MyFavMirrors
/
moonfire-nvr
mirror of https://github.com/scottlamb/moonfire-nvr.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

a couple refinements to the new user_session table

This commit is contained in:
Scott Lamb 2018-03-25 07:23:40 -07:00
parent 299c0b1802
commit 0701121586
2 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
db/schema.sql
View File

@ -340,7 +340,7 @@ create table user_session (
-- remember, the session id is assumed to itself have sufficient entropy.
session_id_hash blob primary key not null,
user_id integer references user (id),
user_id integer references user (id) not null,
-- A bitwise mask of flags, currently all properties of the HTTP cookie used to hold the session:
-- 1: HttpOnly
@ -350,7 +350,7 @@ create table user_session (
-- The domain of the HTTP cookie used to store this session. The outbound
-- `Set-Cookie` header never specifies a scope, so this matches the `Host:` of
-- the inbound HTTP request.
-- the inbound HTTP request (minus the :port, if any was specified).
domain text,
-- An editable description which might describe the device/program which uses
@ -358,12 +358,26 @@ create table user_session (
description text,
creation_password_id integer, -- the id it was created from, if created via password
creation_peer_addr blob, -- IPv4 or IPv6 address, or null for Unix socket.
creation_time_sec integer not null, -- sec since epoch
creation_peer_addr blob, -- IPv4 or IPv6 address, or null for Unix socket.
creation_user_agent text, -- User-Agent header from inbound HTTP request.
revocation_time_sec integer, -- sec since epoch
revocation_reason text,
revocation_user_agent text, -- User-Agent header from inbound HTTP request.
revocation_peer_addr blob, -- IPv4 or IPv6 address, or null for Unix socket/no peer.
-- A value indicating the reason for revocation, with optional additional
-- text detail. Enumeration values:
-- 0: logout link clicked (i.e. from within the session itself)
--
-- This might be extended for a variety of other reasons:
-- x: user revoked (while authenticated in another way)
-- x: password change invalidated all sessions created with that password
-- x: expired (due to fixed total time or time inactive)
-- x: evicted (due to too many sessions)
-- x: suspicious activity
revocation_reason integer,
revocation_reason_detail text,
-- Information about requests which used this session, updated lazily on database flush.
last_use_time_sec integer, -- sec since epoch

7
db/upgrade/v1_to_v2.rs
View File

@ -78,7 +78,7 @@ pub fn run(args: &super::Args, tx: &rusqlite::Transaction) -> Result<(), Error>
);
create table user_session (
session_id_hash blob primary key not null,
user_id integer references user (id),
user_id integer references user (id) not null,
flags integer not null,
domain text,
description text,
@ -87,7 +87,10 @@ pub fn run(args: &super::Args, tx: &rusqlite::Transaction) -> Result<(), Error>
creation_time_sec integer not null,
creation_user_agent text,
revocation_time_sec integer,
revocation_reason text,
revocation_user_agent text,
revocation_peer_addr blob,
revocation_reason integer,
revocation_reason_detail text,
last_use_time_sec integer,
last_use_user_agent text,
last_use_peer_addr blob,