[feature] add login session timeout

Co-Authored-By: Alireza Ahmadi <alireza7@gmail.com>
2025-04-19 21:42:24 +00:00 · 2023-04-25 15:00:21 +03:30 · 2023-04-25 15:00:21 +03:30 · 942b9862d8
commit 942b9862d8
parent ae55fdc38a
10 changed files with 35 additions and 17 deletions
--- a/web/assets/js/model/models.js
+++ b/web/assets/js/model/models.js
@ -172,6 +172,7 @@ class AllSetting {
        this.webCertFile = "";
        this.webKeyFile = "";
        this.webBasePath = "/";
+        this.sessionMaxAge = "";
        this.expireDiff = "";
        this.trafficDiff = "";
        this.tgBotEnable = false;
--- a/web/controller/index.go
+++ b/web/controller/index.go
@ -70,6 +70,16 @@ func (a *IndexController) login(c *gin.Context) {
 	} else {
 		logger.Infof("%s login success,Ip Address:%s\n", form.Username, getRemoteIp(c))
 		a.tgbot.UserLoginNotify(form.Username, getRemoteIp(c), timeStr, 1)
+		sessionMaxAge, err := a.settingService.GetSessionMaxAge()
+		if err != nil {
+			logger.Infof("Unable to get session's max age from DB")
+		}
+
+		err = session.SetMaxAge(c, sessionMaxAge*60)
+		if err != nil {
+			logger.Infof("Unable to set session's max age")
+		}
+
 	}

 	err = session.SetLoginUser(c, user)
--- a/web/entity/entity.go
+++ b/web/entity/entity.go
@ -32,6 +32,7 @@ type AllSetting struct {
 	WebCertFile        string `json:"webCertFile" form:"webCertFile"`
 	WebKeyFile         string `json:"webKeyFile" form:"webKeyFile"`
 	WebBasePath        string `json:"webBasePath" form:"webBasePath"`
+	SessionMaxAge      int    `json:"sessionMaxAge" form:"sessionMaxAge"`
 	ExpireDiff         int    `json:"expireDiff" form:"expireDiff"`
 	TrafficDiff        int    `json:"trafficDiff" form:"trafficDiff"`
 	TgBotEnable        bool   `json:"tgBotEnable" form:"tgBotEnable"`
--- a/web/html/xui/component/setting.html
+++ b/web/html/xui/component/setting.html
@ -9,7 +9,7 @@
                <a-input :value="value" @input="$emit('input', $event.target.value)"></a-input>
            </template>
            <template v-else-if="type === 'number'">
-                <a-input type="number" :value="value" @input="$emit('input', $event.target.value)"></a-input>
+                <a-input type="number" :value="value" @input="$emit('input', $event.target.value)" :min="min"></a-input>
            </template>
            <template v-else-if="type === 'textarea'">
                <a-textarea :value="value" @input="$emit('input', $event.target.value)" :auto-size="{ minRows: 10, maxRows: 10 }"></a-textarea>
@ -25,7 +25,7 @@
 {{define "component/setting"}}
 <script>
    Vue.component('setting-list-item', {
-        props: ["type", "title", "desc", "value"],
+        props: ["type", "title", "desc", "value", "min"],
        template: `{{template "component/settingListItem"}}`,
    });
 </script>
--- a/web/html/xui/setting.html
+++ b/web/html/xui/setting.html
@ -45,6 +45,7 @@
                                    <setting-list-item type="text" title='{{ i18n "pages.setting.publicKeyPath"}}' desc='{{ i18n "pages.setting.publicKeyPathDesc"}}' v-model="allSetting.webCertFile"></setting-list-item>
                                    <setting-list-item type="text" title='{{ i18n "pages.setting.privateKeyPath"}}' desc='{{ i18n "pages.setting.privateKeyPathDesc"}}' v-model="allSetting.webKeyFile"></setting-list-item>
                                    <setting-list-item type="text" title='{{ i18n "pages.setting.panelUrlPath"}}' desc='{{ i18n "pages.setting.panelUrlPathDesc"}}' v-model="allSetting.webBasePath"></setting-list-item>
+                                    <setting-list-item type="number" title='{{ i18n "pages.setting.sessionMaxAge" }}' desc='{{ i18n "pages.setting.sessionMaxAgeDesc" }}'  v-model="allSetting.sessionMaxAge" :min="0"></setting-list-item>
                                    <setting-list-item type="number" title='{{ i18n "pages.setting.expireTimeDiff" }}' desc='{{ i18n "pages.setting.expireTimeDiffDesc" }}'  v-model="allSetting.expireDiff" :min="0"></setting-list-item>
                                    <setting-list-item type="number" title='{{ i18n "pages.setting.trafficDiff" }}' desc='{{ i18n "pages.setting.trafficDiffDesc" }}'  v-model="allSetting.trafficDiff" :min="0"></setting-list-item>
                                    <a-list-item>
--- a/web/service/setting.go
+++ b/web/service/setting.go
@ -29,6 +29,7 @@ var defaultValueMap = map[string]string{
 	"webKeyFile":         "",
 	"secret":             random.Seq(32),
 	"webBasePath":        "/",
+	"sessionMaxAge":      "0",
 	"expireDiff":         "0",
 	"trafficDiff":        "0",
 	"timeLocation":       "Asia/Tehran",
@ -251,18 +252,10 @@ func (s *SettingService) GetTgBotBackup() (bool, error) {
 	return s.getBool("tgBotBackup")
 }

