🔒 (Auth) Add Per-user session sum limit.

Rhilip · Jan 30, 2019 · 9b15f76 · 9b15f76
1 parent 94a47d3
commit 9b15f76
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 4 deletions.
diff --git a/apps/controllers/AuthController.php b/apps/controllers/AuthController.php
@@ -87,7 +87,11 @@ public function actionLogin()
                 return $this->render("auth/login.html.twig", ["username" => $username, "error_msg" => $e->getMessage()]);
             }
 
-            app()->user->createUserSessionId($self["id"]);
+            $success = app()->user->createUserSessionId($self["id"]);
+
+            if (!$success) {
+                return $this->render('errors/action_fail.html.twig',['title'=> 'Login Failed','msg' => 'Reach the limit of Max User Session.']);
+            }
 
             app()->pdo->createCommand("UPDATE `users` SET `last_login_at` = NOW() , `last_login_ip` = INET6_ATON(:ip) WHERE `id` = :id")->bindParams([
                 "ip" => app()->request->getClientIp(), "id" => $self["id"]

diff --git a/framework/User/User.php b/framework/User/User.php
@@ -65,8 +65,15 @@ public function loadUserFromCookies()
     public function createUserSessionId($userId)
     {
         $this->_userSessionId = StringHelper::getRandomString($this->_userIdLength);
-        app()->redis->zAdd($this->sessionSaveKey, $userId, $this->_userSessionId);
-        app()->cookie->set($this->cookieName, $this->_userSessionId);
+
+        $exist_session_count = app()->redis->zCount($this->sessionSaveKey, $userId, $userId);
+        if ($exist_session_count < app()->config->get('base.max_per_user_session')) {
+            app()->redis->zAdd($this->sessionSaveKey, $userId, $this->_userSessionId);
+            app()->cookie->set($this->cookieName, $this->_userSessionId);
+            return true;
+        } else {
+            return false;
+        }
     }
 
     public function deleteUserThisSession()

diff --git a/migration/ridpt.sql b/migration/ridpt.sql
@@ -3,7 +3,7 @@
 -- https://www.phpmyadmin.net/
 --
 -- Host: 127.0.0.1
--- Generation Time: Jan 30, 2019 at 12:13 PM
+-- Generation Time: Jan 30, 2019 at 01:44 PM
 -- Server version: 5.7.24-log
 -- PHP Version: 7.2.14
 
@@ -328,6 +328,7 @@ INSERT INTO `site_config` (`name`, `value`, `update_at`) VALUES
 ('authority.upload_anonymous', '5', '2018-12-13 08:48:00'),
 ('base.enable_register_system', '1', '2018-11-28 16:05:12'),
 ('base.enable_tracker_system', '1', '2018-11-22 14:30:50'),
+('base.max_per_user_session', '10', '2019-01-30 13:41:45'),
 ('base.max_user', '5000', '2018-11-28 16:00:15'),
 ('base.site_author', 'Rhilip', '2019-01-18 14:38:20'),
 ('base.site_description', 'A Private Tracker Site', '2018-12-13 01:57:18'),