Add WebAPI session timeout settings

Raise default timeout to 1 hour.
2025-12-31 20:58:07 -06:00 · 2019-06-13 22:43:34 +08:00
parent a65f36592a
commit 89124bdcc8
8 changed files with 132 additions and 64 deletions
--- a/src/webui/api/appcontroller.cpp
+++ b/src/webui/api/appcontroller.cpp
@@ -229,6 +229,7 @@ void AppController::preferencesAction()
    for (const Utils::Net::Subnet &subnet : asConst(pref->getWebUiAuthSubnetWhitelist()))
        authSubnetWhitelistStringList << Utils::Net::subnetToString(subnet);
    data["bypass_auth_subnet_whitelist"] = authSubnetWhitelistStringList.join("\n");
+    data["web_ui_session_timeout"] = pref->getWebUISessionTimeout();
    // Use alternative Web UI
    data["alternative_webui_enabled"] = pref->isAltWebUiEnabled();
    data["alternative_webui_path"] = pref->getWebUiRootFolder();
@@ -538,6 +539,8 @@ void AppController::setPreferencesAction()
        // recognize new lines and commas as delimiters
        pref->setWebUiAuthSubnetWhitelist(it.value().toString().split(QRegularExpression("\n|,"), QString::SkipEmptyParts));
    }
+    if (hasKey("web_ui_session_timeout"))
+        pref->setWebUISessionTimeout(it.value().toInt());
    // Use alternative Web UI
    if (hasKey("alternative_webui_enabled"))
        pref->setAltWebUiEnabled(it.value().toBool());
--- a/src/webui/webapplication.cpp
+++ b/src/webui/webapplication.cpp
@@ -332,6 +332,7 @@ void WebApplication::configure()
    m_isLocalAuthEnabled = pref->isWebUiLocalAuthEnabled();
    m_isAuthSubnetWhitelistEnabled = pref->isWebUiAuthSubnetWhitelistEnabled();
    m_authSubnetWhitelist = pref->getWebUiAuthSubnetWhitelist();
+    m_sessionTimeout = pref->getWebUISessionTimeout();

    m_domainList = pref->getServerDomains().split(';', QString::SkipEmptyParts);
    std::for_each(m_domainList.begin(), m_domainList.end(), [](QString &entry) { entry = entry.trimmed(); });
@@ -471,8 +472,7 @@ void WebApplication::sessionInitialize()
    if (!sessionId.isEmpty()) {
        m_currentSession = m_sessions.value(sessionId);
        if (m_currentSession) {
-            const qint64 now = QDateTime::currentMSecsSinceEpoch() / 1000;
-            if ((now - m_currentSession->m_timestamp) > INACTIVE_TIME) {
+            if (m_currentSession->hasExpired(m_sessionTimeout)) {
                // session is outdated - removing it
                delete m_sessions.take(sessionId);
                m_currentSession = nullptr;
@@ -523,14 +523,14 @@ void WebApplication::sessionStart()
    Q_ASSERT(!m_currentSession);

    // remove outdated sessions
-    const qint64 now = QDateTime::currentMSecsSinceEpoch() / 1000;
-    Algorithm::removeIf(m_sessions, [now](const QString &, const WebSession *session)
+    Algorithm::removeIf(m_sessions, [this](const QString &, const WebSession *session)
    {
-        if ((now - session->timestamp()) <= INACTIVE_TIME)
-            return false;
+        if (session->hasExpired(m_sessionTimeout)) {
+            delete session;
+            return true;
+        }

-        delete session;
-        return true;
+        return false;
    });

    m_currentSession = new WebSession(generateSid());
@@ -650,9 +650,16 @@ QString WebSession::id() const
    return m_sid;
 }

-qint64 WebSession::timestamp() const
+bool WebSession::hasExpired(const qint64 seconds) const
 {
-    return m_timestamp;
+    if (seconds <= 0)
+        return false;
+    return m_timer.hasExpired(seconds * 1000);
+}
+
+void WebSession::updateTimestamp()
+{
+    m_timer.start();
 }

