feat(session): Added user session limit and device eviction logic

okatu-loli · okatu-loli · commit 8623da5361e4 · 2025-08-29T11:53:55.000+08:00
- Renamed `CountSessionsByUser` to `CountActiveSessionsByUser` and added session status filtering
- Added user and device session limit, with policy handling when exceeding the limit
- Introduced device eviction policy: If the maximum number of devices is exceeded, the oldest session will be evicted using the "evict_oldest" policy
- Modified `LastActive` update logic to ensure accurate session activity time
diff --git a/internal/db/session.go b/internal/db/session.go
@@ -26,9 +26,11 @@ func DeleteSession(userID uint, deviceKey string) error {
 	return errors.WithStack(db.Where("user_id = ? AND device_key = ?", userID, deviceKey).Delete(&model.Session{}).Error)
 }
 
-func CountSessionsByUser(userID uint) (int64, error) {
+func CountActiveSessionsByUser(userID uint) (int64, error) {
 	var count int64
-	err := db.Model(&model.Session{}).Where("user_id = ?", userID).Count(&count).Error
+	err := db.Model(&model.Session{}).
+		Where("user_id = ? AND status = ?", userID, model.SessionActive).
+		Count(&count).Error
 	return count, errors.WithStack(err)
 }
 
diff --git a/internal/device/session.go b/internal/device/session.go
@@ -25,7 +25,25 @@ func Handle(userID uint, deviceKey, ua, ip string) error {
 	now := time.Now().Unix()
 	sess, err := db.GetSession(userID, deviceKey)
 	if err == nil {
-		// reactivate existing session if it was inactive
+		if sess.Status == model.SessionInactive {
+			max := setting.GetInt(conf.MaxDevices, 0)
+			if max > 0 {
+				count, cerr := db.CountActiveSessionsByUser(userID)
+				if cerr != nil {
+					return cerr
+				}
+				if count >= int64(max) {
+					policy := setting.GetStr(conf.DeviceEvictPolicy, "deny")
+					if policy == "evict_oldest" {
+						if oldest, gerr := db.GetOldestSession(userID); gerr == nil {
+							_ = db.DeleteSession(userID, oldest.DeviceKey)
+						}
+					} else {
+						return errors.WithStack(errs.TooManyDevices)
+					}
+				}
+			}
+		}
 		sess.Status = model.SessionActive
 		sess.LastActive = now
 		sess.UserAgent = ua
@@ -38,7 +56,7 @@ func Handle(userID uint, deviceKey, ua, ip string) error {
 
 	max := setting.GetInt(conf.MaxDevices, 0)
 	if max > 0 {
-		count, err := db.CountSessionsByUser(userID)
+		count, err := db.CountActiveSessionsByUser(userID)
 		if err != nil {
 			return err
 		}

Original file line number	Diff line number	Diff line change
`@@ -26,9 +26,11 @@ func DeleteSession(userID uint, deviceKey string) error {`
`26`	`26`	`return errors.WithStack(db.Where("user_id = ? AND device_key = ?", userID, deviceKey).Delete(&model.Session{}).Error)`
`27`	`27`	`}`
`28`	`28`
`29`		`-func CountSessionsByUser(userID uint) (int64, error) {`
	`29`	`+func CountActiveSessionsByUser(userID uint) (int64, error) {`
`30`	`30`	`var count int64`
`31`		`- err := db.Model(&model.Session{}).Where("user_id = ?", userID).Count(&count).Error`
	`31`	`+ err := db.Model(&model.Session{}).`
	`32`	`+ Where("user_id = ? AND status = ?", userID, model.SessionActive).`
	`33`	`+ Count(&count).Error`
`32`	`34`	`return count, errors.WithStack(err)`
`33`	`35`	`}`
`34`	`36`