419ea11b14
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 9s
CI / integration (pull_request) Successful in 12s
CI / ui (pull_request) Successful in 47s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m12s
User-facing Feedback screen (Settings -> Info, registered accounts only): a message (<=1024 runes) plus one optional attachment, an anti-spam gate (one unreviewed message at a time), and the operator's inline reply with a Settings/Info badge. Server-rendered admin console section (/_gm/feedback): unread/read/archived queue with per-user search, detail with read/reply/ archive/delete/delete-all, safe attachment serving (nosniff, images inline via <img>, others download-only). Introduces account_roles, the first per-account role table; feedback_banned blocks only feedback submission, granted/revoked from /users and the delete-with-block action. - migration 00004_feedback (feedback_messages + account_roles) + jetgen - backend internal/feedback (store+service), internal/account/roles.go - wire: FlatBuffers feedback.submit/get/unread; gateway guest gate (Op.NonGuest, is_guest via session resolve) -> guest_forbidden before any backend call - reply push reuses NotificationEvent with a new admin_reply sub-kind - UI: /feedback route + screen, attachment picker, badge, channel detection, i18n - tests: feedback unit (Go+UI), gateway guest-gate, inttest lifecycle, e2e - docs: PLAN stage 19, ARCHITECTURE s15, FUNCTIONAL(+ru), TESTING, READMEs
111 lines
2.9 KiB
Go
111 lines
2.9 KiB
Go
// Package session is the gateway's in-memory session cache. It maps an opaque
|
|
// bearer token to the backend account id, falling back to the backend's resolve
|
|
// endpoint on a miss and caching the result for a bounded TTL. The backend
|
|
// remains the source of truth (sessions are revoke-only there); the cache only
|
|
// shortcuts the hot path.
|
|
package session
|
|
|
|
import (
|
|
"context"
|
|
"sync"
|
|
"time"
|
|
)
|
|
|
|
// Resolver resolves a token to an account id and its guest flag at the backend
|
|
// (the cache miss path). backendclient.Client satisfies it.
|
|
type Resolver interface {
|
|
ResolveSession(ctx context.Context, token string) (string, bool, error)
|
|
}
|
|
|
|
// Cache resolves session tokens to account ids, caching hits for ttl.
|
|
type Cache struct {
|
|
backend Resolver
|
|
ttl time.Duration
|
|
max int
|
|
now func() time.Time
|
|
|
|
mu sync.Mutex
|
|
entries map[string]entry
|
|
}
|
|
|
|
type entry struct {
|
|
userID string
|
|
isGuest bool
|
|
expires time.Time
|
|
}
|
|
|
|
// NewCache constructs a Cache over backend with the given TTL and maximum size.
|
|
func NewCache(backend Resolver, ttl time.Duration, max int) *Cache {
|
|
if max <= 0 {
|
|
max = 1
|
|
}
|
|
return &Cache{
|
|
backend: backend,
|
|
ttl: ttl,
|
|
max: max,
|
|
now: func() time.Time { return time.Now() },
|
|
entries: make(map[string]entry),
|
|
}
|
|
}
|
|
|
|
// Resolve returns the account id and guest flag for token, consulting the cache
|
|
// first and the backend on a miss (caching the result). An empty token is rejected
|
|
// by the backend like any unknown token.
|
|
func (c *Cache) Resolve(ctx context.Context, token string) (string, bool, error) {
|
|
if uid, guest, ok := c.lookup(token); ok {
|
|
return uid, guest, nil
|
|
}
|
|
uid, guest, err := c.backend.ResolveSession(ctx, token)
|
|
if err != nil {
|
|
return "", false, err
|
|
}
|
|
c.store(token, uid, guest)
|
|
return uid, guest, nil
|
|
}
|
|
|
|
// Invalidate drops a token from the cache (e.g. after a revoke).
|
|
func (c *Cache) Invalidate(token string) {
|
|
c.mu.Lock()
|
|
defer c.mu.Unlock()
|
|
delete(c.entries, token)
|
|
}
|
|
|
|
// lookup returns a live cached account id and guest flag for token.
|
|
func (c *Cache) lookup(token string) (string, bool, bool) {
|
|
c.mu.Lock()
|
|
defer c.mu.Unlock()
|
|
e, ok := c.entries[token]
|
|
if !ok || !c.now().Before(e.expires) {
|
|
return "", false, false
|
|
}
|
|
return e.userID, e.isGuest, true
|
|
}
|
|
|
|
// store caches token -> (userID, isGuest), sweeping expired entries and bounding
|
|
// the size.
|
|
func (c *Cache) store(token, userID string, isGuest bool) {
|
|
c.mu.Lock()
|
|
defer c.mu.Unlock()
|
|
if len(c.entries) >= c.max {
|
|
c.evictLocked()
|
|
}
|
|
c.entries[token] = entry{userID: userID, isGuest: isGuest, expires: c.now().Add(c.ttl)}
|
|
}
|
|
|
|
// evictLocked removes expired entries and, if still at capacity, drops arbitrary
|
|
// entries until below the limit. The caller holds c.mu.
|
|
func (c *Cache) evictLocked() {
|
|
now := c.now()
|
|
for k, e := range c.entries {
|
|
if !now.Before(e.expires) {
|
|
delete(c.entries, k)
|
|
}
|
|
}
|
|
for k := range c.entries {
|
|
if len(c.entries) < c.max {
|
|
break
|
|
}
|
|
delete(c.entries, k)
|
|
}
|
|
}
|