 QVariant WebSession::getData(const QString &id) const
@@ -664,8 +671,3 @@ void WebSession::setData(const QString &id, const QVariant &data)
 {
    m_data[id] = data;
 }
-
-void WebSession::updateTimestamp()
-{
-    m_timestamp = QDateTime::currentMSecsSinceEpoch() / 1000;
-}
--- a/src/webui/webapplication.h
+++ b/src/webui/webapplication.h
@@ -29,6 +29,7 @@
 #pragma once

 #include <QDateTime>
+#include <QElapsedTimer>
 #include <QHash>
 #include <QObject>
 #include <QRegularExpression>
@@ -48,26 +49,23 @@ class APIController;
 class WebApplication;

 constexpr char C_SID[] = "SID"; // name of session id cookie
-constexpr int INACTIVE_TIME = 900; // Session inactive time (in secs = 15 min.)

 class WebSession : public ISession
 {
-    friend class WebApplication;
-
 public:
    explicit WebSession(const QString &sid);

    QString id() const override;
-    qint64 timestamp() const;
+
+    bool hasExpired(qint64 seconds) const;
+    void updateTimestamp();

    QVariant getData(const QString &id) const override;
    void setData(const QString &id, const QVariant &data) override;

 private:
-    void updateTimestamp();
-
    const QString m_sid;
-    qint64 m_timestamp;
+    QElapsedTimer m_timer;  // timestamp
    QVariantHash m_data;
 };

@@ -148,6 +146,7 @@ private:
    bool m_isLocalAuthEnabled;
    bool m_isAuthSubnetWhitelistEnabled;
    QList<Utils::Net::Subnet> m_authSubnetWhitelist;
+    int m_sessionTimeout;

    // security related
    QStringList m_domainList;
--- a/src/webui/www/private/preferences_content.html
+++ b/src/webui/www/private/preferences_content.html
@@ -731,6 +731,12 @@
            <div class="formRow" style="padding-left: 30px; padding-top: 5px;">
                <textarea id="bypass_auth_subnet_whitelist_textarea" rows="5" cols="48" placeholder="Example: 172.17.32.0/24, fdff:ffff:c8::/40"></textarea>
            </div>
+            <table>
+                <tr>
+                    <td><label for="webUISessionTimeoutInput">QBT_TR(Session timeout:)QBT_TR[CONTEXT=OptionsDialog]</label></td>
+                    <td><input type="number" id="webUISessionTimeoutInput" style="width: 4em;" min="0" />&nbsp;&nbsp;QBT_TR(sec)QBT_TR[CONTEXT=OptionsDialog]</td>
+                </tr>
+            </table>
        </fieldset>

        <fieldset class="settings">
@@ -1340,6 +1346,7 @@
                    $('bypass_auth_subnet_whitelist_checkbox').setProperty('checked', pref.bypass_auth_subnet_whitelist_enabled);
                    $('bypass_auth_subnet_whitelist_textarea').setProperty('value', pref.bypass_auth_subnet_whitelist);
                    updateBypasssAuthSettings();
+                    $('webUISessionTimeoutInput').setProperty('value', pref.web_ui_session_timeout.toInt());

                    // Use alternative Web UI
                    $('use_alt_webui_checkbox').setProperty('checked', pref.alternative_webui_enabled);
@@ -1667,6 +1674,7 @@
        settings.set('bypass_local_auth', $('bypass_local_auth_checkbox').getProperty('checked'));
        settings.set('bypass_auth_subnet_whitelist_enabled', $('bypass_auth_subnet_whitelist_checkbox').getProperty('checked'));
        settings.set('bypass_auth_subnet_whitelist', $('bypass_auth_subnet_whitelist_textarea').getProperty('value'));
+        settings.set('web_ui_session_timeout', $('webUISessionTimeoutInput').getProperty('value'));

        // Use alternative Web UI
        var alternative_webui_enabled = $('use_alt_webui_checkbox').getProperty('checked');