-func (s *SettingService) SetTgBotBackup(value bool) error {
-	return s.setBool("tgBotBackup", value)
-}
-
 func (s *SettingService) GetTgCpu() (int, error) {
 	return s.getInt("tgCpu")
 }

-func (s *SettingService) SetTgCpu(value int) error {
-	return s.setInt("tgCpu", value)
-}
-
 func (s *SettingService) GetPort() (int, error) {
 	return s.getInt("webPort")
 }
@ -283,16 +276,12 @@ func (s *SettingService) GetExpireDiff() (int, error) {
 	return s.getInt("expireDiff")
 }

-func (s *SettingService) SetExpireDiff(value int) error {
-	return s.setInt("expireDiff", value)
-}
-
 func (s *SettingService) GetTrafficDiff() (int, error) {
 	return s.getInt("trafficDiff")
 }

-func (s *SettingService) SetgetTrafficDiff(value int) error {
-	return s.setInt("trafficDiff", value)
+func (s *SettingService) GetSessionMaxAge() (int, error) {
+	return s.getInt("sessionMaxAge")
 }

 func (s *SettingService) GetSecretStatus() (bool, error) {
--- a/web/session/session.go
+++ b/web/session/session.go
@ -2,9 +2,10 @@ package session

 import (
 	"encoding/gob"
+	"x-ui/database/model"
+
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
-	"x-ui/database/model"
 )

 const (
@ -21,6 +22,15 @@ func SetLoginUser(c *gin.Context, user *model.User) error {
 	return s.Save()
 }

+func SetMaxAge(c *gin.Context, maxAge int) error {
+	s := sessions.Default(c)
+	s.Options(sessions.Options{
+		Path:   "/",
+		MaxAge: maxAge,
+	})
+	return s.Save()
+}
+
 func GetLoginUser(c *gin.Context) *model.User {
 	s := sessions.Default(c)
 	obj := s.Get(loginUser)
--- a/web/translation/translate.en_US.toml
+++ b/web/translation/translate.en_US.toml
@ -281,6 +281,8 @@
 "telegramNotifyTimeDesc" = "Using Crontab timing format. Restart the panel to take effect"
 "tgNotifyBackup" = "Database backup"
 "tgNotifyBackupDesc" = "Sending database backup file with report notification. Restart the panel to take effect"
+"sessionMaxAge" = "Session maximum age"
+"sessionMaxAgeDesc" = "The time that you can stay login (unit: minute)"
 "expireTimeDiff" = "Exhaustion time threshold"
 "expireTimeDiffDesc" = "Detect exhaustion before expiration (unit:day)"
 "trafficDiff" = "Exhaustion traffic threshold"
--- a/web/translation/translate.fa_IR.toml
+++ b/web/translation/translate.fa_IR.toml
@ -279,6 +279,8 @@
 "telegramNotifyTimeDesc" = "از فرمت زمان بندی لینوکس استفاده کنید . پنل را مجدداً راه اندازی کنید تا اعمال شود"
 "tgNotifyBackup" = "پشتیبان گیری از پایگاه داده"
 "tgNotifyBackupDesc" = "ارسال کپی فایل پایگاه داده به همراه گزارش دوره ای"
+"sessionMaxAge" = "بیشینه زمان جلسه وب"
+"sessionMaxAgeDesc" = "بیشینه زمانی که میتوانید لاگین بمانید (واحد: دقیقه)"
 "expireTimeDiff" = "آستانه زمان باقی مانده"
 "expireTimeDiffDesc" = "فاصله زمانی هشدار تا رسیدن به زمان انقضا (واحد: روز)"
 "trafficDiff" = "آستانه ترافیک باقی مانده"
--- a/web/translation/translate.zh_Hans.toml
+++ b/web/translation/translate.zh_Hans.toml
@ -279,6 +279,8 @@
 "telegramNotifyTimeDesc" = "采用Crontab定时格式,重启面板生效"
 "tgNotifyBackup" = "数据库备份"
 "tgNotifyBackupDesc" = "正在发送数据库备份文件和报告通知。重启面板生效"
+"sessionMaxAge" = "会话最大年龄"
+"sessionMaxAgeDesc" = "您可以保持登录状态的时间（单位：分钟）"
 "expireTimeDiff" = "耗尽时间阈值"
 "expireTimeDiffDesc" = "到期前检测耗尽（单位：天）"
 "trafficDiff" = "耗尽流量阈值"