sql | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/internal/models/cleanup.go b/internal/models/cleanup.go index ea669b79f6..efea6c5b28 100644 --- a/internal/models/cleanup.go +++ b/internal/models/cleanup.go @@ -31,6 +31,7 @@ func init() { tableSessions := Session{}.TableName() tableRelayStates := SAMLRelayState{}.TableName() tableFlowStates := FlowState{}.TableName() + tableMFAChallenges := Challenge{}.TableName() // These statements intentionally use SELECT ... FOR UPDATE SKIP LOCKED // as this makes sure that only rows that are not being used in another @@ -45,6 +46,7 @@ func init() { fmt.Sprintf("delete from %q where id in (select id from %q where not_after < now() - interval '72 hours' limit 10 for update skip locked);", tableSessions, tableSessions), fmt.Sprintf("delete from %q where id in (select id from %q where created_at < now() - interval '24 hours' limit 100 for update skip locked);", tableRelayStates, tableRelayStates), fmt.Sprintf("delete from %q where id in (select id from %q where created_at < now() - interval '24 hours' limit 100 for update skip locked);", tableFlowStates, tableFlowStates), + fmt.Sprintf("delete from %q where id in (select id from %q where created_at < now() - interval '12 hours' limit 100 for update skip locked);", tableMFAChallenges, tableMFAChallenges), ) var err error diff --git a/migrations/20230508135423_add_cleanup_indexes.up.sql b/migrations/20230508135423_add_cleanup_indexes.up.sql index 162acee159..e5c8529c27 100644 --- a/migrations/20230508135423_add_cleanup_indexes.up.sql +++ b/migrations/20230508135423_add_cleanup_indexes.up.sql @@ -15,3 +15,7 @@ create index if not exists create index if not exists sessions_not_after_idx on {{ index .Options "Namespace" }}.sessions (not_after desc); + +create index if not exists + mfa_challenge_created_at_idx + on {{ index .Options "Namespace" }}.mfa_challenges (created_at desc); From a1783edbabe3cd07b82827eb6c5073e786f4a5db Mon Sep 17 00:00:00 2001 From: Joel Lee Date: Fri, 19 May 2023 19:36:10 +0800 Subject: [PATCH 2/3] Update internal/models/cleanup.go --- internal/models/cleanup.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/models/cleanup.go b/internal/models/cleanup.go index efea6c5b28..eddaf090f2 100644 --- a/internal/models/cleanup.go +++ b/internal/models/cleanup.go @@ -46,7 +46,7 @@ func init() { fmt.Sprintf("delete from %q where id in (select id from %q where not_after < now() - interval '72 hours' limit 10 for update skip locked);", tableSessions, tableSessions), fmt.Sprintf("delete from %q where id in (select id from %q where created_at < now() - interval '24 hours' limit 100 for update skip locked);", tableRelayStates, tableRelayStates), fmt.Sprintf("delete from %q where id in (select id from %q where created_at < now() - interval '24 hours' limit 100 for update skip locked);", tableFlowStates, tableFlowStates), - fmt.Sprintf("delete from %q where id in (select id from %q where created_at < now() - interval '12 hours' limit 100 for update skip locked);", tableMFAChallenges, tableMFAChallenges), + fmt.Sprintf("delete from %q where id in (select id from %q where created_at < now() - interval '24 hours' limit 100 for update skip locked);", tableMFAChallenges, tableMFAChallenges), ) var err error From 9da8b7dd1dd7dc448c7d384d6d029a0bb94e1c1f Mon Sep 17 00:00:00 2001 From: "joel@joellee.org" Date: Tue, 23 May 2023 10:53:33 +0800 Subject: [PATCH 3/3] refactor: move migration to separate file --- migrations/20230508135423_add_cleanup_indexes.up.sql | 4 ---- .../20230523124323_add_mfa_challenge_cleanup_index.up.sql | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 migrations/20230523124323_add_mfa_challenge_cleanup_index.up.sql diff --git a/migrations/20230508135423_add_cleanup_indexes.up.sql b/migrations/20230508135423_add_cleanup_indexes.up.sql index e5c8529c27..162acee159 100644 --- a/migrations/20230508135423_add_cleanup_indexes.up.sql +++ b/migrations/20230508135423_add_cleanup_indexes.up.sql @@ -15,7 +15,3 @@ create index if not exists create index if not exists sessions_not_after_idx on {{ index .Options "Namespace" }}.sessions (not_after desc); - -create index if not exists - mfa_challenge_created_at_idx - on {{ index .Options "Namespace" }}.mfa_challenges (created_at desc); diff --git a/migrations/20230523124323_add_mfa_challenge_cleanup_index.up.sql b/migrations/20230523124323_add_mfa_challenge_cleanup_index.up.sql new file mode 100644 index 0000000000..667d5020be --- /dev/null +++ b/migrations/20230523124323_add_mfa_challenge_cleanup_index.up.sql @@ -0,0 +1,5 @@ +-- Index used to clean up mfa challenges + +create index if not exists + mfa_challenge_created_at_idx + on {{ index .Options "Namespace" }}.mfa_challenges (created_at desc);